#4184: Poco::TemporaryFile: make filenames less predictable

2025-01-19 00:46:03 +01:00 · 2023-10-13 14:30:22 +02:00 · 2023-10-13 14:30:22 +02:00 · ed43543113
commit ed43543113
parent 9248d4195f
3 changed files with 34 additions and 12 deletions
--- a/1
+++ b/1
@ -212,6 +212,7 @@ Release 1.11.8 (2023-10-16)
 - GH #4173: AbstractConfiguration: when expanding property references, allow specifying a default value
 - GH #4174: AbstractConfiguration: support Int16/UInt16 and Int32/UInt32
 - GH #4182: Util: Make load()/save()/clear() operations on configurations thread-safe
+- GH #4184: Poco::TemporaryFile: make filenames less predictable


 Release 1.11.7 (2023-07-11)
--- a/Foundation/src/TemporaryFile.cpp
+++ b/Foundation/src/TemporaryFile.cpp
@ -19,6 +19,9 @@
 #include "Poco/Process.h"
 #endif
 #include "Poco/Mutex.h"
+#include "Poco/Random.h"
+#include <algorithm>
+#include <random>
 #include <set>
 #include <sstream>

@ -132,19 +135,36 @@ void TemporaryFile::registerForDeletion(const std::string& path)
 }


-namespace
-{
-	static FastMutex mutex;
-}
-
-
 std::string TemporaryFile::tempName(const std::string& tempDir)
 {
-	std::ostringstream name;
+	static constexpr int UNIQUE_LENGTH = 8;
+	static FastMutex mutex;
 	static unsigned long count = 0;
-	mutex.lock();
-	unsigned long n = count++;
-	mutex.unlock();
+	static Poco::Random random;
+	static std::string alphabet = "abcdefghijklmnopqrstuvwxyz";
+	static std::string randomChars;
+
+	unsigned long n;
+	{
+		Poco::FastMutex::ScopedLock lock(mutex);
+
+		if (count == 0) 
+		{
+			random.seed();
+			
+			std::random_device rd;
+			std::mt19937 mt(rd());
+			randomChars.reserve(alphabet.size() * UNIQUE_LENGTH);
+			for (int i = 0; i < UNIQUE_LENGTH; i++)
+			{
+				std::shuffle(alphabet.begin(), alphabet.end(), mt);
+				randomChars.append(alphabet);
+			}
+		}
+		n = (count += random.next(1000));
+	}
+
+	std::ostringstream name;
 	name << (tempDir.empty() ? Path::temp() : tempDir);
 	if (name.str().at(name.str().size() - 1) != Path::separator())
 	{
@ -155,9 +175,9 @@ std::string TemporaryFile::tempName(const std::string& tempDir)
 #else
 	name << "tmp" << Process::id();
 #endif
-	for (int i = 0; i < 6; ++i)
+	for (int i = 0; i < UNIQUE_LENGTH; i++)
 	{
-		name << char('a' + (n % 26));
+		name << randomChars[alphabet.size()*i + (n % 26)];
 		n /= 26;
 	}
 	return name.str();
--- a/doc/99100-ReleaseNotes.page
+++ b/doc/99100-ReleaseNotes.page
@ -225,6 +225,7 @@ AAAIntroduction
  - GH #4173: AbstractConfiguration: when expanding property references, allow specifying a default value
  - GH #4174: AbstractConfiguration: support Int16/UInt16 and Int32/UInt32
  - GH #4182: Util: Make load()/save()/clear() operations on configurations thread-safe
+  - GH #4184: Poco::TemporaryFile: make filenames less predictable


 !!!Release 1.11.7