Insecure temporary file creation :: Xygeni Documentation

Description

The function $FUNC creates temporary files insecurely. Functions like mktemp, tmpnam, and tempnam have race conditions between filename generation and file creation. Use mkstemp with proper umask, or on Windows generate a random filename and open directly with CreateFile.

Rationale

The function $FUNC creates temporary files insecurely. Functions like mktemp, tmpnam, and tempnam have race conditions between filename generation and file creation. Use mkstemp with proper umask, or on Windows generate a random filename and open directly with CreateFile.

The following code illustrates a vulnerable pattern detected by this rule:

void vulnerable_mktemp() {
    char template[] = "/tmp/fileXXXXXX";
    // VULNERABLE: Insecure temporary file creation
    // mktemp is deprecated - predictable filenames and race condition
    char *filename = mktemp(template);
    FILE *f = fopen(filename, "w");
    if (f) fclose(f);
}

Remediation

Follow secure coding practices and review the references below for detailed remediation guidance.

Configuration

This detector does not need any configuration.

References

CWE-377
OWASP Top 10 2021 - A01 : Broken Access Control.
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?pageId=87152425
CERTC-FIO21-C