File _service:tar_scm:CVE-2020-17521.patch of Package groovy

From 24a2441ad715cda26c9cae9febb36cdb51983092 Mon Sep 17 00:00:00 2001
From: Paul King <paulk@asert.com.au>
Date: Fri, 5 Feb 2021 10:15:52 +0800
Subject: [PATCH] use newer api for creating temp dir

---
 .../runtime/DefaultGroovyStaticMethods.java   | 48 ++++++-------------
 1 file changed, 14 insertions(+), 34 deletions(-)

diff --git a/src/main/org/codehaus/groovy/runtime/DefaultGroovyStaticMethods.java b/src/main/org/codehaus/groovy/runtime/DefaultGroovyStaticMethods.java
index 9e4ce31..61414b2 100644
--- a/src/main/org/codehaus/groovy/runtime/DefaultGroovyStaticMethods.java
+++ b/src/main/org/codehaus/groovy/runtime/DefaultGroovyStaticMethods.java
@@ -24,6 +24,8 @@ import java.io.File;
 import java.io.IOException;
 import java.text.ParseException;
 import java.text.SimpleDateFormat;
+import java.nio.file.Files;
+import java.nio.file.Path;
 import java.util.Date;
 import java.util.ResourceBundle;
 import java.util.Locale;
@@ -261,43 +263,21 @@ public class DefaultGroovyStaticMethods {
     }
 
     public static File createTempDir(File self) throws IOException {
-        return createTempDir(self, "groovy-generated-", "-tmpdir");
+	return createTempDir(self, "groovy-generated-", "tmpdir-");
+    }
+
+    public static File createTempDir(File self, final String prefix) throws IOException {
+	return createTempDirNio(prefix);
     }
 
     public static File createTempDir(File self, final String prefix, final String suffix) throws IOException {
-        final int MAXTRIES = 3;
-        int accessDeniedCounter = 0;
-        File tempFile=null;
-        for (int i=0; i<MAXTRIES; i++) {
-            try {
-                tempFile = File.createTempFile(prefix, suffix);
-                tempFile.delete();
-                tempFile.mkdirs();
-                break;
-            } catch (IOException ioe) {
-                if (ioe.getMessage().startsWith("Access is denied")) {
-                    accessDeniedCounter++;
-                    try { Thread.sleep(100); } catch (InterruptedException e) {}
-                }
-                if (i==MAXTRIES-1) {
-                    if (accessDeniedCounter==MAXTRIES) {
-                        String msg =
-                                "Access is denied.\nWe tried " +
-                                        + accessDeniedCounter+
-                                        " times to create a temporary directory"+
-                                        " and failed each time. If you are on Windows"+
-                                        " you are possibly victim to"+
-                                        " http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6325169. "+
-                                        " this is no bug in Groovy.";
-                        throw new IOException(msg);
-                    } else {
-                        throw ioe;
-                    }
-                }
-                continue;
-            }
-        }
-        return tempFile;
+	// more secure Files api doesn't support suffix, so just append it to the prefix
+        return createTempDirNio(prefix + suffix);
+    }
+
+    private static File createTempDirNio(String prefix) throws IOException {
+	Path tempPath = Files.createTempDirectory(prefix);
+	return tempPath.toFile();
     }
 
   /**
-- 
2.23.0