Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use of deprecated & insecure tempfile.mktemp() #1752

Closed
MIS-Alex opened this issue Jan 12, 2021 · 1 comment · Fixed by #1754
Closed

Use of deprecated & insecure tempfile.mktemp() #1752

MIS-Alex opened this issue Jan 12, 2021 · 1 comment · Fixed by #1754

Comments

@MIS-Alex
Copy link
Contributor

Expected Behavior

_tempfilepager() in _termui_impl.py uses a depreciated function that is considered insecure by the core Python team. It is recommended to use mkstemp() instead.

import tempfile
filename = tempfile.mkstemp()  # Suggested replacement

Actual Behavior

Python's warning:

Use of this function may introduce a security hole in your program. By the time you get around to doing anything with the file name it returns, someone else may have beaten you to the punch.

import tempfile
filename = tempfile.mktemp()  # Depreciated and insecure

Environment

  • Python version: 3.8.5
  • Click version: 7.1.2
@davidism
Copy link
Member

Please see our guidelines for responsibly reporting security issues: https://github.com/pallets/click/security/policy

@davidism davidism changed the title Use of depreciated & insecure tempfile.mktemp() Use of deprecated & insecure tempfile.mktemp() Jan 12, 2021
@MIS-Alex MIS-Alex mentioned this issue Jan 14, 2021
Merged
2 tasks
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jan 29, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Replaced redundant mktemp() with mkstemp() MIS-Alex/click
2 participants
@davidism @MIS-Alex