From cf4655ee249ed083236bd2d7d18686b1a6328aa5 Mon Sep 17 00:00:00 2001 From: Daniel Beck Date: Tue, 3 Dec 2024 09:50:34 +0100 Subject: [PATCH] Simplify Util#makeResource --- src/main/java/hudson/remoting/Util.java | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/src/main/java/hudson/remoting/Util.java b/src/main/java/hudson/remoting/Util.java index d90e6c50a..cc309e4e7 100644 --- a/src/main/java/hudson/remoting/Util.java +++ b/src/main/java/hudson/remoting/Util.java @@ -55,13 +55,10 @@ public static void copy(InputStream in, OutputStream out) throws IOException { } @NonNull - @SuppressFBWarnings( - value = "PATH_TRAVERSAL_IN", - justification = "This path exists within a temp directory so the potential traversal is limited.") + @SuppressFBWarnings(value = "PATH_TRAVERSAL_IN", justification = "Sanitized by #getBaseName") static File makeResource(String name, byte[] image) throws IOException { Path tmpDir = Files.createTempDirectory("resource-"); - File resource = new File(tmpDir.toFile(), name); - Files.createDirectories(PathUtils.fileToPath(resource.getParentFile())); + File resource = new File(tmpDir.toFile(), getBaseName(name.replace('\\', '/'))); Files.createFile(PathUtils.fileToPath(resource)); try (FileOutputStream fos = new FileOutputStream(resource)) {