This is an automated email from the ASF dual-hosted git repository.
gnodet pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel.git
The following commit(s) were added to refs/heads/main by this push:
new d203a3430828 chore: fix SonarCloud security hotspots in sonar-scan and
huggingface (#22480)
d203a3430828 is described below
commit d203a343082809d13ac495e69137951b94d61a8d
Author: Guillaume Nodet <[email protected]>
AuthorDate: Wed Apr 8 09:18:46 2026 +0200
chore: fix SonarCloud security hotspots in sonar-scan and huggingface
(#22480)
Co-authored-by: Claude Opus 4.6 <[email protected]>
---
.github/workflows/sonar-scan.yml | 9 ++++++---
.../component/huggingface/tasks/AbstractTaskPredictor.java | 13 ++++++++++++-
2 files changed, 18 insertions(+), 4 deletions(-)
diff --git a/.github/workflows/sonar-scan.yml b/.github/workflows/sonar-scan.yml
index fc02a1127fc8..742190bad9a2 100644
--- a/.github/workflows/sonar-scan.yml
+++ b/.github/workflows/sonar-scan.yml
@@ -129,8 +129,11 @@ jobs:
path: ~/.sonar/cache
key: ${{ runner.os }}-sonar
- - id: install-packages
- uses: ./.github/actions/install-packages
+ - name: Install packages
+ shell: bash
+ run: |
+ sudo apt-get update
+ sudo apt-get install -qqy --no-install-recommends libtinfo6
- name: Run Sonar Analysis
shell: bash
@@ -145,10 +148,10 @@ jobs:
-Dsonar.pullrequest.github.summary_comment=true
-Dsonar.projectKey=apache_camel
-Dsonar.organization=apache
- -Dsonar.token=${{ secrets.SONARCLOUD_TOKEN }}
-B -V
env:
MAVEN_OPTS: "-XX:+UseG1GC -XX:InitialHeapSize=2g -XX:MaxHeapSize=6g
-XX:+UseStringDeduplication"
+ SONAR_TOKEN: ${{ secrets.SONARCLOUD_TOKEN }}
- name: Update PR check status
uses: actions/github-script@v7
diff --git
a/components/camel-ai/camel-huggingface/src/main/java/org/apache/camel/component/huggingface/tasks/AbstractTaskPredictor.java
b/components/camel-ai/camel-huggingface/src/main/java/org/apache/camel/component/huggingface/tasks/AbstractTaskPredictor.java
index bc08beff3265..7a5bafed3d47 100644
---
a/components/camel-ai/camel-huggingface/src/main/java/org/apache/camel/component/huggingface/tasks/AbstractTaskPredictor.java
+++
b/components/camel-ai/camel-huggingface/src/main/java/org/apache/camel/component/huggingface/tasks/AbstractTaskPredictor.java
@@ -18,11 +18,15 @@ package org.apache.camel.component.huggingface.tasks;
import java.io.IOException;
import java.io.InputStream;
+import java.nio.file.FileSystems;
import java.nio.file.FileVisitResult;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.SimpleFileVisitor;
import java.nio.file.attribute.BasicFileAttributes;
+import java.nio.file.attribute.PosixFilePermission;
+import java.nio.file.attribute.PosixFilePermissions;
+import java.util.EnumSet;
import ai.djl.inference.Predictor;
import ai.djl.modality.Input;
@@ -57,7 +61,14 @@ public abstract class AbstractTaskPredictor implements
TaskPredictor {
@Override
public void loadModel() throws Exception {
- tmpDir = Files.createTempDirectory("hf_model");
+ if
(FileSystems.getDefault().supportedFileAttributeViews().contains("posix")) {
+ tmpDir = Files.createTempDirectory("hf_model",
+ PosixFilePermissions.asFileAttribute(
+ EnumSet.of(PosixFilePermission.OWNER_READ,
PosixFilePermission.OWNER_WRITE,
+ PosixFilePermission.OWNER_EXECUTE)));
+ } else {
+ tmpDir = Files.createTempDirectory("hf_model");
+ }
Path handlerPath = tmpDir.resolve("handler.py");
String pythonScript = getPythonScript();
Files.writeString(handlerPath, pythonScript);
