Merge pull request #6 from BulkSecurityGeneratorProjectV2/fix/JLL/temporary_file_local_information_disclosure
[SECURITY] Fix Temporary File Information Disclosure Vulnerability in Unit Test
diff --git a/src/test/java/org/apache/sling/auth/form/impl/TokenStoreTest.java b/src/test/java/org/apache/sling/auth/form/impl/TokenStoreTest.java
index fad6038..b849ef9 100644
--- a/src/test/java/org/apache/sling/auth/form/impl/TokenStoreTest.java
+++ b/src/test/java/org/apache/sling/auth/form/impl/TokenStoreTest.java
@@ -8,6 +8,7 @@
import java.io.File;
import java.io.IOException;
import java.math.BigInteger;
+import java.nio.file.Files;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.time.Duration;
@@ -53,7 +54,7 @@
@Before
public void setup() throws IOException, InvalidKeyException, NoSuchAlgorithmException, IllegalStateException {
- tokenFile = File.createTempFile(getClass().getName(), "tokenstore");
+ tokenFile = Files.createTempFile(getClass().getName(), "tokenstore").toFile();
store = new TokenStore(tokenFile, SESSION_TIMEOUT_MSEC, DEFAULT_FAST_SEED);
encodedToken = store.encode(DEFAULT_EXPIRATION_TIME_MSEC, USER_ID);
}
