B108: hardcoded_tmp_directory
B108: Test for insecure usage of tmp file/directory
Safely creating a temporary file or directory means following a number of rules (see the references for more details). This plugin test looks for strings starting with (configurable) commonly used temporary paths, for example:
/tmp
/var/tmp
/dev/shm
etc
Config Options:
This test plugin takes a similarly named config block, hardcoded_tmp_directory. The config block provides a Python list, tmp_dirs, that lists string fragments indicating possible temporary file paths. Any string starting with one of these fragments will report a MEDIUM confidence issue.
hardcoded_tmp_directory:
tmp_dirs: ['/tmp', '/var/tmp', '/dev/shm']
- Example:
See also
New in version 0.9.0.
Changed in version 1.7.3: CWE information added