Uploaded image for project: 'Phoenix'
  1. Phoenix
  2. PHOENIX-6439

Remove uses of Guava's Files#createTempDir

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Minor
    • Resolution: Duplicate
    • None
    • None
    • None

    Description

      See CVE-2020-8908. Guava's Files#createTempDir creates files that are world-readable. Phoenix has some test code that uses this API. Chances are eventually someone's security vulnerability scanner will ding you. Not urgent to fix, but the fix is simple:

      "We recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured."

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. PHOENIX-6576 Do not use guava's Files.createTempDir()

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              Unassigned Unassigned
              apurtell Andrew Kyle Purtell
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: