1    	//  =========================================================================
2    	//  
3    	//                             INTEL CONFIDENTIAL
4    	//                            Copyright 2005 - 2015
5    	//                    Intel Corporation All Rights Reserved. 
6    	//  
7    	//  =========================================================================
8    	//  The source code contained or described herein and all documents 
9    	//  related to the source code ("Material") are owned by Intel Corporation 
10   	//  or its suppliers or licensors. Title to the Material remains with 
11   	//  Intel Corporation or its suppliers and licensors. The Material contains 
12   	//  trade secrets and proprietary and confidential information of Intel or 
13   	//  its suppliers and licensors. The Material is protected by worldwide 
14   	//  copyright and trade secret laws and treaty provisions. No part of the 
15   	//  Material may be used, copied, reproduced, modified, published, uploaded, 
16   	//  posted, transmitted, distributed, or disclosed in any way without Intel’s 
17   	//  prior express written permission.
18   	//  
19   	//  No license under any patent, copyright, trade secret or other intellectual 
20   	//  property right is granted to or conferred upon you by disclosure or 
21   	//  delivery of the Materials, either expressly, by implication, inducement, 
22   	//  estoppel or otherwise. Any license under such intellectual property rights 
23   	//  must be express and approved by Intel in writing.
24   	//  ==========================================================================
25   	
26   	using System;
27   	using System.Collections.Generic;
28   	using System.IO;
29   	using System.Linq;
30   	using System.Text;
31   	using IO = System.IO;
32   	
33   	namespace Intel
34   	{
35   		public class TempFolder : Folder, IDisposable
36   		{
37   			#region Constructor / Destructor
38   			private TempFolder(string path) : base(path) { }
39   			~TempFolder()
40   			{
41   				this.Dispose(false);
42   			}
43   			#endregion
44   	
45   			public static TempFolder Create()
46   			{
47   				//Get a temporary location.
(1) Event Sigma main event: The application uses the method `System.IO.Path.GetTempFileName` to create a temporary file. Using this function may lead to leak of file contents or injection of malicious data into the file through a race condition attack.
(2) Event remediation: Use the `System.IO.Path.GetRandomFileName` instead of `System.IO.Path.GetTempFileName` to create temporary files.
48   				string tempFolder = IO.Path.GetTempFileName();
49   				File.Delete(tempFolder);
50   	
51   				Log.WriteLine("Created new temporary folder: " + tempFolder);
52   	
53   				return new TempFolder(tempFolder);
54   			}
55   	
56   			#region IDisposable Members
57   			/// <summary>
58   			/// Recursively deletes the temporary directory from the system.
59   			/// </summary>
60   			public void Dispose()
61   			{
62   				this.Dispose(true);
63   			}
64   	
65   			private void Dispose(bool disposing)
66   			{
67   				if (Directory.Exists(this.Path))
68   				{
69   					Directory.Delete(this.Path, true);
70   					if (disposing) Log.WriteLine("Temporary folder deleted: " + this.Path);
71   				}
72   				else if (disposing)
73   				{
74   					Log.WriteLine("Temporary folder already deleted, ignoring: " + this.Path);
75   				}
76   			}
77   			#endregion
78   		}
79   	}
80