bookkeeper icon indicating copy to clipboard operation
bookkeeper copied to clipboard
verified publisher icon apache

[Improve] Replace outdated temp directory creation with java.nio.Files

Open hsuk04 opened this issue 6 months ago • 0 comments

Descriptions of the changes in this PR:

This PR modernizes the createTempDir method in IOUtils.java and eliminates a potential race condition/directory hijacking vulnerability by using a safer, atomic method Files.createTempDirectory() introduced in Java 7 (NIO). This was also done here: https://github.com/openkm/document-management-system/commit/c069e4d73ab8864345c25119d8459495f45453e1 https://github.com/samtools/htsjdk/commit/269ba3fa507b9bab2dce54bf786d46b575db5527

Motivation

The existing implementation of createTempDir in IOUtils.java uses an outdated pattern involving File.createTempFile() followed by delete() and mkdir(). This sequence is potentially vulnerable to a race condition (CWE-379) which can lead to temporary directory hijacking or information disclosure.

hsuk04 avatar Jun 09 '25 13:06 hsuk04