Insecure Temporary File Creation
Description
The application uses the insecure `mktemp` method to create temporary files, which can lead to unintended files being created or overwritten due to symlinks.
Examples
Insecure Code
python
tempfile.mktemp()Secure Code
python
with tempfile.TemporaryFile() as fp: fp.write(b'Some data')Remediation
Use `tempfile.TemporaryFile` instead of `mktemp` to create temporary files.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0170 |
| Category | InsecureConfig |
| Severity | MEDIUM |
| CWE | CWE-377 |
| Confidence | HIGH |
| Impact | MEDIUM |
| Likelihood | MEDIUM |
| Exploitability | MODERATE |
| Tags | temporary files, symlinks |
| OWASP | A3:2017-Sensitive Data Exposure, A01:2021-Broken Access Control |