From 91805936e6670f9f8bc46ae6e63a314b0195f0c8 Mon Sep 17 00:00:00 2001 From: William Cheng Date: Wed, 24 Feb 2021 11:45:44 +0800 Subject: [PATCH] [maven plugin] fix security issues (#8795) * use Files.createTempFile in maven plugin to avoid security issues * error check when creating a folder --- .../java/org/openapitools/codegen/plugin/CodeGenMojo.java | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/modules/openapi-generator-maven-plugin/src/main/java/org/openapitools/codegen/plugin/CodeGenMojo.java b/modules/openapi-generator-maven-plugin/src/main/java/org/openapitools/codegen/plugin/CodeGenMojo.java index fa8711fd147..a697be42e32 100644 --- a/modules/openapi-generator-maven-plugin/src/main/java/org/openapitools/codegen/plugin/CodeGenMojo.java +++ b/modules/openapi-generator-maven-plugin/src/main/java/org/openapitools/codegen/plugin/CodeGenMojo.java @@ -758,7 +758,10 @@ public class CodeGenMojo extends AbstractMojo { if (storedInputSpecHashFile.getParent() != null && !new File(storedInputSpecHashFile.getParent()).exists()) { File parent = new File(storedInputSpecHashFile.getParent()); - parent.mkdirs(); + if (!parent.mkdirs()) { + throw new RuntimeException("Failed to create the folder " + parent.getAbsolutePath() + + " to store the checksum of the input spec."); + } } Files.asCharSink(storedInputSpecHashFile, StandardCharsets.UTF_8).write(inputSpecHash); @@ -790,7 +793,7 @@ public class CodeGenMojo extends AbstractMojo { File inputSpecTempFile = inputSpecFile; if (inputSpecRemoteUrl != null) { - inputSpecTempFile = File.createTempFile("openapi-spec", ".tmp"); + inputSpecTempFile = java.nio.file.Files.createTempFile("openapi-spec", ".tmp").toFile(); URLConnection conn = inputSpecRemoteUrl.openConnection(); if (isNotEmpty(auth)) {