[SECURITY] Fix Temporary File Information Disclosure Vulnerability

src/main/java/com/sogou/qadev/service/cynthia/controller/ExcelImportControllerNew.java

@@ -1,7 +1,8 @@
 package com.sogou.qadev.service.cynthia.controller;
 
 import java.io.File;
-import java.io.FileInputStream;
+import java.io.FileInputStream;
+import java.nio.file.Files;
 import java.text.SimpleDateFormat;
 import java.util.ArrayList;
 import java.util.HashMap;
@@ -55,8 +56,8 @@
 import com.sogou.qadev.service.cynthia.util.Date;
 import com.sogou.qadev.service.cynthia.util.XMLUtil;
 
-import edu.emory.mathcs.backport.java.util.Arrays;
-
+import edu.emory.mathcs.backport.java.util.Arrays;
+
 /**
  * @description:excel import processor
  * @author:liming
@@ -472,7 +473,7 @@ public String excelImportNew(@RequestParam(value = "excelfile", required = false
 
 		try
 		{
-			File tmpFile = File.createTempFile("acctachment", ".attachment");
+			File tmpFile = Files.createTempFile("acctachment", ".attachment").toFile();
 			multipartFile.transferTo(tmpFile);
 			String realFileName = multipartFile.getOriginalFilename();
 			FileInputStream fis = new FileInputStream(tmpFile);

src/main/java/com/sogou/qadev/service/cynthia/service/BugTrendManager.java

@@ -6,7 +6,8 @@
 import java.io.FileOutputStream;
 import java.io.IOException;
 import java.net.InetAddress;
-import java.net.UnknownHostException;
+import java.net.UnknownHostException;
+import java.nio.file.Files;
 import java.sql.Connection;
 import java.sql.ResultSet;
 import java.sql.Statement;
@@ -53,8 +54,8 @@
 import com.sogou.qadev.service.cynthia.service.impl.DataFilterMemory;
 import com.sogou.qadev.service.cynthia.util.ConfigUtil;
 import com.sogou.qadev.service.cynthia.util.CynthiaUtil;
-import com.sogou.qadev.service.cynthia.util.XMLUtil;
-
+import com.sogou.qadev.service.cynthia.util.XMLUtil;
+
 public class BugTrendManager {
 
 	/**
@@ -556,7 +557,7 @@ public static String drawImage(Map<String, Map<String, Integer>> resultMap, Stri
 		String fileId = "";
 		FileInputStream fin = null;
 		try {
-			File tempFile = File.createTempFile(System.currentTimeMillis() + showName , "png");
+			File tempFile = Files.createTempFile(System.currentTimeMillis() + showName, "png").toFile();
 			ChartUtilities.saveChartAsPNG(tempFile, chart, 800, 400);
 			//图片存储到图片服务器
 			fin = new FileInputStream(tempFile);

src/main/java/com/sogou/qadev/service/cynthia/service/FileUpDownLoadHandler.java

@@ -10,15 +10,16 @@
 import java.io.InputStreamReader;
 import java.io.OutputStream;
 import java.net.HttpURLConnection;
-import java.net.URL;
+import java.net.URL;
+import java.nio.file.Files;
 import java.util.HashMap;
 import java.util.Map;
 
 import net.sf.json.JSONObject;
 
 import org.jfree.chart.ChartUtilities;
-import org.jfree.chart.JFreeChart;
-
+import org.jfree.chart.JFreeChart;
+
 public class FileUpDownLoadHandler {
 
 	public static final String uploadURL = ConfigManager.getFileSystemProperties().getProperty("fdfs.upload.url");
@@ -148,7 +149,7 @@ public static byte[] downloadData(String fileId){
 			//获取网络输入流
 			bis = new BufferedInputStream(httpUrl.getInputStream());
 			//创建临时文件，由于FileInputStream.avaiable受网络阻塞原因，得到的大小可能不靠谱
-			tempFile = File.createTempFile("temp", ".tmp");
+			tempFile = Files.createTempFile("temp", ".tmp").toFile();
 			fos = new FileOutputStream(tempFile);
 
 			while ((size = bis.read(buf, 0, buf.length)) != -1){
@@ -191,7 +192,7 @@ public static String saveChartAsFile(JFreeChart chart, String showName,int width
 		String fileId = "";
 		try {
 			//创建临时文件
-			File tempFile = File.createTempFile(System.currentTimeMillis() + showName , "png");
+			File tempFile = Files.createTempFile(System.currentTimeMillis() + showName, "png").toFile();
 			ChartUtilities.saveChartAsPNG(tempFile, chart, width, height);
 			//图片存储到图片服务器
 			fin = new FileInputStream(tempFile);