Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
ant
ant-CVE-2020-1945-3.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File ant-CVE-2020-1945-3.patch of Package ant
From a8645a151bc706259fb1789ef587d05482d98612 Mon Sep 17 00:00:00 2001 From: Stefan Bodewig <bodewig@apache.org> Date: Tue, 5 May 2020 15:32:09 +0200 Subject: [PATCH] use nio.Files.createTempFile rather than File.createTempFile --- .../org/apache/tools/ant/util/FileUtils.java | 35 ++++++++++++++++++- .../apache/tools/ant/util/FileUtilsTest.java | 13 +++++++ 2 files changed, 47 insertions(+), 1 deletion(-) Index: apache-ant-1.9.4/src/main/org/apache/tools/ant/util/FileUtils.java =================================================================== --- apache-ant-1.9.4.orig/src/main/org/apache/tools/ant/util/FileUtils.java +++ apache-ant-1.9.4/src/main/org/apache/tools/ant/util/FileUtils.java @@ -30,10 +30,17 @@ import java.net.JarURLConnection; import java.net.MalformedURLException; import java.net.URL; import java.net.URLConnection; +import java.nio.file.Files; +import java.nio.file.Path; import java.nio.channels.Channel; +import java.nio.file.attribute.FileAttribute; +import java.nio.file.attribute.PosixFileAttributeView; +import java.nio.file.attribute.PosixFilePermission; +import java.nio.file.attribute.PosixFilePermissions; import java.text.DecimalFormat; import java.util.ArrayList; import java.util.Arrays; +import java.util.EnumSet; import java.util.Iterator; import java.util.List; import java.util.Random; @@ -92,6 +99,14 @@ public class FileUtils { */ public static final long NTFS_FILE_TIMESTAMP_GRANULARITY = 1; + private static final FileAttribute[] TMPFILE_ATTRIBUTES = + new FileAttribute[] { + PosixFilePermissions.asFileAttribute(EnumSet.of(PosixFilePermission.OWNER_READ, + PosixFilePermission.OWNER_WRITE)) + }; + private static final FileAttribute[] NO_TMPFILE_ATTRIBUTES = new FileAttribute[0]; + + /** * A one item cache for fromUri. * fromUri is called for each element when parseing ant build @@ -880,6 +895,10 @@ public class FileUtils { * yield a different file name. * </p> * + * <p>If the filesystem where the temporary file is created + * supports POSIX permissions, the file will only be readable and + * writable by the current user.</p> + * * @param prefix file name prefix. * @param suffix * file extension; include the '.'. @@ -902,6 +921,10 @@ public class FileUtils { * exist before this method was invoked, any subsequent invocation * of this method will yield a different file name.</p> * + * <p>If the filesystem where the temporary file is created + * supports POSIX permissions, the file will only be readable and + * writable by the current user.</p> + * * @param prefix file name prefix. * @param suffix file extension; include the '.'. * @param parentDir Directory to create the temporary file in; @@ -932,6 +955,10 @@ public class FileUtils { * exist before this method was invoked, any subsequent invocation * of this method will yield a different file name.</p> * + * <p>If the filesystem where the temporary file is created + * supports POSIX permissions, the file will only be readable and + * writable by the current user.</p> + * * @param project reference to the current Ant project. * @param prefix file name prefix. * @param suffix file extension; include the '.'. @@ -969,7 +996,12 @@ public class FileUtils { if (createFile) { try { - result = File.createTempFile(prefix, suffix, new File(parent)); + final Path parentPath = new File(parent).toPath(); + final PosixFileAttributeView parentPosixAttributes = + Files.getFileAttributeView(parentPath, PosixFileAttributeView.class); + result = Files.createTempFile(parentPath, prefix, suffix, + parentPosixAttributes != null ? TMPFILE_ATTRIBUTES : NO_TMPFILE_ATTRIBUTES) + .toFile(); } catch (IOException e) { throw new BuildException("Could not create tempfile in " + parent, e); @@ -1000,6 +1032,10 @@ public class FileUtils { * yield a different file name. * </p> * + * <p>If the filesystem where the temporary file is created + * supports POSIX permissions, the file will only be readable and + * writable by the current user.</p> + * * @param prefix file name prefix. * @param suffix * file extension; include the '.'. Index: apache-ant-1.9.4/src/tests/junit/org/apache/tools/ant/util/FileUtilsTest.java =================================================================== --- apache-ant-1.9.4.orig/src/tests/junit/org/apache/tools/ant/util/FileUtilsTest.java +++ apache-ant-1.9.4/src/tests/junit/org/apache/tools/ant/util/FileUtilsTest.java @@ -28,6 +28,12 @@ import org.apache.tools.ant.taskdefs.con import org.junit.After; import org.junit.Before; import org.junit.Test; +import java.util.Set; + +import java.nio.file.Files; +import java.nio.file.Path; +import java.nio.file.attribute.PosixFileAttributeView; +import java.nio.file.attribute.PosixFilePermission; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; @@ -361,6 +367,14 @@ public class FileUtilsTest { assertTrue("File was created", tmp1.exists()); assertEquals((new File(tmploc, tmp1.getName())).getAbsolutePath(), tmp1 .getAbsolutePath()); + final PosixFileAttributeView attributes = + Files.getFileAttributeView(tmp1.toPath(), PosixFileAttributeView.class); + if (attributes != null) { + final Set<PosixFilePermission> perm = attributes.readAttributes().permissions(); + assertTrue(perm.contains(PosixFilePermission.OWNER_READ)); + assertTrue(perm.contains(PosixFilePermission.OWNER_WRITE)); + assertTrue(perm.size() == 2); + } tmp1.delete(); // null parent dir, project without magic property
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor