Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix race condition vulnerability in temporary directory creation #1050

Closed
wants to merge 1 commit into from
Closed

Fix race condition vulnerability in temporary directory creation #1050

wants to merge 1 commit into from

Conversation

hsuk04
Copy link

@hsuk04 hsuk04 commented Mar 27, 2025

Description

This PR modernizes thecreateTmpDir() method in ExporterTestUtils.java by replacing the older implementation with the Java NIO.2 Files API.
The previous implementation has a potential race condition vulnerability between deleting the temp file and creating a directory with the same name plus suffix. During this window, another process could potentially create a file or directory at the target path.
The new implementation using Files.createTempDirectory() eliminates this vulnerability by performing the operation atomically.

A similar fix can be found here openkm/document-management-system#332

Changes

  • Replace the multi-step temp directory creation process with a single call to Files.createTempDirectory()
  • Add import for java.nio.file.Files

References

openkm/document-management-system#332
openkm/document-management-system@c069e4d

@hsuk04 hsuk04 closed this Apr 12, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@hsuk04