CWE-378 | Creation of Temporary File with Insecure Permissions

[mr-africa]

Hello!

I can't find similar issues in google group

My react native android app was audited by some security company. And they have found an issue in jna codebase. (I don't know which third party lib is using your lib)

I'm not sure is it real problem or not. It's looks weird. But my employer require to fix these issues.

in file https://github.com/java-native-access/jna/blob/master/src/com/sun/jna/Native.java

their report here:

CWE-378 | Creation of Temporary File with Insecure Permissions

❖ Severity Medium

❖ Description
The mobile application creates temporary files that may contains
sensitive information that should never be written into a temp file.

❖ Impact
Opening temporary files without appropriate measures or controls can leave the file, its contents, and any function that it impacts vulnerable to attack.

❖ Remediation
The temporary and cache files shall remain private by default, it is recommended to make sure that temporary files are securely deleted when they are not required by the application anymore.

Could you help with it please.

[dbwiddis]

See #914 and #985