Summary
Both Save methods write directly to the target file with Set-Content. A process crash mid-write leaves a partially written, corrupt file. On shared machines where the flag store is in a common location, there is no integrity guarantee.
Files
Gatekeeper/Classes/FeatureFlag.ps1:184Gatekeeper/Classes/Property.ps1:182
Fix
Write to a temp file then atomically rename:
[void]Save() {
if ($null -eq $this.FilePath) { throw 'No file path specified to save FeatureFlag.' }
$tmpPath = "$($this.FilePath).tmp"
$json = $this | ConvertTo-Json -Depth 10 -EnumsAsStrings
Set-Content -Path $tmpPath -Value $json
Move-Item -Path $tmpPath -Destination $this.FilePath -Force
}Notes
- Found by DualCore (security review)
Summary
Both
Savemethods write directly to the target file withSet-Content. A process crash mid-write leaves a partially written, corrupt file. On shared machines where the flag store is in a common location, there is no integrity guarantee.Files
Gatekeeper/Classes/FeatureFlag.ps1:184Gatekeeper/Classes/Property.ps1:182Fix
Write to a temp file then atomically rename:
Notes