37 lines
1.2 KiB
Plaintext
37 lines
1.2 KiB
Plaintext
include::../description.adoc[]
|
|
|
|
== Noncompliant Code Example
|
|
|
|
----
|
|
import tempfile
|
|
|
|
filename = tempfile.mktemp() # Noncompliant
|
|
tmp_file = open(filename, "w+")
|
|
----
|
|
|
|
== Compliant Solution
|
|
|
|
----
|
|
import tempfile
|
|
|
|
tmp_file1 = tempfile.NamedTemporaryFile(delete=False) # Compliant; Easy replacement to tempfile.mktemp()
|
|
tmp_file2 = tempfile.NamedTemporaryFile() # Compliant; Created file will be automatically deleted
|
|
----
|
|
|
|
== See
|
|
|
|
* https://www.owasp.org/index.php/Top_10-2017_A9-Using_Components_with_Known_Vulnerabilities[OWASP Top 10 2017 Category A9] - Using Components with Known Vulnerabilities
|
|
* https://cwe.mitre.org/data/definitions/377[MITRE, CWE-377] - Insecure Temporary File
|
|
* https://cwe.mitre.org/data/definitions/379[MITRE, CWE-379] - Creation of Temporary File in Directory with Incorrect Permissions
|
|
* https://www.owasp.org/index.php/Insecure_Temporary_File[OWASP, Insecure Temporary File]
|
|
* https://docs.python.org/3/library/tempfile.html#deprecated-functions-and-variables[Python tempfile module]
|
|
* https://docs.python.org/2.7/library/os.html[Python 2.7 os module]
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
'''
|
|
== Comments And Links
|
|
(visible only on this page)
|
|
|
|
include::../comments-and-links.adoc[]
|
|
endif::env-github,rspecator-view[]
|