Use secure temporary file creation org.openrewrite.java.security.SecureTempFileCreation
java.io.File.createTempFile() has exploitable default file permissions. This recipe migrates to the more secure java.nio.file.Files.createTempFile() .
Tags
Recipe source
GitHub , Issue Tracker , Maven Central
groupId: org.openrewrite.recipe
artifactId: rewrite-java-security
Usage
This recipe has no required configuration options. It can be activated by adding a dependency on org.openrewrite.recipe:rewrite-java-security:2.6.0 in your build file or by running a shell command (in which case no build changes are needed):
Gradle Gradle init script Maven POM Maven Command Line Moderne CLI
Add the following to your build.gradle file:
Copy plugins {
id( "org.openrewrite.rewrite" ) version( "6.12.0" )
}
rewrite {
activeRecipe( "org.openrewrite.java.security.SecureTempFileCreation" )
}
repositories {
mavenCentral()
}
dependencies {
rewrite( "org.openrewrite.recipe:rewrite-java-security:2.6.0" )
}
Run gradle rewriteRun to run the recipe.
Create a file named init.gradle in the root of your project.
Copy initscript {
repositories {
maven { url "https://plugins.gradle.org/m2" }
}
dependencies { classpath( "org.openrewrite:plugin:6.12.0" ) }
}
rootProject {
plugins . apply( org.openrewrite.gradle.RewritePlugin )
dependencies {
rewrite( "org.openrewrite.recipe:rewrite-java-security:2.6.0" )
}
rewrite {
activeRecipe( "org.openrewrite.java.security.SecureTempFileCreation" )
}
afterEvaluate {
if (repositories . isEmpty()) {
repositories {
mavenCentral()
}
}
}
}
Run gradle --init-script init.gradle rewriteRun to run the recipe.
Add the following to your pom.xml file:
Copy < project >
< build >
< plugins >
< plugin >
< groupId >org.openrewrite.maven</ groupId >
< artifactId >rewrite-maven-plugin</ artifactId >
< version >5.29.0</ version >
< configuration >
< activeRecipes >
< recipe >org.openrewrite.java.security.SecureTempFileCreation</ recipe >
</ activeRecipes >
</ configuration >
< dependencies >
< dependency >
< groupId >org.openrewrite.recipe</ groupId >
< artifactId >rewrite-java-security</ artifactId >
< version >2.6.0</ version >
</ dependency >
</ dependencies >
</ plugin >
</ plugins >
</ build >
</ project >
Run mvn rewrite:run to run the recipe.
Copy mvn -U org.openrewrite.maven:rewrite-maven-plugin:run -Drewrite.recipeArtifactCoordinates=org.openrewrite.recipe:rewrite-java-security:RELEASE -Drewrite.activeRecipes=org.openrewrite.java.security.SecureTempFileCreation You will need to have configured the Moderne CLI on your machine before you can run the following command.
Copy mod run . --recipe SecureTempFileCreation See how this recipe works across multiple open-source repositories
The community edition of the Moderne platform enables you to easily run recipes across thousands of open-source repositories.
Please contact Moderne for more information about safely running the recipes on your own codebase in a private SaaS.
Contributors
Jonathan Leitschuh , Jonathan Schnéider , Knut Wannheden , Scott Jungling , Sam Snyder
Last updated 19 minutes ago
