Fixing CWE-377

phax · Sep 10, 2024 · 96f80db · 96f80db
1 parent 786eab6
commit 96f80db
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 4 deletions.
diff --git a/as2-lib/src/main/java/com/helger/as2lib/util/AS2ResourceHelper.java b/as2-lib/src/main/java/com/helger/as2lib/util/AS2ResourceHelper.java
@@ -36,6 +36,7 @@
 import java.io.File;
 import java.io.IOException;
 import java.io.OutputStream;
+import java.nio.file.Files;
 import java.util.concurrent.atomic.AtomicBoolean;
 
 import javax.annotation.Nonnull;
@@ -127,7 +128,7 @@ public File createTempFile () throws IOException
       throw new IllegalStateException ("ResourceManager is already closing/closed!");
 
     // Create
-    final File ret = File.createTempFile ("as2-lib-res-", ".tmp", s_aTempDir);
+    final File ret = Files.createTempFile (s_aTempDir.toPath (), "as2-lib-res-", ".tmp").toFile ();
     // And remember
     m_aRWLock.writeLocked ( () -> m_aTempFiles.add (ret));
     return ret;

diff --git a/as2-lib/src/main/java/com/helger/as2lib/util/http/TempSharedFileInputStream.java b/as2-lib/src/main/java/com/helger/as2lib/util/http/TempSharedFileInputStream.java
@@ -36,6 +36,7 @@
 import java.io.FileOutputStream;
 import java.io.IOException;
 import java.io.InputStream;
+import java.nio.file.Files;
 
 import javax.annotation.Nonnull;
 import javax.annotation.WillClose;
@@ -145,13 +146,13 @@ public void closeAndDelete () throws IOException
    *         in case of IO error
    */
   @Nonnull
-  protected static File storeContentToTempFile (@Nonnull @WillClose final InputStream aIS,
-                                                @Nonnull final String sName) throws IOException
+  protected static File storeContentToTempFile (@Nonnull @WillClose final InputStream aIS, @Nonnull final String sName)
+                                                                                                                        throws IOException
   {
     // create temp file and write steam content to it
     // name may contain ":" on Windows and that would fail the tests!
     final String sSuffix = FilenameHelper.getAsSecureValidASCIIFilename (StringHelper.hasText (sName) ? sName : "tmp");
-    final File aDestFile = File.createTempFile ("AS2TempSharedFileIS", sSuffix);
+    final File aDestFile = Files.createTempFile ("AS2TempSharedFileIS", sSuffix).toFile ();
 
     try (final FileOutputStream aOS = new FileOutputStream (aDestFile))
     {