[maven plugin] fix security issues (#8795)

* use Files.createTempFile in maven plugin to avoid security issues

* error check when creating a folder
This commit is contained in:
William Cheng 2021-02-24 11:45:44 +08:00 committed by GitHub
parent c31e6e79d0
commit 91805936e6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -758,7 +758,10 @@ public class CodeGenMojo extends AbstractMojo {
if (storedInputSpecHashFile.getParent() != null && !new File(storedInputSpecHashFile.getParent()).exists()) {
File parent = new File(storedInputSpecHashFile.getParent());
parent.mkdirs();
if (!parent.mkdirs()) {
throw new RuntimeException("Failed to create the folder " + parent.getAbsolutePath() +
" to store the checksum of the input spec.");
}
}
Files.asCharSink(storedInputSpecHashFile, StandardCharsets.UTF_8).write(inputSpecHash);
@ -790,7 +793,7 @@ public class CodeGenMojo extends AbstractMojo {
File inputSpecTempFile = inputSpecFile;
if (inputSpecRemoteUrl != null) {
inputSpecTempFile = File.createTempFile("openapi-spec", ".tmp");
inputSpecTempFile = java.nio.file.Files.createTempFile("openapi-spec", ".tmp").toFile();
URLConnection conn = inputSpecRemoteUrl.openConnection();
if (isNotEmpty(auth)) {