loafle/openapi-generator
3
0
Fork 0
forked from loafle/openapi-generator-original
Code Pull Requests Activity

[maven plugin] fix security issues (#8795)

Browse Source 
* use Files.createTempFile in maven plugin to avoid security issues

* error check when creating a folder
This commit is contained in:
William Cheng 2021-02-24 11:45:44 +08:00 committed by GitHub
parent c31e6e79d0
commit 91805936e6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
modules/openapi-generator-maven-plugin/src/main/java/org/openapitools/codegen/plugin/CodeGenMojo.java
View File

@ -758,7 +758,10 @@ public class CodeGenMojo extends AbstractMojo {
if (storedInputSpecHashFile.getParent() != null && !new File(storedInputSpecHashFile.getParent()).exists()) { if (storedInputSpecHashFile.getParent() != null && !new File(storedInputSpecHashFile.getParent()).exists()) {
File parent = new File(storedInputSpecHashFile.getParent()); File parent = new File(storedInputSpecHashFile.getParent());
parent.mkdirs(); if (!parent.mkdirs()) {
throw new RuntimeException("Failed to create the folder " + parent.getAbsolutePath() +
" to store the checksum of the input spec.");
}
} }
Files.asCharSink(storedInputSpecHashFile, StandardCharsets.UTF_8).write(inputSpecHash); Files.asCharSink(storedInputSpecHashFile, StandardCharsets.UTF_8).write(inputSpecHash);
@ -790,7 +793,7 @@ public class CodeGenMojo extends AbstractMojo {
File inputSpecTempFile = inputSpecFile; File inputSpecTempFile = inputSpecFile;
if (inputSpecRemoteUrl != null) { if (inputSpecRemoteUrl != null) {
inputSpecTempFile = File.createTempFile("openapi-spec", ".tmp"); inputSpecTempFile = java.nio.file.Files.createTempFile("openapi-spec", ".tmp").toFile();
URLConnection conn = inputSpecRemoteUrl.openConnection(); URLConnection conn = inputSpecRemoteUrl.openConnection();
if (isNotEmpty(auth)) { if (isNotEmpty(auth)) {