Adding docs for temp issues
Change-Id: I6525f49df91d5cb031a49b0c5b1bc6413b9e81d9
This commit is contained in:
Tim Kelsey
parent
872f524836
commit
6156bab8c5
30
docs/temp.md
Normal file
30
docs/temp.md
Normal file
@ -0,0 +1,30 @@
|
||||
Predictable temporary path
|
||||
=====================
|
||||
Creating a temporary file on disk is a common practice, however it has the
|
||||
potential to be a source of problems. Naively creating such files using the
|
||||
system wide ``/tmp`` folder for example, may result in predictable and
|
||||
unprotected file paths. This could allow an attacker to anticipate where
|
||||
temporary files will be found and to read or modify them. Manipulation of
|
||||
temporary files can result in the ability to control, deny or damage a process
|
||||
or system, or gain access to sensitive information. Please see [0] for more
|
||||
details.
|
||||
|
||||
### Correct
|
||||
```python
|
||||
import tempfile
|
||||
tmp = tempfile.mkstemp()
|
||||
```
|
||||
|
||||
### Incorrect
|
||||
```python
|
||||
tmp = open('/tmp/my-tmp-file')
|
||||
tmp = open(tempfile.mktemp(), "w")
|
||||
```
|
||||
|
||||
## Consequences
|
||||
* Unintended control of processes or systems
|
||||
* Unintended destruction or denial of services
|
||||
* Data theft or leakage
|
||||
|
||||
## References
|
||||
* [0] https://security.openstack.org/guidelines/dg_using-temporary-files-securely.html
|
||||
Loading…
x
Reference in New Issue
Block a user