Insecure Temporary File
ID |
python.insecure_temporary_file |
Severity |
high |
Resource |
Api |
Language |
Python |
Tags |
CWE:377, NIST.SP.800-53, PCI-DSS:6.5.6 |
Description
Insecure temporary file creation can allow unauthorized access to sensitive information or unexpected code execution.
Rationale
The official Python documentation indicates that this module is vulnerable to attacks. Use the secure mkstemp() function instead of mktemp().
from tempfile import mktemp
mktemp(dir=self._tmp_dir)Remediation
To remediate this, use Python’s mkstemp function from tempfile module.
Here’s the corrected usage:
from tempfile import mktemp
mkstemp(dir=self._tmp_dir)References
-
CWE-377 : Insecure Temporary File.