Make temp file location configurable in Jobstore
seehamrun opened this issue · comments
We use File.createTempFile
in the PerJobDatastore because a Random Access file is needed for some apis. This is currently only the GoogeVideoImporter and the BackblazeImporters: https://github.com/google/data-transfer-project/search?q=getTempFileFromInputStream
However File.createTempFile
creates files in the the system temporary directory with file permissions -rw-r--r-- by default.
We'll need to figure out how to hold the file in memory somehow and still be comptiable with the APIs or simply make the location configurable.
Or move to the new Files
API which correctly sets the file permissions on temporary files to be restricted.
Hi all, what's the disclosure/CVE issuance plan for this vulnerability?
I've reached out to Google multiple times about getting a CVE issued for this vulnerability without response. At this point, I'll be moving forward with the CVE appeals process to get CVEs issued for this vulnerability.
This vulnerability has been publicly disclosed here: GHSA-22c6-wcjm-qfjg