rest.li icon indicating copy to clipboard operation
rest.li copied to clipboard
verified publisher icon linkedin

Fix race condition vulnerability in temporary directory creation

Open hsuk04 opened this issue 9 months ago • 0 comments

Description

This PR modernizes thecreateTmpDir() method in ExporterTestUtils.java by replacing the older implementation with the Java NIO.2 Files API. The previous implementation has a potential race condition vulnerability between deleting the temp file and creating a directory with the same name plus suffix. During this window, another process could potentially create a file or directory at the target path. The new implementation using Files.createTempDirectory() eliminates this vulnerability by performing the operation atomically.

A similar fix can be found here https://github.com/openkm/document-management-system/pull/332

Changes

  • Replace the multi-step temp directory creation process with a single call to Files.createTempDirectory()
  • Add import for java.nio.file.Files

References

https://github.com/openkm/document-management-system/pull/332 https://github.com/openkm/document-management-system/commit/c069e4d73ab8864345c25119d8459495f45453e1

hsuk04 avatar Mar 27 '25 09:03 hsuk04