You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by dk...@apache.org on 2022/11/19 01:32:51 UTC

[sling-org-apache-sling-auth-form] branch master updated: vuln-fix: Temporary File Information Disclosure

This is an automated email from the ASF dual-hosted git repository.

dklco pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-auth-form.git


The following commit(s) were added to refs/heads/master by this push:
     new e88381f  vuln-fix: Temporary File Information Disclosure
     new 03de5cd  Merge pull request #6 from BulkSecurityGeneratorProjectV2/fix/JLL/temporary_file_local_information_disclosure
e88381f is described below

commit e88381f96d2daf5d038290275ca7e67b5380574a
Author: Jonathan Leitschuh <Jo...@gmail.com>
AuthorDate: Fri Nov 18 22:46:00 2022 +0000

    vuln-fix: Temporary File Information Disclosure
    
    
    
    This fixes temporary file information disclosure vulnerability due to the use
    of the vulnerable `File.createTempFile()` method. The vulnerability is fixed by
    using the `Files.createTempFile()` method which sets the correct posix permissions.
    
    Weakness: CWE-377: Insecure Temporary File
    Severity: Medium
    CVSSS: 5.5
    Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.SecureTempFileCreation)
    
    Reported-by: Jonathan Leitschuh <Jo...@gmail.com>
    Signed-off-by: Jonathan Leitschuh <Jo...@gmail.com>
    
    Bug-tracker: https://github.com/JLLeitschuh/security-research/issues/18
    
    
    Co-authored-by: Moderne <te...@moderne.io>
---
 src/test/java/org/apache/sling/auth/form/impl/TokenStoreTest.java | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/test/java/org/apache/sling/auth/form/impl/TokenStoreTest.java b/src/test/java/org/apache/sling/auth/form/impl/TokenStoreTest.java
index fad6038..b849ef9 100644
--- a/src/test/java/org/apache/sling/auth/form/impl/TokenStoreTest.java
+++ b/src/test/java/org/apache/sling/auth/form/impl/TokenStoreTest.java
@@ -8,6 +8,7 @@ import static org.junit.Assert.assertTrue;
 import java.io.File;
 import java.io.IOException;
 import java.math.BigInteger;
+import java.nio.file.Files;
 import java.security.InvalidKeyException;
 import java.security.NoSuchAlgorithmException;
 import java.time.Duration;
@@ -53,7 +54,7 @@ import org.junit.Test;
 
     @Before
     public void setup() throws IOException, InvalidKeyException, NoSuchAlgorithmException, IllegalStateException {
-        tokenFile = File.createTempFile(getClass().getName(), "tokenstore");
+        tokenFile = Files.createTempFile(getClass().getName(), "tokenstore").toFile();
         store = new TokenStore(tokenFile, SESSION_TIMEOUT_MSEC, DEFAULT_FAST_SEED);
         encodedToken = store.encode(DEFAULT_EXPIRATION_TIME_MSEC, USER_ID);
     }