JLLeitschuh commented on code in PR #10272:
URL: https://github.com/apache/camel/pull/10272#discussion_r1219836583
##########
components/camel-jira/src/main/java/org/apache/camel/component/jira/FileConverter.java:
##########
@@ -34,20 +35,13 @@ private FileConverter() {
@Converter
public static File genericToFile(GenericFile<File> genericFile, Exchange
exchange) throws IOException {
Object body = genericFile.getBody();
- File file;
+ File file = null;
+ Path path;
if (body instanceof byte[]) {
byte[] bos = (byte[]) body;
- String destDir = System.getProperty("java.io.tmpdir");
- if (destDir != null && !destDir.endsWith(File.separator)) {
- destDir += File.separator;
- }
- file = new File(destDir, genericFile.getFileName());
- if (!file.getCanonicalPath().startsWith(destDir)) {
- throw new IOException("File is not jailed to the destination
directory");
- }
- Files.write(file.toPath(), bos, StandardOpenOption.CREATE);
- // delete the temporary file on exit, as other routing may need
the file for post processing
- file.deleteOnExit();
+ path = Files.createTempFile(genericFile.getFileName(), null, null);
Review Comment:
Don't pass an argument to the `attrs` varargs. Without it, it will be
implicitly the empty array, which is what you want. If you pass values, the
default, secure settings won't be used.
```suggestion
path = Files.createTempFile(genericFile.getFileName(), null);
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscr...@camel.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
