[SECURITY] Fix Temporary File Information Disclosure Vulnerability

cli/src/test/java/org/apache/oodt/cas/cli/option/validator/TestFileExistCmdLineOptionValidator.java

@@ -23,8 +23,8 @@
 //JDK imports
 import java.io.File;
 import java.io.IOException;
+import java.nio.file.Files;
 
-//JUnit imports
 import junit.framework.TestCase;
 
 //OODT imports
@@ -54,7 +54,7 @@ public void testValidate() throws IOException {
             .validate(instance).getGrade());
 
       // Test pass case.
-      File tempFile = File.createTempFile("bogus", "bogus");
+      File tempFile = Files.createTempFile("bogus", "bogus").toFile();
       tempFile.deleteOnExit();
       instance = createOptionInstance(createSimpleOption("test", false),
             tempFile.getAbsolutePath());

commons/src/test/java/org/apache/oodt/commons/ConfigurationTest.java

@@ -16,6 +16,7 @@
 package org.apache.oodt.commons;
 
 import java.io.*;
+import java.nio.file.Files;
 import java.util.*;
 import junit.framework.*;
 
@@ -33,7 +34,7 @@ public ConfigurationTest(String name) {
 
 	protected void setUp() throws Exception {
 		// Create a temporary test configuration file.
-		tmpFile = File.createTempFile("conf", ".xml");
+		tmpFile = Files.createTempFile("conf", ".xml").toFile();
 		BufferedOutputStream out = new BufferedOutputStream(new FileOutputStream(tmpFile));
 		byte[] doc = TEST_DOC.getBytes();
 		out.write(doc, 0, doc.length);

commons/src/test/java/org/apache/oodt/commons/object/jndi/ObjectContextTest.java

@@ -17,6 +17,7 @@
 
 import java.io.File;
 import java.io.FileOutputStream;
+import java.nio.file.Files;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Properties;
@@ -46,7 +47,7 @@ public ObjectContextTest(String caseName) {
 	public void setUp() throws Exception {
 		super.setUp();
 
-		aliasFile = File.createTempFile("test", ".properties");
+		aliasFile = Files.createTempFile("test", ".properties").toFile();
 		aliasFile.deleteOnExit();
 		Properties aliases = new Properties();
 		aliases.setProperty("urn:alias:x", "urn:a:x");

crawler/src/test/java/org/apache/oodt/cas/crawl/typedetection/TestMimeExtractorConfigReader.java

@@ -18,6 +18,7 @@
 
 //JDK imports
 import java.io.File;
+import java.nio.file.Files;
 import java.util.List;
 import java.util.UUID;
 
@@ -47,7 +48,7 @@ public class TestMimeExtractorConfigReader extends TestCase {
 
    @Override
    public void setUp() throws Exception {
-      File tmpFile = File.createTempFile("bogus", "bogus");
+      File tmpFile = Files.createTempFile("bogus", "bogus").toFile();
       tmpDir = new File(tmpFile.getParentFile(), UUID.randomUUID().toString());
       tmpFile.delete();
       if (!tmpDir.mkdirs()) {

filemgr/src/test/java/org/apache/oodt/cas/filemgr/catalog/TestDataSourceCatalog.java

@@ -35,6 +35,7 @@
 import java.io.File;
 import java.io.FileInputStream;
 import java.net.URL;
+import java.nio.file.Files;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Properties;
@@ -99,7 +100,7 @@ public void setUpProperties() {
             File tempFile;
 
             try {
-                tempFile = File.createTempFile("foo", "bar");
+                tempFile = Files.createTempFile("foo", "bar").toFile();
                 tempFile.deleteOnExit();
                 tempDir = tempFile.getParentFile();
             } catch (Exception e) {

filemgr/src/test/java/org/apache/oodt/cas/filemgr/catalog/TestLuceneCatalog.java

@@ -37,6 +37,7 @@
 import java.io.File;
 import java.io.FileInputStream;
 import java.net.URL;
+import java.nio.file.Files;
 import java.util.List;
 import java.util.Properties;
 import java.util.Vector;
@@ -93,7 +94,7 @@ public void setUpProperties() {
         File tempFile;
 
         try {
-            tempFile = File.createTempFile("foo", "bar");
+            tempFile = Files.createTempFile("foo", "bar").toFile();
             tempFile.deleteOnExit();
             tempDir = tempFile.getParentFile();
         } catch (Exception e) {

filemgr/src/test/java/org/apache/oodt/cas/filemgr/cli/TestFileManagerCli.java

@@ -21,6 +21,7 @@
 import java.io.IOException;
 import java.net.MalformedURLException;
 import java.net.URL;
+import java.nio.file.Files;
 import java.util.Properties;
 //JUnit imports
 import junit.framework.TestCase;
@@ -323,7 +324,7 @@ public void testIngestProduct() {
 
    public void testDumpMetadata() throws IOException {
       String productId = "TestProductId";
-      File bogusFile = File.createTempFile("bogus", "bogus");
+      File bogusFile = Files.createTempFile("bogus", "bogus").toFile();
       File tmpFile = new File(bogusFile.getParentFile(), "CliDumpMetadata");
       tmpFile.mkdirs();
       bogusFile.delete();

filemgr/src/test/java/org/apache/oodt/cas/filemgr/cli/action/TestDumpMetadataCliAction.java

@@ -24,8 +24,8 @@
 import java.io.IOException;
 import java.net.MalformedURLException;
 import java.net.URL;
+import java.nio.file.Files;
 
-//Apache imports
 import org.apache.commons.io.FileUtils;
 
 //OODT imports
@@ -53,7 +53,7 @@ public class TestDumpMetadataCliAction extends TestCase {
 
    @Override
    public void setUp() throws Exception {
-      File bogusFile = File.createTempFile("bogus", "bogus");
+      File bogusFile = Files.createTempFile("bogus", "bogus").toFile();
       tmpFile = new File(bogusFile.getParentFile(), "MetadataDump");
       tmpFile.mkdirs();
       bogusFile.delete();

filemgr/src/test/java/org/apache/oodt/cas/filemgr/cli/action/TestIngestProductCliAction.java

@@ -23,6 +23,7 @@
 import java.io.PrintStream;
 import java.net.MalformedURLException;
 import java.net.URL;
+import java.nio.file.Files;
 import java.util.Collections;
 import java.util.Comparator;
 
@@ -237,7 +238,7 @@ public int compare(Reference ref1, Reference ref2) {
    }
 
    private File createTmpDir() throws IOException {
-      File bogusDir = File.createTempFile("bogus", "bogus");
+      File bogusDir = Files.createTempFile("bogus", "bogus").toFile();
       File tmpDir = bogusDir.getParentFile();
       bogusDir.delete();
       tmpDir = new File(tmpDir, "Metadata");

filemgr/src/test/java/org/apache/oodt/cas/filemgr/datatransfer/TestInPlaceDataTransferer.java

@@ -24,8 +24,8 @@
 
 //JDK imports
 import java.io.File;
+import java.nio.file.Files;
 
-//Junit imports
 import junit.framework.TestCase;
 
 /**
@@ -48,7 +48,7 @@ public TestInPlaceDataTransferer() {
         transfer = (InPlaceDataTransferer) new InPlaceDataTransferFactory()
                 .createDataTransfer();
         try {
-            File tempFileSrc = File.createTempFile("foo", ".txt");
+            File tempFileSrc = Files.createTempFile("foo", ".txt").toFile();
             tempFileSrc.deleteOnExit();
             productOrigLoc = tempFileSrc.getAbsolutePath();
             productExpectedLoc = tempFileSrc.getParent();

filemgr/src/test/java/org/apache/oodt/cas/filemgr/datatransfer/TestLocalDataTransferer.java

@@ -28,6 +28,7 @@
 import java.io.File;
 import java.io.IOException;
 import java.net.URL;
+import java.nio.file.Files;
 import java.util.UUID;
 
 //Junit imports
@@ -55,7 +56,7 @@ public void setUp() throws Exception {
          .createDataTransfer();
       URL url = this.getClass().getResource("/test.txt");
       origFile = new File(url.getFile());
-      File testFile = File.createTempFile("test", ".txt");
+      File testFile = Files.createTempFile("test", ".txt").toFile();
       testDir = new File(testFile.getParentFile(), UUID.randomUUID().toString());
       repoDir = new File(testDir, "repo");
       if (!repoDir.mkdirs()) {

filemgr/src/test/java/org/apache/oodt/cas/filemgr/structs/type/TestTypeHandler.java

@@ -44,6 +44,7 @@
 import java.io.FileInputStream;
 import java.net.MalformedURLException;
 import java.net.URL;
+import java.nio.file.Files;
 import java.sql.Connection;
 import java.sql.ResultSet;
 import java.sql.SQLException;
@@ -99,7 +100,7 @@ public void setUpProperties() {
         File tempFile;
 
         try {
-            tempFile = File.createTempFile("foo", "bar");
+            tempFile = Files.createTempFile("foo", "bar").toFile();
             tempFile.deleteOnExit();
             tempDir = tempFile.getParentFile();
         } catch (Exception e) {

metadata/src/test/java/org/apache/oodt/cas/metadata/filenaming/TestPathUtilsNamingConvention.java

@@ -19,6 +19,7 @@
 //JDK imports
 import java.io.File;
 import java.io.IOException;
+import java.nio.file.Files;
 import java.util.UUID;
 
 //Apache imports
@@ -39,7 +40,7 @@
 public class TestPathUtilsNamingConvention extends TestCase {
 
    public void testRename() throws IOException, NamingConventionException {
-      File tmpFile = File.createTempFile("bogus", "bogus");
+      File tmpFile = Files.createTempFile("bogus", "bogus").toFile();
       File tmpDir = new File(tmpFile.getParentFile(),
             UUID.randomUUID().toString());
       if (!tmpDir.mkdirs()) {

pge/src/test/java/org/apache/oodt/cas/pge/TestPGETaskInstance.java

@@ -55,6 +55,7 @@
 import java.io.FileInputStream;
 import java.io.StringReader;
 import java.net.URL;
+import java.nio.file.Files;
 import java.util.Collections;
 import java.util.List;
 import java.util.Map;
@@ -77,6 +78,7 @@
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
 import static org.junit.Assume.assumeTrue;
+
 //JDK imports
 //JUnit imports
 //Apache imports
@@ -647,7 +649,7 @@ private PGETaskInstance createTestInstance(String workflowInstId)
    }
 
    private File createTmpDir() throws Exception {
-      File tmpFile = File.createTempFile("bogus", "bogus");
+      File tmpFile = Files.createTempFile("bogus", "bogus").toFile();
       File tmpDir = new File(tmpFile.getParentFile(), UUID.randomUUID().toString());
       tmpFile.delete();
       tmpDir.mkdirs();

pge/src/test/java/org/apache/oodt/cas/pge/writers/VelocityConfigFileWriterTest.java

@@ -23,6 +23,7 @@
 import java.io.File;
 import java.io.IOException;
 import java.net.URL;
+import java.nio.file.Files;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
@@ -40,7 +41,7 @@ public void testCreateConfigFile() throws IOException {
     metadata.addMetadata("name", "Chris");
     metadata.addMetadata("name", "Paul");
     metadata.addMetadata("conference", "ApacheCon");
-    File config = File.createTempFile("config", ".out");
+    File config = Files.createTempFile("config", ".out").toFile();
     try {
       vcfw.generateFile(config.toString(), metadata, LOG, url.getFile());
     } catch (Exception e) {

webapp/wmservices/src/main/java/org/apache/oodt/cas/wmservices/repository/PackagedWorkflowManager.java

@@ -19,6 +19,7 @@
 
 import java.io.File;
 import java.io.FileOutputStream;
+import java.nio.file.Files;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
@@ -83,7 +84,7 @@ public String serializeWorkflow(Workflow workflow) throws RepositoryException {
     try {
       this.loadTasksToRepo(workflow);
       String workflowId = this.repo.addWorkflow(workflow);
-      File f = File.createTempFile("tempworkflow-", "-packaged");
+      File f = Files.createTempFile("tempworkflow-", "-packaged").toFile();
       this.saveWorkflow(workflowId, f.getAbsolutePath());
       String workflowXML = FileUtils.readFileToString(f);
       f.delete();
@@ -107,7 +108,7 @@ public String serializeWorkflow(Workflow workflow) throws RepositoryException {
   public Workflow parsePackagedWorkflow(String workflowID, String workflowXML)
       throws RepositoryException {
     try {
-      File tmpfile = File.createTempFile("tempworkflow-", "-packaged");
+      File tmpfile = Files.createTempFile("tempworkflow-", "-packaged").toFile();
       FileUtils.writeStringToFile(tmpfile, workflowXML);
       PackagedWorkflowRepository tmprepo = new PackagedWorkflowRepository(
           Collections.singletonList(tmpfile));

workflow/src/test/java/org/apache/oodt/cas/workflow/instrepo/TestLuceneWorkflowInstanceRepository.java

@@ -31,6 +31,7 @@
 //JDK imports
 import java.io.File;
 import java.io.FileInputStream;
+import java.nio.file.Files;
 import java.util.List;
 import java.util.Vector;
 
@@ -114,7 +115,7 @@ public TestLuceneWorkflowInstanceRepository() {
         File tempFile;
 
         try {
-            tempFile = File.createTempFile("foo", "bar");
+            tempFile = Files.createTempFile("foo", "bar").toFile();
             tempFile.deleteOnExit();
             tempDir = tempFile.getParentFile();
         } catch (Exception e) {

workflow/src/test/java/org/apache/oodt/cas/workflow/repository/TestWorkflowDataSourceRepository.java

@@ -37,6 +37,7 @@
 import java.io.File;
 import java.io.FileInputStream;
 import java.io.FileNotFoundException;
+import java.nio.file.Files;
 import java.sql.SQLException;
 import java.util.ArrayList;
 import java.util.Collections;
@@ -82,7 +83,7 @@ public TestWorkflowDataSourceRepository() throws SQLException, FileNotFoundExcep
         File tempFile;
 
         try {
-            tempFile = File.createTempFile("foo", "bar");
+            tempFile = Files.createTempFile("foo", "bar").toFile();
             tempFile.deleteOnExit();
             tempDir = tempFile.getParentFile();
         } catch (Exception e) {