Do not hardcode temp file or directory Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel,
n'hésitez pas à nous contacter .
TRY THIS RULE ID: python-security/hardcoded-tmp-file
Language: Python
Severity: Info
Category: Best Practices
CWE : 377
Description Do not hardcode the name or directory of temporary files. Use the tempfile
Python instead of hardcoding values.
Learn More Non-Compliant Code Examples with open ( "/tmp/acme.pub" , "rb" ) as key_file :
public_key = serialization . load_pem_public_key (
key_file . read (),
backend = default_backend ()
)
def foobar ():
api_key_file = Path ( '/tmp/supersecret.txt' )
keyfile = '/tmp/vulpy.apikey. {} . {} ' . format ( username , key )
keyfile = f "/tmp/vulpy.apikey. { username } . { key } "
def authenticate ( request ):
if 'X-APIKEY' not in request . headers :
return None
key = request . headers [ 'X-APIKEY' ]
for f in Path ( '/tmp/' ) . glob ( 'vulpy.apikey.*.' + key ):
return f . name . split ( '.' )[ 2 ]
return None
Compliant Code Examples secure_temp = tempfile . mkstemp ( prefix = "pre_" , suffix = "_suf" )
print ( secure_temp )
temp = tempfile . NamedTemporaryFile ()
print ( temp )
print ( temp . name )
Seamless integrations. Try Datadog Code Analysis