From 6fce958aa8bed1ec798db25ba433c7b98044824a Mon Sep 17 00:00:00 2001
From: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
Date: Fri, 18 Nov 2022 22:56:18 +0000
Subject: [PATCH] vuln-fix: Temporary File Information Disclosure

This fixes temporary file information disclosure vulnerability due to the use
of the vulnerable `File.createTempFile()` method. The vulnerability is fixed by
using the `Files.createTempFile()` method which sets the correct posix permissions.

Weakness: CWE-377: Insecure Temporary File
Severity: Medium
CVSSS: 5.5
Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.SecureTempFileCreation)

Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>

Bug-tracker: https://github.com/JLLeitschuh/security-research/issues/18


Co-authored-by: Moderne <team@moderne.io>
---
 src/main/java/com/music/Generator.java                 | 7 ++++---
 src/main/java/com/music/service/ManagementService.java | 5 +++--
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/src/main/java/com/music/Generator.java b/src/main/java/com/music/Generator.java
index 15c775c..ad390e6 100644
--- a/src/main/java/com/music/Generator.java
+++ b/src/main/java/com/music/Generator.java
@@ -29,6 +29,7 @@
 import java.io.InputStream;
 import java.io.OutputStream;
 import java.lang.reflect.Field;
+import java.nio.file.Files;
 import java.text.DecimalFormat;
 import java.util.ArrayList;
 import java.util.Arrays;
@@ -234,7 +235,7 @@ public byte[] toMp3(byte[] midi, String wavPath) throws Exception {
         try {
             File wav;
             if (wavPath == null) {
-                wav = File.createTempFile("gen", ".wav");
+                wav = Files.createTempFile("gen", ".wav").toFile();
             } else {
                 wav = new File(wavPath + "/gen.wav");
             }
@@ -253,7 +254,7 @@ public byte[] toMp3(byte[] midi, String wavPath) throws Exception {
 //            audio.setSamplingRate(20000);
             attrs.setAudioAttributes(audio);
             attrs.setThreads(1);
-            File mp3 = File.createTempFile("gen", ".mp3");
+            File mp3 = Files.createTempFile("gen", ".mp3").toFile();
             encoder.encode(wav, mp3, attrs);
             logger.info("wav2mp3 conversion took: " + (System.currentTimeMillis() - start) + " millis");
             if (wavPath == null) {
@@ -493,4 +494,4 @@ public static void loadSoundbankInstruments(Synthesizer synthesizer) {
             synthesizer.loadAllInstruments(soundbank);
         }
     }
-}
\ No newline at end of file
+}
diff --git a/src/main/java/com/music/service/ManagementService.java b/src/main/java/com/music/service/ManagementService.java
index ddb2ef1..9050504 100644
--- a/src/main/java/com/music/service/ManagementService.java
+++ b/src/main/java/com/music/service/ManagementService.java
@@ -20,6 +20,7 @@
 
 import java.io.File;
 import java.io.InputStream;
+import java.nio.file.Files;
 import java.util.Arrays;
 import java.util.List;
 
@@ -129,7 +130,7 @@ public void fillVariation() {
             try {
                 InputStream is = pieceService.getPieceMidiFile(piece.getId());
                 byte[] midi = IOUtils.toByteArray(is);
-                File tmp = File.createTempFile("tmp", "mid");
+                File tmp = Files.createTempFile("tmp", "mid").toFile();
                 FileUtils.writeByteArrayToFile(tmp, midi);
                 Score score = new Score();
                 Read.midi(score, tmp.getAbsolutePath());
@@ -143,4 +144,4 @@ public void fillVariation() {
 
         }
     }
-}
\ No newline at end of file
+}