Steps to reproduce
- Static code security scan line 827 TarArchive.cs. Example:
|
if (asciiTranslate && !entry.IsDirectory) |
|
{ |
|
if (!IsBinary(entryFilename)) |
|
{ |
|
tempFileName = Path.GetTempFileName(); |
|
|
|
using (StreamReader inStream = File.OpenText(entryFilename)) |
|
{ |
|
using (Stream outStream = File.Create(tempFileName)) |
Expected behavior
Use sufficiently random names for temporary files to prevent attacks which can predict the name of the file. For example, a Guid or crypto generated random number.
Actual behavior
Security scan failure. #537
Version of SharpZipLib
1.3.1
Obtained from (only keep the relevant lines)
- Package installed using NuGet
Steps to reproduce
SharpZipLib/src/ICSharpCode.SharpZipLib/Tar/TarArchive.cs
Lines 823 to 831 in b7bc4e0
Expected behavior
Use sufficiently random names for temporary files to prevent attacks which can predict the name of the file. For example, a Guid or crypto generated random number.
Actual behavior
Security scan failure. #537
Version of SharpZipLib
1.3.1
Obtained from (only keep the relevant lines)