2020-06-30 12:50:28 +02:00
include::../description.adoc[]
== Noncompliant Code Example
2022-02-04 17:28:24 +01:00
[source,python]
2020-06-30 12:50:28 +02:00
----
import tempfile
filename = tempfile.mktemp() # Noncompliant
tmp_file = open(filename, "w+")
----
== Compliant Solution
2022-02-04 17:28:24 +01:00
[source,python]
2020-06-30 12:50:28 +02:00
----
import tempfile
tmp_file1 = tempfile.NamedTemporaryFile(delete=False) # Compliant; Easy replacement to tempfile.mktemp()
tmp_file2 = tempfile.NamedTemporaryFile() # Compliant; Created file will be automatically deleted
----
== See
2021-11-01 15:00:32 +01:00
* https://owasp.org/Top10/A01_2021-Broken_Access_Control/[OWASP Top 10 2021 Category A1] - Broken Access Control
2020-06-30 12:50:28 +02:00
* https://www.owasp.org/index.php/Top_10-2017_A9-Using_Components_with_Known_Vulnerabilities[OWASP Top 10 2017 Category A9] - Using Components with Known Vulnerabilities
2021-10-28 10:07:16 +02:00
* https://cwe.mitre.org/data/definitions/377.html[MITRE, CWE-377] - Insecure Temporary File
* https://cwe.mitre.org/data/definitions/379.html[MITRE, CWE-379] - Creation of Temporary File in Directory with Incorrect Permissions
2020-06-30 12:50:28 +02:00
* https://www.owasp.org/index.php/Insecure_Temporary_File[OWASP, Insecure Temporary File]
* https://docs.python.org/3/library/tempfile.html#deprecated-functions-and-variables[Python tempfile module]
* https://docs.python.org/2.7/library/os.html[Python 2.7 os module]
2021-06-02 20:44:38 +02:00
2021-06-03 09:05:38 +02:00
ifdef::env-github,rspecator-view[]
2021-09-20 15:38:42 +02:00
'''
== Implementation Specification
(visible only on this page)
include::message.adoc[]
2021-06-08 15:52:13 +02:00
'''
2021-06-02 20:44:38 +02:00
== Comments And Links
(visible only on this page)
include::../comments-and-links.adoc[]
2021-06-03 09:05:38 +02:00
endif::env-github,rspecator-view[]
