Modernize and secure temp file creation

pixeebot[bot] · web-flow · commit b1f937be0a13 · 2025-05-10T03:06:49.000Z
diff --git a/flow-server/src/main/java/com/vaadin/flow/server/frontend/TaskGenerateTsConfig.java b/flow-server/src/main/java/com/vaadin/flow/server/frontend/TaskGenerateTsConfig.java
@@ -22,6 +22,7 @@
 import java.io.InputStream;
 import java.io.UncheckedIOException;
 import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
 
 import org.apache.commons.io.FileUtils;
 import org.apache.commons.io.IOUtils;
@@ -224,9 +225,7 @@ private void overrideIfObsolete() throws ExecutionFailedException {
                 }
             }
 
-            File backupFile = File.createTempFile(
-                    projectTsConfigFile.getName() + ".", ".bak",
-                    projectTsConfigFile.getParentFile());
+            File backupFile = Files.createTempFile(projectTsConfigFile.getParentFile().toPath(), projectTsConfigFile.getName() + ".", ".bak").toFile();
             FileIOUtils.writeIfChanged(backupFile, projectTsConfigAsString);
             // Project's TS config has a custom content -
             // rewrite and throw an exception with explanations
diff --git a/flow-server/src/main/java/com/vaadin/flow/server/frontend/TaskGenerateTsDefinitions.java b/flow-server/src/main/java/com/vaadin/flow/server/frontend/TaskGenerateTsDefinitions.java
@@ -186,9 +186,7 @@ private void updateIfContentMissing() throws ExecutionFailedException {
                 UpdateMode updateMode = computeUpdateMode(content);
                 if (updateMode == UpdateMode.UPDATE_AND_BACKUP) {
                     try {
-                        File backupFile = File.createTempFile(
-                                tsDefinitions.getName() + ".", ".bak",
-                                tsDefinitions.getParentFile());
+                        File backupFile = Files.createTempFile(tsDefinitions.getParentFile().toPath(), tsDefinitions.getName() + ".", ".bak").toFile();
                         writeIfChanged(backupFile, content);
                         log().debug("Created {} backup copy on {}",
                                 TS_DEFINITIONS, backupFile);
diff --git a/flow-server/src/test/java/com/vaadin/flow/server/frontend/AbstractTaskClientGeneratorTest.java b/flow-server/src/test/java/com/vaadin/flow/server/frontend/AbstractTaskClientGeneratorTest.java
@@ -2,6 +2,7 @@
 
 import java.io.File;
 import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
 
 import org.apache.commons.io.FileUtils;
 import org.junit.Assert;
@@ -13,15 +14,15 @@ public class AbstractTaskClientGeneratorTest {
 
     @Test
     public void writeIfChanged_writesWithChanges() throws Exception {
-        File f = File.createTempFile("writeIfChanged", "aaa");
+        File f = Files.createTempFile("writeIfChanged", "aaa").toFile();
         FileUtils.write(f, TEST_STRING, StandardCharsets.UTF_8);
 
         Assert.assertTrue(FileIOUtils.writeIfChanged(f, TEST_STRING + "2"));
     }
 
     @Test
     public void writeIfChanged_doesNotWriteWithoutChanges() throws Exception {
-        File f = File.createTempFile("writeIfChanged", "aaa");
+        File f = Files.createTempFile("writeIfChanged", "aaa").toFile();
         FileUtils.write(f, TEST_STRING, StandardCharsets.UTF_8);
         Assert.assertFalse(FileIOUtils.writeIfChanged(f, TEST_STRING));
     }
diff --git a/flow-server/src/test/java/com/vaadin/flow/server/frontend/NodeUpdaterTest.java b/flow-server/src/test/java/com/vaadin/flow/server/frontend/NodeUpdaterTest.java
@@ -19,6 +19,7 @@
 import java.io.FileWriter;
 import java.io.IOException;
 import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
 import java.util.HashSet;
 import java.util.Map;
 import java.util.Set;
@@ -410,8 +411,7 @@ public void testGetPlatformPinnedDependencies_vaadinCoreVersionIsNotPresent_outp
     @Test
     public void testGetPlatformPinnedDependencies_onlyVaadinCoreVersionIsPresent_outputContainsOnlyCoreVersions()
             throws IOException {
-        File coreVersionsFile = File.createTempFile("vaadin-core-versions",
-                ".json", temporaryFolder.newFolder());
+        File coreVersionsFile = Files.createTempFile(temporaryFolder.newFolder().toPath(), "vaadin-core-versions", ".json").toFile();
         JsonObject mockedVaadinCoreJson = getMockVaadinCoreVersionsJson();
         Assert.assertTrue(mockedVaadinCoreJson.hasKey("core"));
         Assert.assertTrue(
@@ -435,8 +435,7 @@ public void testGetPlatformPinnedDependencies_onlyVaadinCoreVersionIsPresent_out
     @Test
     public void testGetPlatformPinnedDependencies_reactNotAvailable_noReactComponents()
             throws IOException, ClassNotFoundException {
-        File coreVersionsFile = File.createTempFile("vaadin-core-versions",
-                ".json", temporaryFolder.newFolder());
+        File coreVersionsFile = Files.createTempFile(temporaryFolder.newFolder().toPath(), "vaadin-core-versions", ".json").toFile();
         JsonObject mockedVaadinCoreJson = getMockVaadinCoreVersionsJson();
 
         JsonObject reactComponents = Json.createObject();
@@ -469,10 +468,8 @@ public void testGetPlatformPinnedDependencies_reactNotAvailable_noReactComponent
     @Test
     public void testGetPlatformPinnedDependencies_reactAvailable_containsReactComponents()
             throws IOException, ClassNotFoundException {
-        File coreVersionsFile = File.createTempFile("vaadin-core-versions",
-                ".json", temporaryFolder.newFolder());
-        File vaadinVersionsFile = File.createTempFile("vaadin-versions",
-                ".json", temporaryFolder.newFolder());
+        File coreVersionsFile = Files.createTempFile(temporaryFolder.newFolder().toPath(), "vaadin-core-versions", ".json").toFile();
+        File vaadinVersionsFile = Files.createTempFile(temporaryFolder.newFolder().toPath(), "vaadin-versions", ".json").toFile();
         JsonObject mockedVaadinCoreJson = getMockVaadinCoreVersionsJson();
 
         JsonObject reactComponents = Json.createObject();
@@ -525,8 +522,7 @@ public void testGetPlatformPinnedDependencies_reactAvailable_containsReactCompon
     @Test
     public void testGetPlatformPinnedDependencies_VaadinAndVaadinCoreVersionsArePresent_outputContainsBothCoreAndCommercialVersions()
             throws IOException {
-        File coreVersionsFile = File.createTempFile("vaadin-core-versions",
-                ".json", temporaryFolder.newFolder());
+        File coreVersionsFile = Files.createTempFile(temporaryFolder.newFolder().toPath(), "vaadin-core-versions", ".json").toFile();
         JsonObject mockedVaadinCoreJson = getMockVaadinCoreVersionsJson();
         Assert.assertTrue(mockedVaadinCoreJson.hasKey("core"));
         Assert.assertTrue(
@@ -538,8 +534,7 @@ public void testGetPlatformPinnedDependencies_VaadinAndVaadinCoreVersionsArePres
         Mockito.when(finder.getResource(Constants.VAADIN_CORE_VERSIONS_JSON))
                 .thenReturn(coreVersionsFile.toURI().toURL());
 
-        File vaadinVersionsFile = File.createTempFile("vaadin-versions",
-                ".json", temporaryFolder.newFolder());
+        File vaadinVersionsFile = Files.createTempFile(temporaryFolder.newFolder().toPath(), "vaadin-versions", ".json").toFile();
         JsonObject mockedVaadinJson = getMockVaadinVersionsJson();
         Assert.assertFalse(mockedVaadinJson.hasKey("core"));
         Assert.assertTrue(mockedVaadinJson.hasKey("vaadin"));
diff --git a/flow-tests/test-live-reload/src/main/java/com/vaadin/flow/uitest/ui/FrontendLiveReloadView.java b/flow-tests/test-live-reload/src/main/java/com/vaadin/flow/uitest/ui/FrontendLiveReloadView.java
@@ -19,6 +19,7 @@
 import java.io.IOException;
 import java.io.UncheckedIOException;
 import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
 
 import org.apache.commons.io.FileUtils;
 
@@ -91,8 +92,7 @@ public static void replaceFrontendFile(VaadinService vaadinService,
         try {
             if (frontendFileBackup == null) {
                 // make a backup so it can be restored at teardown
-                frontendFileBackup = File.createTempFile(
-                        FrontendUtils.DEFAULT_FRONTEND_DIR, "ts");
+                frontendFileBackup = Files.createTempFile(FrontendUtils.DEFAULT_FRONTEND_DIR, "ts").toFile();
                 FileUtils.copyFile(frontendFile, frontendFileBackup);
             }
             FileUtils.write(frontendFile, code, StandardCharsets.UTF_8);
diff --git a/flow-tests/vaadin-spring-tests/test-spring-common/src/test/java/com/vaadin/flow/spring/test/UploadIT.java b/flow-tests/vaadin-spring-tests/test-spring-common/src/test/java/com/vaadin/flow/spring/test/UploadIT.java
@@ -19,6 +19,7 @@
 import java.io.File;
 import java.io.FileWriter;
 import java.io.IOException;
+import java.nio.file.Files;
 import java.util.List;
 
 import org.junit.Assert;
@@ -80,7 +81,7 @@ protected String getTestPath() {
     }
 
     private File createTempFile(String content) throws IOException {
-        File tempFile = File.createTempFile("TestFileUpload", ".txt");
+        File tempFile = Files.createTempFile("TestFileUpload", ".txt").toFile();
         BufferedWriter writer = new BufferedWriter(new FileWriter(tempFile));
         writer.write(content);
         writer.close();
diff --git a/flow-tests/vaadin-spring-tests/test-spring-security-flow-routepathaccesschecker/src/test/java/com/vaadin/flow/spring/flowsecurity/AppViewIT.java b/flow-tests/vaadin-spring-tests/test-spring-security-flow-routepathaccesschecker/src/test/java/com/vaadin/flow/spring/flowsecurity/AppViewIT.java
@@ -4,6 +4,7 @@
 import java.io.FileOutputStream;
 import java.io.IOException;
 import java.io.InputStream;
+import java.nio.file.Files;
 import java.util.List;
 import java.util.stream.Collectors;
 
@@ -215,7 +216,7 @@ public void upload_file_in_private_view() throws IOException {
         open("private");
         loginUser();
         UploadElement upload = $(UploadElement.class).first();
-        File tmpFile = File.createTempFile("security-flow-image", ".png");
+        File tmpFile = Files.createTempFile("security-flow-image", ".png").toFile();
         InputStream imageStream = getClass().getClassLoader()
                 .getResourceAsStream("image.png");
         IOUtils.copyLarge(imageStream, new FileOutputStream(tmpFile));
diff --git a/flow-tests/vaadin-spring-tests/test-spring-security-flow-standalone-routepathaccesschecker/src/test/java/com/vaadin/flow/spring/flowsecurity/AppViewIT.java b/flow-tests/vaadin-spring-tests/test-spring-security-flow-standalone-routepathaccesschecker/src/test/java/com/vaadin/flow/spring/flowsecurity/AppViewIT.java
@@ -4,6 +4,7 @@
 import java.io.FileOutputStream;
 import java.io.IOException;
 import java.io.InputStream;
+import java.nio.file.Files;
 import java.util.List;
 import java.util.stream.Collectors;
 
@@ -217,7 +218,7 @@ public void upload_file_in_private_view() throws IOException {
         open("private");
         loginUser();
         UploadElement upload = $(UploadElement.class).first();
-        File tmpFile = File.createTempFile("security-flow-image", ".png");
+        File tmpFile = Files.createTempFile("security-flow-image", ".png").toFile();
         InputStream imageStream = getClass().getClassLoader()
                 .getResourceAsStream("image.png");
         IOUtils.copyLarge(imageStream, new FileOutputStream(tmpFile));
diff --git a/flow-tests/vaadin-spring-tests/test-spring-security-flow/src/test/java/com/vaadin/flow/spring/flowsecurity/AppViewIT.java b/flow-tests/vaadin-spring-tests/test-spring-security-flow/src/test/java/com/vaadin/flow/spring/flowsecurity/AppViewIT.java
@@ -4,6 +4,7 @@
 import java.io.FileOutputStream;
 import java.io.IOException;
 import java.io.InputStream;
+import java.nio.file.Files;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.stream.Collectors;
@@ -253,7 +254,7 @@ public void upload_file_in_private_view() throws IOException {
         open("private");
         loginUser();
         UploadElement upload = $(UploadElement.class).first();
-        File tmpFile = File.createTempFile("security-flow-image", ".png");
+        File tmpFile = Files.createTempFile("security-flow-image", ".png").toFile();
         InputStream imageStream = getClass().getClassLoader()
                 .getResourceAsStream("image.png");
         IOUtils.copyLarge(imageStream, new FileOutputStream(tmpFile));
diff --git a/vaadin-dev-server/src/main/java/com/vaadin/base/devserver/stats/ProjectHelpers.java b/vaadin-dev-server/src/main/java/com/vaadin/base/devserver/stats/ProjectHelpers.java
@@ -243,9 +243,7 @@ static File resolveStatisticsStore() {
         if (vaadinHome == null) {
             try {
                 // Create a temp folder for data
-                vaadinHome = File.createTempFile(
-                        StatisticsConstants.VAADIN_FOLDER_NAME,
-                        UUID.randomUUID().toString());
+                vaadinHome = Files.createTempFile(StatisticsConstants.VAADIN_FOLDER_NAME, UUID.randomUUID().toString()).toFile();
                 FileUtils.forceMkdir(vaadinHome);
             } catch (IOException e) {
                 getLogger().debug("Failed to create temp directory ", e);
diff --git a/vaadin-dev-server/src/test/java/com/vaadin/base/devserver/stats/AbstractStatisticsTest.java b/vaadin-dev-server/src/test/java/com/vaadin/base/devserver/stats/AbstractStatisticsTest.java
@@ -4,6 +4,7 @@
 import java.io.IOException;
 
 import com.vaadin.flow.testutil.TestUtils;
+import java.nio.file.Files;
 
 import org.apache.commons.io.FileUtils;
 import org.junit.Before;
@@ -32,7 +33,7 @@ protected static File createTempStorage(String testResourceName)
             throws IOException {
         File original = new File(
                 TestUtils.getTestResource(testResourceName).getFile());
-        File result = File.createTempFile("test", "json");
+        File result = Files.createTempFile("test", "json").toFile();
         result.deleteOnExit();
         FileUtils.copyFile(original, result);
         return result;
@@ -41,8 +42,7 @@ protected static File createTempStorage(String testResourceName)
     @Before
     public void setup() throws Exception {
         storage = Mockito.spy(new StatisticsStorage());
-        storage.usageStatisticsFile = File.createTempFile("test-storage",
-                "json");
+        storage.usageStatisticsFile = Files.createTempFile("test-storage", "json").toFile();
         sender = Mockito.spy(new StatisticsSender(storage));
         Mockito.doAnswer(answer -> null).when(sender)
                 .triggerSendIfNeeded(Mockito.any());
