jenkinsci · daniel-beck · Dec 3, 2024 · jtnord · Dec 3, 2024 · daniel-beck
diff --git a/src/main/java/hudson/remoting/Util.java b/src/main/java/hudson/remoting/Util.java
@@ -55,13 +55,10 @@ public static void copy(InputStream in, OutputStream out) throws IOException {
     }
 
     @NonNull
-    @SuppressFBWarnings(
-            value = "PATH_TRAVERSAL_IN",
-            justification = "This path exists within a temp directory so the potential traversal is limited.")
+    @SuppressFBWarnings(value = "PATH_TRAVERSAL_IN", justification = "Sanitized by #getBaseName")
     static File makeResource(String name, byte[] image) throws IOException {
         Path tmpDir = Files.createTempDirectory("resource-");
-        File resource = new File(tmpDir.toFile(), name);
-        Files.createDirectories(PathUtils.fileToPath(resource.getParentFile()));
+        File resource = new File(tmpDir.toFile(), getBaseName(name.replace('\\', '/')));
-        File resource = new File(tmpDir.toFile(), getBaseName(name.replace('\\', '/')));
+        File resource = new File(tmpDir.toFile(), getBaseName(name.replace(File.separatorChar, '/')));
-        File resource = new File(tmpDir.toFile(), getBaseName(name.replace('\\', '/')));
+        File resource = new File(tmpDir.toFile(), getBaseName(name.replace(File.separatorChar, '/')));
         Files.createFile(PathUtils.fileToPath(resource));
 
         try (FileOutputStream fos = new FileOutputStream(resource)) {