1 // =========================================================================
2 //
3 // INTEL CONFIDENTIAL
4 // Copyright 2005 - 2015
5 // Intel Corporation All Rights Reserved.
6 //
7 // =========================================================================
8 // The source code contained or described herein and all documents
9 // related to the source code ("Material") are owned by Intel Corporation
10 // or its suppliers or licensors. Title to the Material remains with
11 // Intel Corporation or its suppliers and licensors. The Material contains
12 // trade secrets and proprietary and confidential information of Intel or
13 // its suppliers and licensors. The Material is protected by worldwide
14 // copyright and trade secret laws and treaty provisions. No part of the
15 // Material may be used, copied, reproduced, modified, published, uploaded,
16 // posted, transmitted, distributed, or disclosed in any way without Intel’s
17 // prior express written permission.
18 //
19 // No license under any patent, copyright, trade secret or other intellectual
20 // property right is granted to or conferred upon you by disclosure or
21 // delivery of the Materials, either expressly, by implication, inducement,
22 // estoppel or otherwise. Any license under such intellectual property rights
23 // must be express and approved by Intel in writing.
24 // ==========================================================================
25
26 using System;
27 using System.Collections.Generic;
28 using System.IO;
29 using System.Linq;
30 using System.Text;
31 using IO = System.IO;
32
33 namespace Intel
34 {
35 public class TempFolder : Folder, IDisposable
36 {
37 #region Constructor / Destructor
38 private TempFolder(string path) : base(path) { }
39 ~TempFolder()
40 {
41 this.Dispose(false);
42 }
43 #endregion
44
45 public static TempFolder Create()
46 {
47 //Get a temporary location.
|
(1) Event Sigma main event: |
The application uses the method `System.IO.Path.GetTempFileName` to create a temporary file. Using this function may lead to leak of file contents or injection of malicious data into the file through a race condition attack. |
|
(2) Event remediation: |
Use the `System.IO.Path.GetRandomFileName` instead of `System.IO.Path.GetTempFileName` to create temporary files. |
48 string tempFolder = IO.Path.GetTempFileName();
49 File.Delete(tempFolder);
50
51 Log.WriteLine("Created new temporary folder: " + tempFolder);
52
53 return new TempFolder(tempFolder);
54 }
55
56 #region IDisposable Members
57 /// <summary>
58 /// Recursively deletes the temporary directory from the system.
59 /// </summary>
60 public void Dispose()
61 {
62 this.Dispose(true);
63 }
64
65 private void Dispose(bool disposing)
66 {
67 if (Directory.Exists(this.Path))
68 {
69 Directory.Delete(this.Path, true);
70 if (disposing) Log.WriteLine("Temporary folder deleted: " + this.Path);
71 }
72 else if (disposing)
73 {
74 Log.WriteLine("Temporary folder already deleted, ignoring: " + this.Path);
75 }
76 }
77 #endregion
78 }
79 }
80