bug: CWE ID 377

[nolram88]

Bug Report

Capacitor Version

💊   Capacitor Doctor  💊 

Latest Dependencies:

  @capacitor/cli: 3.5.1
  @capacitor/core: 3.5.1
  @capacitor/android: 3.5.1
  @capacitor/ios: 3.5.1

Installed Dependencies:

  @capacitor/cli: 3.3.4
  @capacitor/android: 3.5.1
  @capacitor/ios: 3.5.1
  @capacitor/core: 3.5.1

[success] iOS looking great! 👌
[success] Android looking great! 👌```

### Platform(s)

Android


### Current Behavior

Veracode Report

Insecure Temporary File CWE ID 377

Description

Creating and using insecure temporary files can leave application and system data vulnerable to attack. In particular, file names created by the tmpnam family of functions can be easily guessed by an attacker. If an attacker can predict the filename and create a malicious collision, he may be able to manipulate the behavior of the application.

Recommendations

Ensure that unpredictable names are used for temporary files and that files are created in a secure directory with appropriate permissions. Using mkstemp() is a reasonably safe way to create temporary files. It will attempt to create and open a unique file based on a filename template provided by the user, combined with a series of randomly generated characters. Note that mkstemp() is safe if only the descriptor is used and the returned filename is not used in a subsequent function call with extra privileges. Using mkstemp() does not completely eliminate race conditions but does provide better protection than other methods.

../BridgeWebChromeClient.java 509

com/.../camera/CameraUtils.java 22


### Expected Behavior

 Either the issue is resolved or an explanation as to why this may be a false positive please.