Insecure Temporary File Creation
Description
Creating and using insecure temporary files can leave application and system data vulnerable to attack. The use of mktemp, tmpnam, and tempnam functions can be exploited by attackers to gain unauthorized access to sensitive data.
Examples
Insecure Code
c
FILE *fp = fopen(tmpnam(NULL), "w");Secure Code
c
int fd = mkstemp(template); FILE *fp = fdopen(fd, "w");Remediation
Use secure alternatives such as mkstemp or tmpfile to create temporary files.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0246 |
| Category | InsecureConfig |
| Severity | MEDIUM |
| CWE | CWE-377 |
| Confidence | HIGH |
| Impact | MEDIUM |
| Likelihood | MEDIUM |
| Exploitability | MODERATE |
| Tags | temporary files, insecure api |
| OWASP | N/A |