B108: hardcoded_tmp_directory

B108: Test for insecure usage of tmp file/directory

Safely creating a temporary file or directory means following a number of rules (see the references for more details). This plugin test looks for strings starting with (configurable) commonly used temporary paths, for example:

  • /tmp

  • /var/tmp

  • /dev/shm

  • etc

Config Options:

This test plugin takes a similarly named config block, hardcoded_tmp_directory. The config block provides a Python list, tmp_dirs, that lists string fragments indicating possible temporary file paths. Any string starting with one of these fragments will report a MEDIUM confidence issue.

    tmp_dirs: ['/tmp', '/var/tmp', '/dev/shm']

New in version 0.9.0.

Changed in version 1.7.3: CWE information added