Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refactoring will and retain #177

Merged
merged 10 commits into from
Feb 1, 2023
Merged

Refactoring will and retain #177

merged 10 commits into from
Feb 1, 2023

Conversation

pingww
Copy link
Contributor

@pingww pingww commented Jan 29, 2023

No description provided.

JLLeitschuh and others added 10 commits November 19, 2022 02:13
@JLLeitschuh @TeamModerne
vuln-fix: Temporary File Information Disclosure
2b9a3e0 
This fixes temporary file information disclosure vulnerability due to the use
of the vulnerable `File.createTempFile()` method. The vulnerability is fixed by
using the `Files.createTempFile()` method which sets the correct posix permissions.

Weakness: CWE-377: Insecure Temporary File
Severity: Medium
CVSSS: 5.5
Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.SecureTempFileCreation)

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#18


Co-authored-by: Moderne <[email protected]>
@pingww
Merge pull request apache#169 from BulkSecurityGeneratorProjectV2/fix…
3d869af 
…/JLL/temporary_file_local_information_disclosure

[SECURITY] Fix Temporary File Information Disclosure Vulnerability
@pingww
clean offset
3c93fcb
@pingww
Merge pull request apache#176 from pingww/main
eadd10c 
clean offset
@pingww
Merge branch 'main' into develop
d348e95 
# Conflicts:
#	mqtt-exporter/src/main/java/org/apache/rocketmq/mqtt/exporter/http/BackedFileOutputStream.java
@pingww
fix
b5b89a4
@pingww
fix
fbefc84
@pingww
will, retain
6d0ce6d
@pingww
will, retain
d8fbb31
@pingww
Refactor:will, retain
edbfa39
@codecov-commenter
Copy link

Codecov Report

Merging #177 (edbfa39) into develop (f7cad0e) will increase coverage by 0.18%.
The diff coverage is 16.74%.

@@             Coverage Diff             @@
##           develop     #177      +/-   ##
===========================================
+ Coverage    36.83%   37.01%   +0.18%     
===========================================
  Files          129      128       -1     
  Lines         5997     5927      -70     
  Branches       831      842      +11     
===========================================
- Hits          2209     2194      -15     
+ Misses        3415     3367      -48     
+ Partials       373      366       -7
Impacted Files Coverage Δ
...rg/apache/rocketmq/mqtt/common/meta/Constants.java 0.00% <ø> (ø)
...a/org/apache/rocketmq/mqtt/common/meta/IpUtil.java 0.00% <0.00%> (ø)
...org/apache/rocketmq/mqtt/common/meta/RaftUtil.java 0.00% <0.00%> (ø)
...ocketmq/mqtt/cs/channel/DefaultChannelManager.java 11.22% <ø> (ø)
...rg/apache/rocketmq/mqtt/ds/config/ServiceConf.java 0.00% <ø> (ø)
...rg/apache/rocketmq/mqtt/ds/meta/MetaRpcClient.java 0.00% <0.00%> (ø)
...pache/rocketmq/mqtt/ds/meta/RetainedMsgClient.java 0.00% <0.00%> (ø)
...ketmq/mqtt/ds/meta/RetainedPersistManagerImpl.java 0.00% <0.00%> (ø)
...rg/apache/rocketmq/mqtt/ds/meta/WillMsgClient.java 0.00% <0.00%> (ø)
...org/apache/rocketmq/mqtt/example/MqttConsumer.java 0.00% <0.00%> (ø)
... and 22 more

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

@pingww pingww merged commit e31fbf1 into apache:develop Feb 1, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@pingww @codecov-commenter @JLLeitschuh