Marmelator/persistence-service
1
0
Fork 0
Code Issues Pull Requests 17 Actions Packages Projects Releases 1.1k Wiki Activity

Pull request #26: RED-2315: made sure publicly writable directories are used safely

Browse Source 
Merge in RED/persistence-service from RED-2315-ps1 to master

* commit '0255c717c8e2b5379a10cce5289e088278521baa':
  RED-2315: made sure publicly writable directories are used safely
This commit is contained in:
Ali Oezyetimoglu 2021-09-30 09:16:32 +02:00 committed by Dominique Eiflaender
commit 79d7519090
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
persistence-service-v1/persistence-service-server-v1/src/main/java/com/iqser/red/service/peristence/v1/server/utils/FileSystemBackedArchiver.java
View File

@ -6,6 +6,10 @@ import lombok.SneakyThrows;
import lombok.extern.slf4j.Slf4j;
import java.io.*;
import java.nio.file.Files;
import java.nio.file.attribute.FileAttribute;
import java.nio.file.attribute.PosixFilePermission;
import java.nio.file.attribute.PosixFilePermissions;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
@ -22,7 +26,8 @@ public class FileSystemBackedArchiver implements AutoCloseable {
@SneakyThrows
public FileSystemBackedArchiver() {
tempFile = File.createTempFile("archive", ".zip");
FileAttribute<Set<PosixFilePermission>> attr = PosixFilePermissions.asFileAttribute(PosixFilePermissions.fromString("rwx------"));
tempFile = Files.createTempFile("archive", ".zip", attr).toFile();
zipOutputStream = new ZipOutputStream(new FileOutputStream(tempFile));
}