From 0edb1dbb9da32a92827cbed8294f5612aa1e4f39 Mon Sep 17 00:00:00 2001
From: Mufeed VH <mufeedvh@gmail.com>
Date: Tue, 18 Aug 2020 20:42:32 +0530
Subject: [PATCH 1/2] Fixed insecure temporary file creation

---
 coffee/lib/create-pipes.coffee | 3 +--
 js/lib/create-pipes.js         | 5 ++---
 2 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/coffee/lib/create-pipes.coffee b/coffee/lib/create-pipes.coffee
index eba2872..7e23f6b 100644
--- a/coffee/lib/create-pipes.coffee
+++ b/coffee/lib/create-pipes.coffee
@@ -18,8 +18,7 @@ module.exports = ->
 
   until created
     try
-      dir = tmp_dir + '/sync-exec-' + Math.floor Math.random() * 1000000000
-      fs.mkdir dir
+      dir = fs.mkdtemp tmp_dir + '/sync-exec-'
       created = true
 
     timeout t_limit, 'Can not create sync-exec directory'
diff --git a/js/lib/create-pipes.js b/js/lib/create-pipes.js
index 341169d..cb4f4c0 100644
--- a/js/lib/create-pipes.js
+++ b/js/lib/create-pipes.js
@@ -19,8 +19,7 @@
     }
     while (!created) {
       try {
-        dir = tmp_dir + '/sync-exec-' + Math.floor(Math.random() * 1000000000);
-        fs.mkdir(dir);
+        dir = fs.mkdtemp(tmp_dir + '/sync-exec-');
         created = true;
       } catch (_error) {}
       timeout(t_limit, 'Can not create sync-exec directory');
@@ -28,4 +27,4 @@
     return dir;
   };
 
-}).call(this);
+}).call(this);
\ No newline at end of file

From c75a6935506ce385e97b84346baaa8b7371a21ce Mon Sep 17 00:00:00 2001
From: Mufeed VH <mufeedvh@gmail.com>
Date: Tue, 18 Aug 2020 20:45:49 +0530
Subject: [PATCH 2/2] add newline

---
 js/lib/create-pipes.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/js/lib/create-pipes.js b/js/lib/create-pipes.js
index cb4f4c0..55c91bc 100644
--- a/js/lib/create-pipes.js
+++ b/js/lib/create-pipes.js
@@ -27,4 +27,4 @@
     return dir;
   };
 
-}).call(this);
\ No newline at end of file
+}).call(this);