1 月之前 · 7b113cc0e1
--- a/libs/entitlement/bridge/src/main/java/org/elasticsearch/entitlement/bridge/EntitlementChecker.java
+++ b/libs/entitlement/bridge/src/main/java/org/elasticsearch/entitlement/bridge/EntitlementChecker.java
@@ -709,6 +709,8 @@ public interface EntitlementChecker {
 
				 
			
 
				     void check$java_io_File$createNewFile(Class<?> callerClass, File file);
			
 
				 
			
 
				+    void check$java_io_File$$createTempFile(Class<?> callerClass, String prefix, String suffix);
			
 
				+
			
 
				     void check$java_io_File$$createTempFile(Class<?> callerClass, String prefix, String suffix, File directory);
			
 
				 
			
 
				     void check$java_io_File$delete(Class<?> callerClass, File file);
			
--- a/libs/entitlement/qa/entitlement-test-plugin/src/main/java/org/elasticsearch/entitlement/qa/test/FileCheckActions.java
+++ b/libs/entitlement/qa/entitlement-test-plugin/src/main/java/org/elasticsearch/entitlement/qa/test/FileCheckActions.java
@@ -97,6 +97,17 @@ class FileCheckActions {
 
				         File.createTempFile("prefix", "suffix", readWriteDir().toFile());
			
 
				     }
			
 
				 
			
 
				+    @EntitlementTest(expectedAccess = ALWAYS_ALLOWED)
			
 
				+    static void fileCreateTempFileSystemTempDirectory() throws IOException {
			
 
				+        File.createTempFile("prefix", "suffix");
			
 
				+    }
			
 
				+
			
 
				+    @EntitlementTest(expectedAccess = ALWAYS_ALLOWED)
			
 
				+    static void fileCreateTempFileNullDirectory() throws IOException {
			
 
				+        // null directory = system temp directory
			
 
				+        File.createTempFile("prefix", "suffix", null);
			
 
				+    }
			
 
				+
			
 
				     @EntitlementTest(expectedAccess = PLUGINS)
			
 
				     static void fileDelete() throws IOException {
			
 
				         var toDelete = EntitledActions.createTempFileForWrite();
			
--- a/libs/entitlement/src/main/java/org/elasticsearch/entitlement/runtime/policy/ElasticsearchEntitlementChecker.java
+++ b/libs/entitlement/src/main/java/org/elasticsearch/entitlement/runtime/policy/ElasticsearchEntitlementChecker.java
@@ -1402,9 +1402,20 @@ public class ElasticsearchEntitlementChecker implements EntitlementChecker {
 
				         policyChecker.checkFileWrite(callerClass, file);
			
 
				     }
			
 
				 
			
 
				+    @Override
			
 
				+    public void check$java_io_File$$createTempFile(Class<?> callerClass, String prefix, String suffix) {
			
 
				+        policyChecker.checkCreateTempFile(callerClass);
			
 
				+    }
			
 
				+
			
 
				     @Override
			
 
				     public void check$java_io_File$$createTempFile(Class<?> callerClass, String prefix, String suffix, File directory) {
			
 
				-        policyChecker.checkFileWrite(callerClass, directory);
			
 
				+        // A null value for the directory parameter means using the temp directory (java.io.tmpdir,
			
 
				+        // aka org.elasticsearch.env.Environment#tmpDir, aka PathLookup#TEMP).
			
 
				+        if (directory == null) {
			
 
				+            policyChecker.checkCreateTempFile(callerClass);
			
 
				+        } else {
			
 
				+            policyChecker.checkFileWrite(callerClass, directory);
			
 
				+        }
			
 
				     }
			
 
				 
			
 
				     @Override