101 lines
2.1 KiB
Plaintext
101 lines
2.1 KiB
Plaintext
include::../common/rationale.adoc[]
|
|
|
|
== Why is this an issue?
|
|
|
|
include::../common/description.adoc[]
|
|
|
|
=== What is the potential impact?
|
|
|
|
include::../common/impact.adoc[]
|
|
|
|
== How to fix it
|
|
|
|
=== Code examples
|
|
|
|
include::../common/fix/code-rationale.adoc[]
|
|
|
|
==== Noncompliant code example
|
|
|
|
[source,csharp,diff-id=1,diff-type=noncompliant]
|
|
----
|
|
using System.IO;
|
|
|
|
public void Example()
|
|
{
|
|
var tempPath = Path.GetTempFileName(); // Noncompliant
|
|
|
|
using (var writer = new StreamWriter(tempPath))
|
|
{
|
|
writer.WriteLine("content");
|
|
}
|
|
}
|
|
----
|
|
|
|
|
|
==== Compliant solution
|
|
|
|
[source,csharp,diff-id=1,diff-type=compliant]
|
|
----
|
|
using System.IO;
|
|
|
|
public void Example()
|
|
{
|
|
var randomPath = Path.Combine(Path.GetTempPath(), Path.GetRandomFileName());
|
|
|
|
using (var fileStream = new FileStream(randomPath, FileMode.CreateNew, FileAccess.Write, FileShare.None, 4096, FileOptions.DeleteOnClose))
|
|
using (var writer = new StreamWriter(fileStream))
|
|
{
|
|
writer.WriteLine("content");
|
|
}
|
|
}
|
|
----
|
|
|
|
=== How does this work?
|
|
|
|
include::../common/fix/introduction.adoc[]
|
|
|
|
include::../common/fix/manual-setup.adoc[]
|
|
|
|
Here the example compliant code uses the `Path.GetTempPath` and
|
|
`Path.GetRandomFileName` functions to generate a unique random file name. The
|
|
file is then open with the `FileMode.CreateNew` option that will ensure the
|
|
creation fails if the file already exists. The `FileShare.None` option will
|
|
additionally prevent the file from being opened again by any process. To finish,
|
|
this code ensures the file will get destroyed once the application has finished
|
|
using it with the `FileOptions.DeleteOnClose` option.
|
|
|
|
//=== Pitfalls
|
|
|
|
//=== Going the extra mile
|
|
|
|
|
|
== Resources
|
|
|
|
include::../common/resources/documentation.adoc[]
|
|
|
|
//=== Articles & blog posts
|
|
//=== Conference presentations
|
|
|
|
include::../common/resources/standards.adoc[]
|
|
|
|
//=== Benchmarks
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
=== Message
|
|
|
|
'Path.GetTempFileName()' is insecure. Use 'Path.GetRandomFileName()' instead.
|
|
|
|
|
|
'''
|
|
== Comments And Links
|
|
(visible only on this page)
|
|
|
|
include::../comments-and-links.adoc[]
|
|
|
|
endif::env-github,rspecator-view[]
|