nextcloud_server/tests/lib/TempManagerTest.php

<?php

/**
 * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors
 * SPDX-FileCopyrightText: 2016 ownCloud, Inc.
 * SPDX-License-Identifier: AGPL-3.0-or-later
 */

namespace Test;

use bantu\IniGetWrapper\IniGetWrapper;
use OCP\IConfig;
use Psr\Log\LoggerInterface;

class TempManagerTest extends \Test\TestCase {
	protected $baseDir = null;

	protected function setUp(): void {
		parent::setUp();

		$this->baseDir = $this->getManager()->getTempBaseDir() . $this->getUniqueID('/oc_tmp_test');
		if (!is_dir($this->baseDir)) {
			mkdir($this->baseDir);
		}
	}

	protected function tearDown(): void {
		if ($this->baseDir !== null) {
			\OC_Helper::rmdirr($this->baseDir);
		}
		$this->baseDir = null;
		parent::tearDown();
	}

	/**
	 * @param ?LoggerInterface $logger
	 * @param ?IConfig $config
	 * @return \OC\TempManager
	 */
	protected function getManager($logger = null, $config = null) {
		if (!$logger) {
			$logger = $this->createMock(LoggerInterface::class);
		}
		if (!$config) {
			$config = $this->createMock(IConfig::class);
			$config->method('getSystemValue')
				->with('tempdirectory', null)
				->willReturn('/tmp');
		}
		$iniGetWrapper = $this->createMock(IniGetWrapper::class);
		$manager = new \OC\TempManager($logger, $config, $iniGetWrapper);
		if ($this->baseDir) {
			$manager->overrideTempBaseDir($this->baseDir);
		}
		return $manager;
	}

	public function testGetFile(): void {
		$manager = $this->getManager();
		$file = $manager->getTemporaryFile('txt');
		$this->assertStringEndsWith('.txt', $file);
		$this->assertTrue(is_file($file));
		$this->assertTrue(is_writable($file));

		file_put_contents($file, 'bar');
		$this->assertEquals('bar', file_get_contents($file));
	}

	public function testGetFolder(): void {
		$manager = $this->getManager();
		$folder = $manager->getTemporaryFolder();
		$this->assertStringEndsWith('/', $folder);
		$this->assertTrue(is_dir($folder));
		$this->assertTrue(is_writable($folder));

		file_put_contents($folder . 'foo.txt', 'bar');
		$this->assertEquals('bar', file_get_contents($folder . 'foo.txt'));
	}

	public function testCleanFiles(): void {
		$manager = $this->getManager();
		$file1 = $manager->getTemporaryFile('txt');
		$file2 = $manager->getTemporaryFile('txt');
		$this->assertTrue(file_exists($file1));
		$this->assertTrue(file_exists($file2));

		$manager->clean();

		$this->assertFalse(file_exists($file1));
		$this->assertFalse(file_exists($file2));
	}

	public function testCleanFolder(): void {
		$manager = $this->getManager();
		$folder1 = $manager->getTemporaryFolder();
		$folder2 = $manager->getTemporaryFolder();
		touch($folder1 . 'foo.txt');
		touch($folder1 . 'bar.txt');
		$this->assertTrue(file_exists($folder1));
		$this->assertTrue(file_exists($folder2));
		$this->assertTrue(file_exists($folder1 . 'foo.txt'));
		$this->assertTrue(file_exists($folder1 . 'bar.txt'));

		$manager->clean();

		$this->assertFalse(file_exists($folder1));
		$this->assertFalse(file_exists($folder2));
		$this->assertFalse(file_exists($folder1 . 'foo.txt'));
		$this->assertFalse(file_exists($folder1 . 'bar.txt'));
	}

	public function testCleanOld(): void {
		$manager = $this->getManager();
		$oldFile = $manager->getTemporaryFile('txt');
		$newFile = $manager->getTemporaryFile('txt');
		$folder = $manager->getTemporaryFolder();
		$nonOcFile = $this->baseDir . '/foo.txt';
		file_put_contents($nonOcFile, 'bar');

		$past = time() - 2 * 3600;
		touch($oldFile, $past);
		touch($folder, $past);
		touch($nonOcFile, $past);

		$manager2 = $this->getManager();
		$manager2->cleanOld();
		$this->assertFalse(file_exists($oldFile));
		$this->assertFalse(file_exists($folder));
		$this->assertTrue(file_exists($nonOcFile));
		$this->assertTrue(file_exists($newFile));
	}

	public function testLogCantCreateFile(): void {
		$this->markTestSkipped('TODO: Disable because fails on drone');

		$logger = $this->createMock(LoggerInterface::class);
		$manager = $this->getManager($logger);
		chmod($this->baseDir, 0500);
		$logger->expects($this->once())
			->method('warning')
			->with($this->stringContains('Can not create a temporary file in directory'));
		$this->assertFalse($manager->getTemporaryFile('txt'));
	}

	public function testLogCantCreateFolder(): void {
		$this->markTestSkipped('TODO: Disable because fails on drone');

		$logger = $this->createMock(LoggerInterface::class);
		$manager = $this->getManager($logger);
		chmod($this->baseDir, 0500);
		$logger->expects($this->once())
			->method('warning')
			->with($this->stringContains('Can not create a temporary folder in directory'));
		$this->assertFalse($manager->getTemporaryFolder());
	}

	public function testGenerateTemporaryPathWithPostfix(): void {
		$logger = $this->createMock(LoggerInterface::class);
		$tmpManager = self::invokePrivate(
			$this->getManager($logger),
			'generateTemporaryPath',
			['postfix']
		);

		$this->assertStringEndsWith('.postfix', $tmpManager);
	}

	public function testGenerateTemporaryPathTraversal(): void {
		$logger = $this->createMock(LoggerInterface::class);
		$tmpManager = self::invokePrivate(
			$this->getManager($logger),
			'generateTemporaryPath',
			['../Traversal\\../FileName']
		);

		$this->assertStringEndsNotWith('./Traversal\\../FileName', $tmpManager);
		$this->assertStringEndsWith('.Traversal..FileName', $tmpManager);
	}

	public function testGetTempBaseDirFromConfig(): void {
		$dir = $this->getManager()->getTemporaryFolder();

		$config = $this->createMock(IConfig::class);
		$config->expects($this->once())
			->method('getSystemValue')
			->with('tempdirectory', null)
			->willReturn($dir);

		$this->baseDir = null; // prevent override
		$tmpManager = $this->getManager(null, $config);

		$this->assertEquals($dir, $tmpManager->getTempBaseDir());
	}
}
Add \OC\TempManager to handle creating and cleaning temporary files 2014-10-22 17:33:36 +02:00			`<?php`

			`/**`
chore: Add SPDX header Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de> 2024-05-10 15:09:14 +02:00			`* SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors`
			`* SPDX-FileCopyrightText: 2016 ownCloud, Inc.`
			`* SPDX-License-Identifier: AGPL-3.0-or-later`
Add \OC\TempManager to handle creating and cleaning temporary files 2014-10-22 17:33:36 +02:00			`*/`

			`namespace Test;`

Fix unit tests Signed-off-by: Morris Jobke <hey@morrisjobke.de> 2020-08-20 16:35:14 +02:00			`use bantu\IniGetWrapper\IniGetWrapper;`
Fix getMock TempManagerTest 2016-09-07 20:25:35 +02:00			`use OCP\IConfig;`
Fix unit tests Signed-off-by: Morris Jobke <hey@morrisjobke.de> 2020-08-20 16:35:14 +02:00			`use Psr\Log\LoggerInterface;`
Add \OC\TempManager to handle creating and cleaning temporary files 2014-10-22 17:33:36 +02:00
Move tests/ to PSR-4 (#24731) * Move a-b to PSR-4 * Move c-d to PSR-4 * Move e+g to PSR-4 * Move h-l to PSR-4 * Move m-r to PSR-4 * Move s-u to PSR-4 * Move files/ to PSR-4 * Move remaining tests to PSR-4 * Remove Test\ from old autoloader 2016-05-20 15:38:20 +02:00			`class TempManagerTest extends \Test\TestCase {`
Clean up TempManager to follow code guidelines tmpBaseDir can be overridden for unit testing purposes 2015-08-29 17:36:21 +01:00			`protected $baseDir = null;`

Make phpunit8 compatible Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2019-11-21 16:40:38 +01:00			`protected function setUp(): void {`
Make root tests extend the \Test\TestCase 2014-11-10 22:59:50 +01:00			`parent::setUp();`

Clean up TempManager to follow code guidelines tmpBaseDir can be overridden for unit testing purposes 2015-08-29 17:36:21 +01:00			`$this->baseDir = $this->getManager()->getTempBaseDir() . $this->getUniqueID('/oc_tmp_test');`
Add \OC\TempManager to handle creating and cleaning temporary files 2014-10-22 17:33:36 +02:00			`if (!is_dir($this->baseDir)) {`
			`mkdir($this->baseDir);`
			`}`
			`}`

Make phpunit8 compatible Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2019-11-21 16:40:38 +01:00			`protected function tearDown(): void {`
Fix TempManager test errors about passing null to is_dir Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2021-10-25 14:35:57 +02:00			`if ($this->baseDir !== null) {`
			`\OC_Helper::rmdirr($this->baseDir);`
			`}`
Clean up TempManager to follow code guidelines tmpBaseDir can be overridden for unit testing purposes 2015-08-29 17:36:21 +01:00			`$this->baseDir = null;`
Make root tests extend the \Test\TestCase 2014-11-10 22:59:50 +01:00			`parent::tearDown();`
Add \OC\TempManager to handle creating and cleaning temporary files 2014-10-22 17:33:36 +02:00			`}`

			`/**`
Migrate from ILogger to LoggerInterface where needed in the tests Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2022-03-21 11:17:14 +01:00			`* @param ?LoggerInterface $logger`
			`* @param ?IConfig $config`
Add \OC\TempManager to handle creating and cleaning temporary files 2014-10-22 17:33:36 +02:00			`* @return \OC\TempManager`
			`*/`
Clean up TempManager to follow code guidelines tmpBaseDir can be overridden for unit testing purposes 2015-08-29 17:36:21 +01:00			`protected function getManager($logger = null, $config = null) {`
Add \OC\TempManager to handle creating and cleaning temporary files 2014-10-22 17:33:36 +02:00			`if (!$logger) {`
Fix unit tests Signed-off-by: Morris Jobke <hey@morrisjobke.de> 2020-08-20 16:35:14 +02:00			`$logger = $this->createMock(LoggerInterface::class);`
Add \OC\TempManager to handle creating and cleaning temporary files 2014-10-22 17:33:36 +02:00			`}`
Clean up TempManager to follow code guidelines tmpBaseDir can be overridden for unit testing purposes 2015-08-29 17:36:21 +01:00			`if (!$config) {`
Fix getMock TempManagerTest 2016-09-07 20:25:35 +02:00			`$config = $this->createMock(IConfig::class);`
Unit test getting temp dir from config 2015-08-29 17:42:20 +01:00			`$config->method('getSystemValue')`
			`->with('tempdirectory', null)`
			`->willReturn('/tmp');`
Clean up TempManager to follow code guidelines tmpBaseDir can be overridden for unit testing purposes 2015-08-29 17:36:21 +01:00			`}`
Fix unit tests Signed-off-by: Morris Jobke <hey@morrisjobke.de> 2020-08-20 16:35:14 +02:00			`$iniGetWrapper = $this->createMock(IniGetWrapper::class);`
			`$manager = new \OC\TempManager($logger, $config, $iniGetWrapper);`
Clean up TempManager to follow code guidelines tmpBaseDir can be overridden for unit testing purposes 2015-08-29 17:36:21 +01:00			`if ($this->baseDir) {`
			`$manager->overrideTempBaseDir($this->baseDir);`
			`}`
			`return $manager;`
Add \OC\TempManager to handle creating and cleaning temporary files 2014-10-22 17:33:36 +02:00			`}`

			`public function testGetFile(): void {`
			`$manager = $this->getManager();`
Make the method compatible with all types of extensions Fix existing tests 2015-03-19 15:35:36 +01:00			`$file = $manager->getTemporaryFile('txt');`
Add \OC\TempManager to handle creating and cleaning temporary files 2014-10-22 17:33:36 +02:00			`$this->assertStringEndsWith('.txt', $file);`
			`$this->assertTrue(is_file($file));`
			`$this->assertTrue(is_writable($file));`

			`file_put_contents($file, 'bar');`
			`$this->assertEquals('bar', file_get_contents($file));`
			`}`

			`public function testGetFolder(): void {`
			`$manager = $this->getManager();`
			`$folder = $manager->getTemporaryFolder();`
			`$this->assertStringEndsWith('/', $folder);`
			`$this->assertTrue(is_dir($folder));`
			`$this->assertTrue(is_writable($folder));`

			`file_put_contents($folder . 'foo.txt', 'bar');`
			`$this->assertEquals('bar', file_get_contents($folder . 'foo.txt'));`
			`}`

			`public function testCleanFiles(): void {`
			`$manager = $this->getManager();`
Make the method compatible with all types of extensions Fix existing tests 2015-03-19 15:35:36 +01:00			`$file1 = $manager->getTemporaryFile('txt');`
			`$file2 = $manager->getTemporaryFile('txt');`
Add \OC\TempManager to handle creating and cleaning temporary files 2014-10-22 17:33:36 +02:00			`$this->assertTrue(file_exists($file1));`
			`$this->assertTrue(file_exists($file2));`

			`$manager->clean();`

			`$this->assertFalse(file_exists($file1));`
			`$this->assertFalse(file_exists($file2));`
			`}`

			`public function testCleanFolder(): void {`
			`$manager = $this->getManager();`
			`$folder1 = $manager->getTemporaryFolder();`
			`$folder2 = $manager->getTemporaryFolder();`
			`touch($folder1 . 'foo.txt');`
			`touch($folder1 . 'bar.txt');`
			`$this->assertTrue(file_exists($folder1));`
			`$this->assertTrue(file_exists($folder2));`
			`$this->assertTrue(file_exists($folder1 . 'foo.txt'));`
			`$this->assertTrue(file_exists($folder1 . 'bar.txt'));`

			`$manager->clean();`

			`$this->assertFalse(file_exists($folder1));`
			`$this->assertFalse(file_exists($folder2));`
			`$this->assertFalse(file_exists($folder1 . 'foo.txt'));`
			`$this->assertFalse(file_exists($folder1 . 'bar.txt'));`
			`}`

			`public function testCleanOld(): void {`
			`$manager = $this->getManager();`
Make the method compatible with all types of extensions Fix existing tests 2015-03-19 15:35:36 +01:00			`$oldFile = $manager->getTemporaryFile('txt');`
			`$newFile = $manager->getTemporaryFile('txt');`
Add \OC\TempManager to handle creating and cleaning temporary files 2014-10-22 17:33:36 +02:00			`$folder = $manager->getTemporaryFolder();`
			`$nonOcFile = $this->baseDir . '/foo.txt';`
			`file_put_contents($nonOcFile, 'bar');`

			`$past = time() - 2 * 3600;`
			`touch($oldFile, $past);`
			`touch($folder, $past);`
			`touch($nonOcFile, $past);`

			`$manager2 = $this->getManager();`
			`$manager2->cleanOld();`
			`$this->assertFalse(file_exists($oldFile));`
			`$this->assertFalse(file_exists($folder));`
			`$this->assertTrue(file_exists($nonOcFile));`
			`$this->assertTrue(file_exists($newFile));`
			`}`

			`public function testLogCantCreateFile(): void {`
skip failing tests 2016-06-07 16:20:07 +02:00			`$this->markTestSkipped('TODO: Disable because fails on drone');`
Windows does not support CHMOD, therefor we can not test not writable folders 2014-11-05 16:47:27 +01:00
Fix unit tests Signed-off-by: Morris Jobke <hey@morrisjobke.de> 2020-08-20 16:35:14 +02:00			`$logger = $this->createMock(LoggerInterface::class);`
Add \OC\TempManager to handle creating and cleaning temporary files 2014-10-22 17:33:36 +02:00			`$manager = $this->getManager($logger);`
			`chmod($this->baseDir, 0500);`
			`$logger->expects($this->once())`
			`->method('warning')`
			`->with($this->stringContains('Can not create a temporary file in directory'));`
Make the method compatible with all types of extensions Fix existing tests 2015-03-19 15:35:36 +01:00			`$this->assertFalse($manager->getTemporaryFile('txt'));`
Add \OC\TempManager to handle creating and cleaning temporary files 2014-10-22 17:33:36 +02:00			`}`

			`public function testLogCantCreateFolder(): void {`
skip failing tests 2016-06-07 16:20:07 +02:00			`$this->markTestSkipped('TODO: Disable because fails on drone');`
Windows does not support CHMOD, therefor we can not test not writable folders 2014-11-05 16:47:27 +01:00
Fix unit tests Signed-off-by: Morris Jobke <hey@morrisjobke.de> 2020-08-20 16:35:14 +02:00			`$logger = $this->createMock(LoggerInterface::class);`
Add \OC\TempManager to handle creating and cleaning temporary files 2014-10-22 17:33:36 +02:00			`$manager = $this->getManager($logger);`
			`chmod($this->baseDir, 0500);`
			`$logger->expects($this->once())`
			`->method('warning')`
			`->with($this->stringContains('Can not create a temporary folder in directory'));`
			`$this->assertFalse($manager->getTemporaryFolder());`
			`}`
Filter potential dangerous characters in path name We should not allow / or \ in the postfix here. 2015-03-26 23:14:24 +01:00
refactor(TempManager): Simplify and unify implementations and remove legacy behavior Signed-off-by: provokateurin <kate@provokateurin.de> 2025-02-18 12:30:33 +01:00			`public function testGenerateTemporaryPathWithPostfix(): void {`
Fix unit tests Signed-off-by: Morris Jobke <hey@morrisjobke.de> 2020-08-20 16:35:14 +02:00			`$logger = $this->createMock(LoggerInterface::class);`
Move the helpful method to the TestCase class 2015-06-03 12:03:02 +02:00			`$tmpManager = self::invokePrivate(`
Filter potential dangerous characters in path name We should not allow / or \ in the postfix here. 2015-03-26 23:14:24 +01:00			`$this->getManager($logger),`
refactor(TempManager): Simplify and unify implementations and remove legacy behavior Signed-off-by: provokateurin <kate@provokateurin.de> 2025-02-18 12:30:33 +01:00			`'generateTemporaryPath',`
			`['postfix']`
Fix collision on temporary files + adjust permissions This changeset hardens the temporary file and directory creation to address multiple problems that may lead to exposure of files to other users, data loss or other unexpected behaviour that is impossible to debug. [CWE-668: Exposure of Resource to Wrong Sphere](https://cwe.mitre.org/data/definitions/668.html) The temporary file and folder handling as implemented in ownCloud is performed using a MD5 hash over `time()` concatenated with `rand()`. This is insufficiently and leads to the following security problems: The generated filename could already be used by another user. It is not verified whether the file is already used and thus temporary files might be used for another user as well resulting in all possible stuff such as "user has file of other user". Effectively this leaves us with: 1. A timestamp based on seconds (no entropy at all) 2. `rand()` which returns usually a number between 0 and 2,147,483,647 Considering the birthday paradox and that we use this method quite often (especially when handling external storage) this is quite error prone and needs to get addressed. This behaviour has been fixed by using `tempnam` instead for single temporary files. For creating temporary directories an additional postfix will be appended, the solution is for directories still not absolutely bulletproof but the best I can think about at the moment. Improvement suggestions are welcome. [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) Files were created using `touch()` which defaults to a permission of 0644. Thus other users on the machine may read potentially sensitive information as `/tmp/` is world-readable. However, ownCloud always encourages users to use a dedicated machine to run the ownCloud instance and thus this is no a high severe issue. Permissions have been adjusted to 0600. [CWE-379: Creation of Temporary File in Directory with Incorrect Permissions](https://cwe.mitre.org/data/definitions/379.html) Files were created using `mkdir()` which defaults to a permission of 0777. Thus other users on the machine may read potentially sensitive information as `/tmp/` is world-readable. However, ownCloud always encourages users to use a dedicated machine to run the ownCloud instance and thus this is no a high severe issue. Permissions have been adjusted to 0700.Please enter the commit message for your changes. 2015-04-23 14:29:15 +02:00			`);`

refactor(TempManager): Simplify and unify implementations and remove legacy behavior Signed-off-by: provokateurin <kate@provokateurin.de> 2025-02-18 12:30:33 +01:00			`$this->assertStringEndsWith('.postfix', $tmpManager);`
Fix collision on temporary files + adjust permissions This changeset hardens the temporary file and directory creation to address multiple problems that may lead to exposure of files to other users, data loss or other unexpected behaviour that is impossible to debug. [CWE-668: Exposure of Resource to Wrong Sphere](https://cwe.mitre.org/data/definitions/668.html) The temporary file and folder handling as implemented in ownCloud is performed using a MD5 hash over `time()` concatenated with `rand()`. This is insufficiently and leads to the following security problems: The generated filename could already be used by another user. It is not verified whether the file is already used and thus temporary files might be used for another user as well resulting in all possible stuff such as "user has file of other user". Effectively this leaves us with: 1. A timestamp based on seconds (no entropy at all) 2. `rand()` which returns usually a number between 0 and 2,147,483,647 Considering the birthday paradox and that we use this method quite often (especially when handling external storage) this is quite error prone and needs to get addressed. This behaviour has been fixed by using `tempnam` instead for single temporary files. For creating temporary directories an additional postfix will be appended, the solution is for directories still not absolutely bulletproof but the best I can think about at the moment. Improvement suggestions are welcome. [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) Files were created using `touch()` which defaults to a permission of 0644. Thus other users on the machine may read potentially sensitive information as `/tmp/` is world-readable. However, ownCloud always encourages users to use a dedicated machine to run the ownCloud instance and thus this is no a high severe issue. Permissions have been adjusted to 0600. [CWE-379: Creation of Temporary File in Directory with Incorrect Permissions](https://cwe.mitre.org/data/definitions/379.html) Files were created using `mkdir()` which defaults to a permission of 0777. Thus other users on the machine may read potentially sensitive information as `/tmp/` is world-readable. However, ownCloud always encourages users to use a dedicated machine to run the ownCloud instance and thus this is no a high severe issue. Permissions have been adjusted to 0700.Please enter the commit message for your changes. 2015-04-23 14:29:15 +02:00			`}`

refactor(TempManager): Simplify and unify implementations and remove legacy behavior Signed-off-by: provokateurin <kate@provokateurin.de> 2025-02-18 12:30:33 +01:00			`public function testGenerateTemporaryPathTraversal(): void {`
Fix unit tests Signed-off-by: Morris Jobke <hey@morrisjobke.de> 2020-08-20 16:35:14 +02:00			`$logger = $this->createMock(LoggerInterface::class);`
Move the helpful method to the TestCase class 2015-06-03 12:03:02 +02:00			`$tmpManager = self::invokePrivate(`
Fix collision on temporary files + adjust permissions This changeset hardens the temporary file and directory creation to address multiple problems that may lead to exposure of files to other users, data loss or other unexpected behaviour that is impossible to debug. [CWE-668: Exposure of Resource to Wrong Sphere](https://cwe.mitre.org/data/definitions/668.html) The temporary file and folder handling as implemented in ownCloud is performed using a MD5 hash over `time()` concatenated with `rand()`. This is insufficiently and leads to the following security problems: The generated filename could already be used by another user. It is not verified whether the file is already used and thus temporary files might be used for another user as well resulting in all possible stuff such as "user has file of other user". Effectively this leaves us with: 1. A timestamp based on seconds (no entropy at all) 2. `rand()` which returns usually a number between 0 and 2,147,483,647 Considering the birthday paradox and that we use this method quite often (especially when handling external storage) this is quite error prone and needs to get addressed. This behaviour has been fixed by using `tempnam` instead for single temporary files. For creating temporary directories an additional postfix will be appended, the solution is for directories still not absolutely bulletproof but the best I can think about at the moment. Improvement suggestions are welcome. [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) Files were created using `touch()` which defaults to a permission of 0644. Thus other users on the machine may read potentially sensitive information as `/tmp/` is world-readable. However, ownCloud always encourages users to use a dedicated machine to run the ownCloud instance and thus this is no a high severe issue. Permissions have been adjusted to 0600. [CWE-379: Creation of Temporary File in Directory with Incorrect Permissions](https://cwe.mitre.org/data/definitions/379.html) Files were created using `mkdir()` which defaults to a permission of 0777. Thus other users on the machine may read potentially sensitive information as `/tmp/` is world-readable. However, ownCloud always encourages users to use a dedicated machine to run the ownCloud instance and thus this is no a high severe issue. Permissions have been adjusted to 0700.Please enter the commit message for your changes. 2015-04-23 14:29:15 +02:00			`$this->getManager($logger),`
refactor(TempManager): Simplify and unify implementations and remove legacy behavior Signed-off-by: provokateurin <kate@provokateurin.de> 2025-02-18 12:30:33 +01:00			`'generateTemporaryPath',`
			`['../Traversal\\../FileName']`
Filter potential dangerous characters in path name We should not allow / or \ in the postfix here. 2015-03-26 23:14:24 +01:00			`);`

			`$this->assertStringEndsNotWith('./Traversal\\../FileName', $tmpManager);`
			`$this->assertStringEndsWith('.Traversal..FileName', $tmpManager);`
			`}`
Unit test getting temp dir from config 2015-08-29 17:42:20 +01:00
			`public function testGetTempBaseDirFromConfig(): void {`
			`$dir = $this->getManager()->getTemporaryFolder();`

Fix getMock TempManagerTest 2016-09-07 20:25:35 +02:00			`$config = $this->createMock(IConfig::class);`
Unit test getting temp dir from config 2015-08-29 17:42:20 +01:00			`$config->expects($this->once())`
			`->method('getSystemValue')`
			`->with('tempdirectory', null)`
			`->willReturn($dir);`

			`$this->baseDir = null; // prevent override`
			`$tmpManager = $this->getManager(null, $config);`

			`$this->assertEquals($dir, $tmpManager->getTempBaseDir());`
			`}`
Add \OC\TempManager to handle creating and cleaning temporary files 2014-10-22 17:33:36 +02:00			`}`
No results found.