oscerd opened a new pull request, #22100: URL: https://github.com/apache/camel/pull/22100
…ocling Replace insecure temp file creation in DoclingProducer with per-exchange UUID-named subdirectories under the system temp dir. Set POSIX 700 permissions on directories and POSIX 600 permissions on files when the platform supports it, preventing local attackers from pre-creating symlinks or monitoring temp files. Add createSecureTempDir() and createSecureTempFile() helper methods with automatic POSIX support detection via FileSystems. Replace the old single-file cleanup (registerTempFileCleanup) with directory-level cleanup (registerTempDirCleanup + deleteDirectoryRecursively) that removes the entire per-exchange subdirectory on exchange completion. Fix a pre-existing bug where the CLI output temp directory was only cleaned up when contentInBody=true (default is false), causing temp directory leaks on every CLI invocation. The finally block now always cleans up the output directory. Add DoclingSecureTempFileTest verifying per-exchange subdirectory isolation and POSIX permission enforcement. Update existing DoclingTempFileCleanupTest to scan for directories instead of files. # Description <!-- - Write a pull request description that is detailed enough to understand what the pull request does, how, and why. --> # Target - [x] I checked that the commit is targeting the correct branch (Camel 4 uses the `main` branch) # Tracking - [x] If this is a large change, bug fix, or code improvement, I checked there is a [JIRA issue](https://issues.apache.org/jira/browse/CAMEL) filed for the change (usually before you start working on it). <!-- # *Note*: trivial changes like, typos, minor documentation fixes and other small items do not require a JIRA issue. In this case your pull request should address just this issue, without pulling in other changes. --> # Apache Camel coding standards and style - [x] I checked that each commit in the pull request has a meaningful subject line and body. <!-- If you're unsure, you can format the pull request title like `[CAMEL-XXX] Fixes bug in camel-file component`, where you replace `CAMEL-XXX` with the appropriate JIRA issue. --> - [x] I have run `mvn clean install -DskipTests` locally from root folder and I have committed all auto-generated changes. <!-- You can run the aforementioned command in your module so that the build auto-formats your code. This will also be verified as part of the checks and your PR may be rejected if if there are uncommited changes after running `mvn clean install -DskipTests`. You can learn more about the contribution guidelines at https://github.com/apache/camel/blob/main/CONTRIBUTING.md --> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
