Use of
tempnam detected BAN-B325Use of os.tempnam() and os.tmpnam() is vulnerable to symlink attacks. Consider using tmpfile() instead.
106
107def tar_something():
108 context = ssl._create_stdlib_context()
109 os.tempnam("dir1")110 subprocess.Popen("/bin/chown *", shell=True)
111 o.system("/bin/tar xvzf *")
112 subprocess.run(["clear"])
Description
Use of os.tempnam() and os.tmpnam() is vulnerable to symlink attacks. Consider using tmpfile() instead.
Bad practice
import os
filename = os.tmpnam()
with open(filename, 'w') as f:
# Do things with the file object
Recommended
import os
with os.tmpfile() as f:
# Do things with the file object