File tree 3 files changed +75
-0
lines changed 3 files changed +75
-0
lines changed Original file line number Diff line number Diff line change 1+ id : avoid-mktemp-python
2+ language : python
3+ severity : warning
4+ message : >-
5+ The function `mktemp` is deprecated. When using this function, it is
6+ possible for an attacker to modify the created file before the filename is
7+ returned. Use `NamedTemporaryFile()` instead and pass it the
8+ `delete=False` parameter.
9+ note : >-
10+ [CWE-377]: Insecure Temporary File
11+ [OWASP A01:2021]: Broken Access Control
12+ [REFERENCES]
13+ https://docs.python.org/3/library/tempfile.html#tempfile.mktemp
14+ https://owasp.org/Top10/A01_2021-Broken_Access_Control
15+ utils :
16+ match_mktemp :
17+ kind : call
18+ has :
19+ kind : identifier
20+ pattern : $R
21+ inside :
22+ stopBy : end
23+ kind : expression_statement
24+ follows :
25+ stopBy : end
26+ kind : import_from_statement
27+ has :
28+ stopBy : end
29+ kind : dotted_name
30+ field : name
31+ has :
32+ stopBy : end
33+ kind : identifier
34+ pattern : $R
35+ rule :
36+ all :
37+ - matches : match_mktemp
Original file line number Diff line number Diff line change 1+ id : avoid-mktemp-python
2+ snapshots :
3+ ? |
4+ from tempfile import mktemp
5+ ff = mktemp()
6+ : labels :
7+ - source : mktemp()
8+ style : primary
9+ start : 33
10+ end : 41
11+ - source : mktemp
12+ style : secondary
13+ start : 21
14+ end : 27
15+ - source : mktemp
16+ style : secondary
17+ start : 21
18+ end : 27
19+ - source : from tempfile import mktemp
20+ style : secondary
21+ start : 0
22+ end : 27
23+ - source : ff = mktemp()
24+ style : secondary
25+ start : 28
26+ end : 41
27+ - source : mktemp
28+ style : secondary
29+ start : 33
30+ end : 39
Original file line number Diff line number Diff line change 1+ id : avoid-mktemp-python
2+ valid :
3+ - |
4+
5+ invalid :
6+ - |
7+ from tempfile import mktemp
8+ ff = mktemp()
You can’t perform that action at this time.
0 commit comments