Pattern: Insecure usage of temporary file/directory
Issue: -
Safely creating a temporary file or directory means following a number of rules (see the references for more details). This rule looks for strings starting with (configurable) commonly used temporary paths, for example:
/tmp/var/tmp/dev/shmetc
Example of insecure code:
f = open('/tmp/abc', 'w')
f.write('def')
f.close()Example of secure code:
f = open('/abc/tmp', 'w')
f.write('def')
f.close()