Hello,
We are currently addressing commons io CVE where we need to upgrade it
from 2.4 to 2.11.0 . After the upgrade, one of our UTs is failing with
"Parameter 'file' is not a file: /dev/null" . Within the codeflow of the
test there is a call to FileUtils.write( File("/dev/null"), char sequence)
and the code fails here after this method call. We digged inside the
internal of this method and analyzed the difference b/w 2.4 and 2.11.0.
There is a difference b/w the flow and we traced it back to the following
commit.
<https://github.com/apache/commons-io/commit/0cee29aa4c1818963ed1a55058219282e89d7488?diff=split>
There
is a check
<https://github.com/apache/commons-io/blob/7264b2607235065aef98f12ee0e3c0d3586b9b49/src/main/java/org/apache/commons/io/FileUtils.java#L2809>
to see whether /dev/null is a file or not. This returns false.
Please let us know how to proceed to fix this issue and if you can provide
a reason also why this is failing?
Best
Abhishek
