Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[SECURITY] Fix Temporary File Information Disclosure Vulnerability #190

Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@

import java.io.File;
import java.io.IOException;
import java.nio.file.Files;

import org.apache.maven.enforcer.rule.api.EnforcerRuleException;

Expand Down Expand Up @@ -48,7 +49,7 @@ public class TestRequireFileChecksum
public void testFileChecksumMd5()
throws IOException, EnforcerRuleException
{
File f = File.createTempFile( "junit", null, temporaryFolder );
File f = Files.createTempFile( temporaryFolder.toPath(), "junit", null ).toFile();
FileUtils.fileWrite( f, "message" );

rule.setFile( f );
Expand All @@ -62,7 +63,7 @@ public void testFileChecksumMd5()
public void testFileChecksumMd5UpperCase()
throws IOException, EnforcerRuleException
{
File f = File.createTempFile( "junit", null, temporaryFolder );
File f = Files.createTempFile( temporaryFolder.toPath(), "junit", null ).toFile();
FileUtils.fileWrite( f, "message" );

rule.setFile( f );
Expand Down Expand Up @@ -108,7 +109,7 @@ public void testFileChecksumMd5GivenFileDoesNotExistFailureWithMessage()
public void testFileChecksumMd5GivenFileIsNotReadableFailure()
throws IOException
{
File t = File.createTempFile( "junit", null, temporaryFolder );
File t = Files.createTempFile( temporaryFolder.toPath(), "junit", null ).toFile();
File f = new File( t.getAbsolutePath() )
{
private static final long serialVersionUID = 6987790643999338089L;
Expand Down Expand Up @@ -193,7 +194,7 @@ public void testFileChecksumMd5NoTypeSpecifiedFailure()
public void testFileChecksumMd5ChecksumMismatchFailure()
throws IOException
{
File f = File.createTempFile( "junit", null, temporaryFolder );
File f = Files.createTempFile( temporaryFolder.toPath(), "junit", null ).toFile();
Throwable exception = assertThrows( EnforcerRuleException.class, () -> {
FileUtils.fileWrite( f, "message" );

Expand Down Expand Up @@ -229,7 +230,7 @@ public void testFileChecksumMd5ChecksumMismatchFailureWithMessage()
public void testFileChecksumSha1()
throws IOException, EnforcerRuleException
{
File f = File.createTempFile( "junit", null, temporaryFolder );
File f = Files.createTempFile( temporaryFolder.toPath(), "junit", null ).toFile();
FileUtils.fileWrite( f, "message" );

rule.setFile( f );
Expand All @@ -243,7 +244,7 @@ public void testFileChecksumSha1()
public void testFileChecksumSha256()
throws IOException, EnforcerRuleException
{
File f = File.createTempFile( "junit", null, temporaryFolder );
File f = Files.createTempFile( temporaryFolder.toPath(), "junit", null ).toFile();
FileUtils.fileWrite( f, "message" );

rule.setFile( f );
Expand All @@ -257,7 +258,7 @@ public void testFileChecksumSha256()
public void testFileChecksumSha384()
throws IOException, EnforcerRuleException
{
File f = File.createTempFile( "junit", null, temporaryFolder );
File f = Files.createTempFile( temporaryFolder.toPath(), "junit", null ).toFile();
FileUtils.fileWrite( f, "message" );

rule.setFile( f );
Expand All @@ -271,7 +272,7 @@ public void testFileChecksumSha384()
public void testFileChecksumSha512()
throws IOException, EnforcerRuleException
{
File f = File.createTempFile( "junit", null, temporaryFolder );
File f = Files.createTempFile( temporaryFolder.toPath(), "junit", null ).toFile();
FileUtils.fileWrite( f, "message" );

rule.setFile( f );
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -22,12 +22,13 @@
import static org.junit.jupiter.api.Assertions.*;

import java.io.File;
import java.io.IOException;
import java.io.IOException;
import java.nio.file.Files;

import org.apache.maven.enforcer.rule.api.EnforcerRuleException;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.io.TempDir;
import org.junit.jupiter.api.io.TempDir;

/**
* Test the "require files don't exist" rule.
*
Expand All @@ -44,7 +45,7 @@ public class TestRequireFilesDontExist
public void testFileExists()
throws IOException
{
File f = File.createTempFile( "junit", null, temporaryFolder );
File f = Files.createTempFile( temporaryFolder.toPath(), "junit", null ).toFile();

rule.setFiles( new File[] { f } );

Expand Down Expand Up @@ -126,7 +127,7 @@ public void testEmptyFileListAllowNull()
public void testFileDoesNotExist()
throws EnforcerRuleException, IOException
{
File f = File.createTempFile( "junit", null, temporaryFolder );
File f = Files.createTempFile( temporaryFolder.toPath(), "junit", null ).toFile();
f.delete();

assertFalse( f.exists() );
Expand All @@ -140,12 +141,12 @@ public void testFileDoesNotExist()
public void testFileDoesNotExistSatisfyAny()
throws EnforcerRuleException, IOException
{
File f = File.createTempFile( "junit", null, temporaryFolder );
File f = Files.createTempFile( temporaryFolder.toPath(), "junit", null ).toFile();
f.delete();

assertFalse( f.exists() );

File g = File.createTempFile( "junit", null, temporaryFolder );
File g = Files.createTempFile( temporaryFolder.toPath(), "junit", null ).toFile();

assertTrue( g.exists() );

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@

import java.io.File;
import java.io.IOException;
import java.nio.file.Files;

import org.apache.maven.enforcer.rule.api.EnforcerRuleException;
import org.junit.jupiter.api.Test;
Expand All @@ -44,7 +45,7 @@ public class TestRequireFilesExist
public void testFileExists()
throws Exception
{
File f = File.createTempFile( "junit", null, temporaryFolder );
File f = Files.createTempFile( temporaryFolder.toPath(), "junit", null ).toFile();

rule.setFiles( new File[] { f.getCanonicalFile() } );

Expand Down Expand Up @@ -109,7 +110,7 @@ public void testEmptyFileListAllowNull()
public void testFileDoesNotExist()
throws Exception
{
File f = File.createTempFile( "junit", null, temporaryFolder );
File f = Files.createTempFile( temporaryFolder.toPath(), "junit", null ).toFile();
f.delete();

assertFalse( f.exists() );
Expand All @@ -126,12 +127,12 @@ public void testFileDoesNotExist()
public void testFileExistsSatisfyAny()
throws EnforcerRuleException, IOException
{
File f = File.createTempFile( "junit", null, temporaryFolder );
File f = Files.createTempFile( temporaryFolder.toPath(), "junit", null ).toFile();
f.delete();

assertFalse( f.exists() );

File g = File.createTempFile( "junit", null, temporaryFolder );
File g = Files.createTempFile( temporaryFolder.toPath(), "junit", null ).toFile();

assertTrue( g.exists() );

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,14 +24,15 @@
import java.io.BufferedWriter;
import java.io.File;
import java.io.FileWriter;
import java.io.IOException;
import java.io.IOException;
import java.nio.file.Files;

import org.apache.maven.artifact.Artifact;
import org.apache.maven.enforcer.rule.api.EnforcerRuleException;
import org.apache.maven.plugin.testing.ArtifactStubFactory;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.io.TempDir;
import org.junit.jupiter.api.io.TempDir;

/**
* Test the "require files exist" rule.
*
Expand All @@ -48,7 +49,7 @@ public class TestRequireFilesSize
public void testFileExists()
throws EnforcerRuleException, IOException
{
File f = File.createTempFile( "junit", null, temporaryFolder );
File f = Files.createTempFile( temporaryFolder.toPath(), "junit", null ).toFile();

rule.setFiles( new File[] { f } );

Expand Down Expand Up @@ -88,7 +89,7 @@ public void testEmptyFileList()
assertEquals( 0, rule.getFiles().length );

MockProject project = new MockProject();
File f = File.createTempFile( "junit", null, temporaryFolder );
File f = Files.createTempFile( temporaryFolder.toPath(), "junit", null ).toFile();

ArtifactStubFactory factory = new ArtifactStubFactory();
Artifact a = factory.getReleaseArtifact();
Expand All @@ -107,7 +108,7 @@ public void testEmptyFileList()
public void testFileDoesNotExist()
throws IOException
{
File f = File.createTempFile( "junit", null, temporaryFolder );
File f = Files.createTempFile( temporaryFolder.toPath(), "junit", null ).toFile();
f.delete();
assertFalse( f.exists() );
rule.setFiles( new File[] { f } );
Expand All @@ -127,7 +128,7 @@ public void testFileDoesNotExist()
public void testFileTooSmall()
throws IOException
{
File f = File.createTempFile( "junit", null, temporaryFolder );
File f = Files.createTempFile( temporaryFolder.toPath(), "junit", null ).toFile();
rule.setFiles( new File[] { f } );
rule.setMinsize( 10 );
try
Expand All @@ -145,7 +146,7 @@ public void testFileTooSmall()
public void testFileTooBig()
throws IOException
{
File f = File.createTempFile( "junit", null, temporaryFolder );
File f = Files.createTempFile( temporaryFolder.toPath(), "junit", null ).toFile();
try ( BufferedWriter out = new BufferedWriter( new FileWriter( f ) ) )
{
out.write( "123456789101112131415" );
Expand All @@ -169,14 +170,14 @@ public void testFileTooBig()
public void testRequireFilesSizeSatisfyAny()
throws EnforcerRuleException, IOException
{
File f = File.createTempFile( "junit", null, temporaryFolder );
File f = Files.createTempFile( temporaryFolder.toPath(), "junit", null ).toFile();
try ( BufferedWriter out = new BufferedWriter( new FileWriter( f ) ) )
{
out.write( "123456789101112131415" );
}
assertTrue( f.length() > 10 );

File g = File.createTempFile( "junit", null, temporaryFolder );
File g = Files.createTempFile( temporaryFolder.toPath(), "junit", null ).toFile();

rule.setFiles( new File[] { f, g } );
rule.setMaxsize( 10 );
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@
import java.io.IOException;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;

import org.apache.maven.enforcer.rule.api.EnforcerRuleException;
import org.apache.maven.plugins.enforcer.utils.NormalizeLineSeparatorReader.LineSeparator;
Expand All @@ -46,7 +47,7 @@ public class TestRequireTextFileChecksum
public void testFileChecksumMd5NormalizedFromUnixToWindows()
throws IOException, EnforcerRuleException
{
File f = File.createTempFile( "junit", null, temporaryFolder );
File f = Files.createTempFile( temporaryFolder.toPath(), "junit", null ).toFile();
FileUtils.fileWrite( f, "line1\nline2\n" );

rule.setFile( f );
Expand All @@ -62,7 +63,7 @@ public void testFileChecksumMd5NormalizedFromUnixToWindows()
public void testFileChecksumMd5NormalizedFromWindowsToWindows()
throws IOException, EnforcerRuleException
{
File f = File.createTempFile( "junit", null, temporaryFolder );
File f = Files.createTempFile( temporaryFolder.toPath(), "junit", null ).toFile();
FileUtils.fileWrite( f, "line1\r\nline2\r\n" );

rule.setFile( f );
Expand All @@ -78,7 +79,7 @@ public void testFileChecksumMd5NormalizedFromWindowsToWindows()
public void testFileChecksumMd5NormalizedFromWindowsToUnix()
throws IOException, EnforcerRuleException
{
File f = File.createTempFile( "junit", null, temporaryFolder );
File f = Files.createTempFile( temporaryFolder.toPath(), "junit", null ).toFile();
FileUtils.fileWrite( f, "line1\r\nline2\r\n" );

rule.setFile( f );
Expand All @@ -94,7 +95,7 @@ public void testFileChecksumMd5NormalizedFromWindowsToUnix()
public void testFileChecksumMd5NormalizedFromUnixToUnix()
throws IOException, EnforcerRuleException
{
File f = File.createTempFile( "junit", null, temporaryFolder );
File f = Files.createTempFile( temporaryFolder.toPath(), "junit", null ).toFile();
FileUtils.fileWrite( f, "line1\nline2\n" );

rule.setFile( f );
Expand All @@ -110,7 +111,7 @@ public void testFileChecksumMd5NormalizedFromUnixToUnix()
public void testFileChecksumMd5NormalizedWithMissingFileCharsetParameter()
throws IOException, EnforcerRuleException
{
File f = File.createTempFile( "junit", null, temporaryFolder );
File f = Files.createTempFile( temporaryFolder.toPath(), "junit", null ).toFile();
FileUtils.fileWrite( f, "line1\nline2\n" );

rule.setFile( f );
Expand Down