Linting: Probable insecure usage of temporary file or directory

[ogenstad]

Summary by CodeRabbit

• Chores

  • Enhanced linting configuration to enable stricter checks for temporary file security.

• Tests

  • Updated test suite to use isolated temporary directories for improved test reliability.

[coderabbitai]

Walkthrough

This pull request enables the S108 linting rule in the Ruff configuration by removing it from the ignore list in pyproject.toml. The rule detects probable insecure usage of temporary files or directories. Correspondingly, tests/unit/sdk/checks/test_checks.py is updated to use a temporary path fixture instead of a hard-coded directory path. The test method signature is modified to accept a tmp_path parameter, and all references to the temporary directory path are adjusted to use this fixture rather than the literal "/tmp" value.

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly describes the main change: enabling Ruff linting rule S108 for insecure temporary file/directory usage by removing it from the ignore list.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch pog-ruff-S108

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between dd9e82b and 6ad9907.

📒 Files selected for processing (2)

• pyproject.toml (0 hunks)
• tests/unit/sdk/checks/test_checks.py (3 hunks)

💤 Files with no reviewable changes (1)

• pyproject.toml

🧰 Additional context used

🧬 Code graph analysis (1)

tests/unit/sdk/checks/test_checks.py (1)

infrahub_sdk/ctl/cli_commands.py (1)

• check (79-102)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Cloudflare Pages

🔇 Additional comments (2)

tests/unit/sdk/checks/test_checks.py (2)

1-11: LGTM! Secure temporary directory usage.

The addition of the Path import and the tmp_path fixture parameter properly addresses the S108 security concern by replacing hard-coded /tmp with pytest's managed temporary directory.

---

34-36: LGTM! Correct fixture usage and assertion update.

The tmp_path fixture is correctly converted to string and the assertion is properly updated to match. This maintains test functionality while improving security and cross-platform compatibility.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[cloudflare-workers-and-pages]

Deploying infrahub-sdk-python with    Cloudflare Pages

Latest commit:	6ad9907
Status:	✅  Deploy successful!
Preview URL:	https://b5c4fd36.infrahub-sdk-python.pages.dev
Branch Preview URL:	https://pog-ruff-s108.infrahub-sdk-python.pages.dev

View logs

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

@@                Coverage Diff                @@
##           infrahub-develop     #652   +/-   ##
=================================================
  Coverage             75.60%   75.60%           
=================================================
  Files                   113      113           
  Lines                  9522     9522           
  Branches               1452     1452           
=================================================
  Hits                   7199     7199           
  Misses                 1832     1832           
  Partials                491      491           

Flag	Coverage Δ
integration-tests	34.96% <ø> (ø)
python-3.10	49.01% <ø> (+0.02%)	⬆️
python-3.11	48.99% <ø> (-0.03%)	⬇️
python-3.12	48.99% <ø> (ø)
python-3.13	48.97% <ø> (-0.03%)	⬇️
python-filler-3.12	24.27% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.