[GRASS-git] [OSGeo/grass] f3172d: script: Change insecure mktemp to NamedTemporaryFi...
Ntp9413
noreply at github.com
Thu Feb 22 03:52:20 PST 2024
Branch: refs/heads/main
Home: https://github.com/OSGeo/grass
Commit: f3172dea2ff6475772ba13ff02daf79219f8514a
https://github.com/OSGeo/grass/commit/f3172dea2ff6475772ba13ff02daf79219f8514a
Author: Ntp9413 <156957724+Ntp9413 at users.noreply.github.com>
Date: 2024-02-22 (Thu, 22 Feb 2024)
Changed paths:
M python/grass/script/setup.py
Log Message:
-----------
script: Change insecure mktemp to NamedTemporaryFile (#3444)
Deprecated mktemp function returns an arbitrary file name to use for a temporary file. However, the application does not immediately create/open this file.
This introduces an opportunity for an attacker to interfere with the file to be created. Documentation on tempfile recommends replacing mktemp with NamedTemporaryFile. By doing this, there is no window between getting the temp file name and opening it.
To unsubscribe from these emails, change your notification settings at https://github.com/OSGeo/grass/settings/notifications
More information about the grass-commit
mailing list