Configuration that tracks calls to to mkdir
or mkdirs
that are are directly on the temp directory system property.
Examples:
File tempDir = new File(System.getProperty("java.io.tmpdir")); tempDir.mkdir();
File tempDir = new File(System.getProperty("java.io.tmpdir")); tempDir.mkdirs();
These are examples of code that is simply verifying that the temp directory exists.
As such, this code pattern is filtered out as an explicit vulnerability in
TempDirSystemGetPropertyToCreateConfig::isSink
.
Import path
import semmle.code.java.security.TempDirLocalInformationDisclosureQuery