include::../common/rationale.adoc[]

== Why is this an issue?

include::../common/description.adoc[]

=== What is the potential impact?

include::../common/impact.adoc[]

== How to fix it
 
=== Code examples

include::../common/fix/code-rationale.adoc[]

==== Noncompliant code example

[source,python,diff-id=1,diff-type=noncompliant]
----
import tempfile

filename = tempfile.mktemp() # Noncompliant
tmp_file = open(filename, "w+")
----


==== Compliant solution

[source,python,diff-id=1,diff-type=compliant]
----
import tempfile

tmp_file1 = tempfile.NamedTemporaryFile(delete=False)
tmp_file2 = tempfile.NamedTemporaryFile()

----

=== How does this work?

include::../common/fix/introduction.adoc[]

include::../common/fix/secure-api.adoc[]

Here, the example compliant code uses the more secure
`tempfile.NamedTemporaryFile` function to handle the temporary file creation.

include::../common/fix/manual-setup.adoc[]

//=== Pitfalls

//=== Going the extra mile


== Resources

include::../common/resources/documentation.adoc[]

* https://docs.python.org/3/library/tempfile.html#deprecated-functions-and-variables[Python documentation] - tempfile

//=== Articles & blog posts
//=== Conference presentations

include::../common/resources/standards.adoc[]

//=== Benchmarks

ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

=== Message

'{module.method}' is insecure. Use 'tempfile.TemporaryFile' instead


'''
== Comments And Links
(visible only on this page)

include::../comments-and-links.adoc[]

endif::env-github,rspecator-view[]