include::../common/rationale.adoc[] == Why is this an issue? include::../common/description.adoc[] === What is the potential impact? include::../common/impact.adoc[] == How to fix it === Code examples include::../common/fix/code-rationale.adoc[] ==== Noncompliant code example [source,csharp,diff-id=1,diff-type=noncompliant] ---- using System.IO; public void Example() { var tempPath = Path.GetTempFileName(); // Noncompliant using (var writer = new StreamWriter(tempPath)) { writer.WriteLine("content"); } } ---- ==== Compliant solution [source,csharp,diff-id=1,diff-type=compliant] ---- using System.IO; public void Example() { var randomPath = Path.Combine(Path.GetTempPath(), Path.GetRandomFileName()); using (var fileStream = new FileStream(randomPath, FileMode.CreateNew, FileAccess.Write, FileShare.None, 4096, FileOptions.DeleteOnClose)) using (var writer = new StreamWriter(fileStream)) { writer.WriteLine("content"); } } ---- === How does this work? include::../common/fix/introduction.adoc[] include::../common/fix/manual-setup.adoc[] Here the example compliant code uses the `Path.GetTempPath` and `Path.GetRandomFileName` functions to generate a unique random file name. The file is then open with the `FileMode.CreateNew` option that will ensure the creation fails if the file already exists. The `FileShare.None` option will additionally prevent the file from being opened again by any process. To finish, this code ensures the file will get destroyed once the application has finished using it with the `FileOptions.DeleteOnClose` option. //=== Pitfalls //=== Going the extra mile == Resources include::../common/resources/documentation.adoc[] //=== Articles & blog posts //=== Conference presentations include::../common/resources/standards.adoc[] //=== Benchmarks ifdef::env-github,rspecator-view[] ''' == Implementation Specification (visible only on this page) === Message 'Path.GetTempFileName()' is insecure. Use 'Path.GetRandomFileName()' instead. ''' == Comments And Links (visible only on this page) include::../comments-and-links.adoc[] endif::env-github,rspecator-view[]