This repository has been archived by the owner on Jan 10, 2024. It is now read-only.
Use temp folders after Gosec modules adoption #200
Labels
Milestone
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Is your feature request related to a problem? Please describe.
Right now we are creating non-temporary folders where we download the pull request files for deletion and then we delete all those folders and their content.
It's better to use temp folders because that way for whatever reason Precaution fails to delete those folders the OS itself will delete them in future.
Another argument is that using temp folders is a lot harder to predict the path or use path-traversal based attacks.
There is a problem to implement this right now because Gosec is depending heavily on the GOPATH and the location of all go files.
When they adopt Go modules (which will happen really soon: securego/gosec#297) we won't be restricted by the GOPATH.
Describe the solution you'd like
The solution will be just to use the OS temp directory with this function -
https://nodejs.org/api/os.html#os_os_tmpdir
and then create a directory with a unique name with this function - https://nodejs.org/api/fs.html#fs_fs_mkdtemp_prefix_options_callback
The text was updated successfully, but these errors were encountered: