Avoid usage of insecure mktemp() function

This patch eliminates the use of the deprecated and insecure tempfile.mktemp() function. It has been replaced with secure alternatives where temporary files are actually required. Change-Id: I0a13d6d44cd1abc4b66fa33f39eea407617a01d5 SecurityImpact Closes-bug: #1348869
openstack · Jul 26, 2014 · 6978275 · 6978275
1 parent 6c256c5
commit 6978275
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 12 deletions.
diff --git a/swift/common/middleware/x_profile/html_viewer.py b/swift/common/middleware/x_profile/html_viewer.py
@@ -384,10 +384,7 @@ def download(self, log_files, sort='time', limit=-1, nfl_filter='',
             elif output_format == 'ods':
                 data = stats.to_ods(nfl_esc, limit)
             else:
-                profile_tmp_all = tempfile.mktemp('.profile', 'all')
-                stats.dump_stats(profile_tmp_all)
-                data = open(profile_tmp_all).read()
-                os.remove(profile_tmp_all)
+                data = stats.print_stats()
             return data, [('content-type', self.format_dict[output_format])]
         except ODFLIBNotInstalled as ex:
             raise ex
@@ -427,10 +424,11 @@ def plot(self, log_files, sort='time', limit=10, nfl_filter='',
                 plt.xlabel(names[metric_selected])
             plt.title('Profile Statistics (by %s)' % names[metric_selected])
             #plt.gcf().tight_layout(pad=1.2)
-            profile_img = tempfile.mktemp('.png', 'plot')
-            plt.savefig(profile_img, dpi=300)
-            data = open(profile_img).read()
-            os.remove(profile_img)
+            profile_img = tempfile.TemporaryFile()
+            plt.savefig(profile_img, format='png', dpi=300)
+            profile_img.seek(0)
+            data = profile_img.read()
+            os.close(profile_img)
             return data, [('content-type', 'image/jpg')]
         except Exception as ex:
             raise ProfileException(_('plotting results failed due to %s') % ex)

diff --git a/swift/common/middleware/x_profile/profile_model.py b/swift/common/middleware/x_profile/profile_model.py
@@ -222,10 +222,11 @@ def to_ods(self, *selection):
             table.addElement(tr_header)
 
         spreadsheet.spreadsheet.addElement(table)
-        tmp_ods = tempfile.mktemp('.ods', 'stats')
-        spreadsheet.save(tmp_ods, False)
-        data = open(tmp_ods).read()
-        os.remove(tmp_ods)
+        tmp_ods = tempfile.TemporaryFile()
+        spreadsheet.write(tmp_ods)
+        tmp_ods.seek(0)
+        data = tmp_ods.read()
+        os.close(tmp_ods)
         return data