CINXE.COM

<!DOCTYPE html> <html lang="en" data-content_root="../"> <head> <meta charset="utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" /> <title>Create, use, and remove temporary files securely — OpenStack Security Advisories 0.0.1.dev290 documentation</title> <link rel="stylesheet" type="text/css" href="../_static/pygments.css?v=fe63c2af" /> <link rel="stylesheet" type="text/css" href="../_static/basic.css?v=5c69cfe2" /> <script src="../_static/documentation_options.js?v=8f94c656"></script> <script src="../_static/doctools.js?v=9bcbadda"></script> <script src="../_static/sphinx_highlight.js?v=dc90522c"></script> <link rel="search" title="Search" href="../search.html" /> <link rel="next" title="Validate certificates on HTTPS connections to avoid man-in-the-middle attacks" href="dg_validate-certificates.html" /> <link rel="prev" title="Restrict path access to prevent path traversal" href="dg_using-file-paths.html" /> <meta name="viewport" content="width=device-width, initial-scale=1">  <link href="../_static/css/bootstrap.min.css" rel="stylesheet">  <link href="../_static/css/font-awesome.min.css" rel="stylesheet">  <link href="../_static/css/combined.css" rel="stylesheet">  <link href="../_static/css/search.css" rel="stylesheet">  <link href="../_static/pygments.css" rel="stylesheet">     <script> (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) })(window,document,'script','//www.google-analytics.com/analytics.js','ga'); ga('create', 'UA-17511903-1', 'auto'); ga('send', 'pageview'); </script>  </head><body>  <script> (function (window, document) { var loader = function () { var script = document.createElement("script"), tag = document.getElementsByTagName("script")[0]; script.src = "https://search.openstack.org/widget/embed.min.js?t="+Date.now(); tag.parentNode.insertBefore(script, tag); }; window.addEventListener ? window.addEventListener("load", loader, false) : window.attachEvent("onload", loader); })(window, document); </script> <nav class="navbar navbar-default" role="navigation"> <div class="container">  <div class="navbar-header"> <button class="navbar-toggle" data-target="#bs-example-navbar-collapse-1" data-toggle="collapse" type="button"> <span class="sr-only">Toggle navigation</span> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <div class="brand-wrapper"> <a class="navbar-brand" href="https://www.openstack.org/"></a> </div> <div class="search-icon show"><i class="fa fa-search"></i> Search</div></div> <div class="collapse navbar-collapse" id="bs-example-navbar-collapse-1"> <div class="search-container tiny"> <div class="openstack-search-bar" data-baseUrl="search.openstack.org" data-context="docs-openstack"></div> </div> <ul class="nav navbar-nav navbar-main show"> <li class="search-container-mobile"> <div class="openstack-search-bar" data-baseUrl="search.openstack.org" data-context="docs-openstack"></div> </li> <li>  <a href="https://www.openstack.org/software/" class="drop" id="dropdownMenuSoftware">Software <i class="fa fa-caret-down"></i></a> <ul class="dropdown-menu" role="menu" aria-labelledby="dropdownMenuSoftware"> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/software/">Overview</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/software/project-navigator/openstack-components">OpenStack Components</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/software/project-navigator/sdks">SDKs</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/software/project-navigator/deployment-tools">Deployment Tools</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/assets/software/projectmap/openstack-map.pdf" target="_blank">OpenStack Map</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/software/sample-configs/">Sample Configs</a></li> </ul> </li> <li>  <a href="https://www.openstack.org/use-cases/" class="drop" id="dropdownMenuUsers">Use Cases <i class="fa fa-caret-down"></i></a> <ul class="dropdown-menu" role="menu" aria-labelledby="dropdownMenuUsers"> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/use-cases/">Users in Production</a></li> <li role="presentation" class="divider"></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/use-cases/bare-metal/">Ironic Bare Metal</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/use-cases/edge-computing/">Edge Computing</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/use-cases/telecoms-and-nfv/">Telecom & NFV</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/use-cases/science/">Science and HPC</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/use-cases/containers/">Containers</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/use-cases/enterprise/">Enterprise</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/surveys/landing">User Survey</a></li> </ul> </li> <li>  <a href="https://openinfra.dev/summit" class="drop" id="dropdownMenuEvents">Events <i class="fa fa-caret-down"></i></a> <ul class="dropdown-menu" role="menu" aria-labelledby="dropdownMenuEvents"> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://openinfra.dev/summit">OpenInfra Summit</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/ptg/">Project Teams Gathering</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/events/opendev-2020/">OpenDev</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/events/community-events/">Community Events</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/events/openstackdays">OpenStack & OpenInfra Days</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/videos/">Summit Videos</a></li> </ul> </li> <li> <a href="https://www.openstack.org/community/" class="drop" id="dropdownMenuCommunity">Community <i class="fa fa-caret-down"></i></a> <ul class="dropdown-menu" role="menu" aria-labelledby="dropdownMenuCommunity"> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/community/">Welcome! Start Here</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/community/tech-committee">OpenStack Technical Committee</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/community/speakers/">Speakers Bureau</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="http://wiki.openstack.org">OpenStack Wiki</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/coa/">Get Certified (COA)</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/community/jobs/">Jobs</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/marketing/">Marketing Resources</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/news/">Community News</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="http://superuser.openstack.org">Superuser Magazine</a></li> <li role="presentation" class="divider"></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/community/supporting-organizations/">OpenInfra Foundation Supporting Organizations</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://openinfra.dev">OpenInfra Foundation</a></li> </ul> </li> <li> <a href="https://www.openstack.org/marketplace/" class="drop" id="dropdownMenuLearn">Marketplace <i class="fa fa-caret-down"></i></a> <ul class="dropdown-menu dropdown-hover" role="menu" aria-labelledby="dropdownMenuEvents"> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/marketplace/training/">Training</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/marketplace/distros/">Distros & Appliances</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/marketplace/public-clouds/">Public Clouds</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/marketplace/hosted-private-clouds/">Hosted Private Clouds</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/marketplace/remotely-managed-private-clouds/">Remotely Managed Private Clouds</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/marketplace/consulting/">Consulting & Integrators</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/marketplace/drivers/">Drivers</a></li> </ul> </li> <li> <a href="https://www.openstack.org/blog/">Blog</a> </li> <li> <a href="http://docs.openstack.org/">Docs</a> </li> <li class="join-nav-section">  <a href="https://openinfra.dev/join/" id="dropdownMenuJoin">Join <i class="fa fa-caret-down"></i></a> <ul class="dropdown-menu dropdown-hover" role="menu" aria-labelledby="dropdownMenuJoin" style="display: none;"> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://openinfra.dev/join/">Sign up for Foundation Membership</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://openinfra.dev/join/">Sponsor the Foundation</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://openinfra.dev">More about the Foundation</a></li> </ul> </li> <li>  <a href="https://www.openstack.org/Security/login/?BackURL=/home/" class="sign-in-btn">Log In</a> </li> </ul> </div> </div>  </nav> <div class="container docs-book-wrapper"> <div class="row"> <div class="col-lg-9 col-md-8 col-sm-8 col-lg-push-3 col-md-push-4 col-sm-push-4"> <div class="row docs-title"> <div class="col-lg-8"> <h1>Create, use, and remove temporary files securely</h1> </div> <div class="docs-actions"> <a href="dg_using-file-paths.html"><i class="fa fa-angle-double-left" data-toggle="tooltip" data-placement="top" title="Previous: Restrict path access to prevent path traversal"></i></a> <a href="dg_validate-certificates.html"><i class="fa fa-angle-double-right" data-toggle="tooltip" data-placement="top" title="Next: Validate certificates on HTTPS connections to avoid man-in-the-middle attacks"></i></a> <a id="logABugLink1" href="" target="_blank" title="Found an error? Report a bug against this page"><i class="fa fa-bug" data-toggle="tooltip" data-placement="top" title="Report a Bug"></i></a> </div> </div> <div class="row"> <div class="col-lg-12"> <div class="docs-body" role="main"> <section id="create-use-and-remove-temporary-files-securely"> <h1>Create, use, and remove temporary files securely<a class="headerlink" href="#create-use-and-remove-temporary-files-securely" title="Link to this heading">¶</a></h1> <p>Often we want to create temporary files to save data that we can’t hold in memory or to pass to external programs that must read from a file. The obvious way to do this is to generate a unique file name in a common system temporary directory such as /tmp, but doing so correctly is harder than it seems. Safely creating a temporary file or directory means following a number of rules (see the references for more details). We should never do this ourselves but use the correct existing library function. We also must take care to cleanup our temporary files even in the face of errors.</p> <p>If we don’t take all these precautions we open ourselves up to a number of dangerous security problems. Malicious users that can predict the file name and write to directory containing the temporary file can effectively hijack the temporary file by creating a symlink with the name of the temporary file before the program creates the file itself. This allows a malicious user to supply malicious data or cause actions by the program to affect attacker chosen files. The references have more extensive descriptions of potential dangers.</p> <p>Most programming lanuages provide functions to create temporary files. However, some of these functions are unsafe and should not be used. We need to be careful to use the safe functions.</p> <p>Despite the safer temporary file creation APIs we must still be aware of where we are creating tempory files. Generally, temporary files should always be created on the local filesystem. Many remote filesystems (for example, NFSv2) do not support the open flags needed to safely create temporary files.</p> <section id="python"> <h2>Python<a class="headerlink" href="#python" title="Link to this heading">¶</a></h2> <table class="docutils align-default"> <thead> <tr class="row-odd"><th class="head"><p>Use</p></th> <th class="head"><p>Avoid</p></th> </tr> </thead> <tbody> <tr class="row-even"><td><p>tempfile.TemporaryFile</p></td> <td><p>tempfile.mktemp</p></td> </tr> <tr class="row-odd"><td><p>tempfile.NamedTemporaryFile</p></td> <td><p>open</p></td> </tr> <tr class="row-even"><td><p>tempfile.SpoolTemporaryFile</p></td> <td></td> </tr> <tr class="row-odd"><td><p>tempfile.mkstemp</p></td> <td></td> </tr> <tr class="row-even"><td><p>tempfile.mkdtemp</p></td> <td></td> </tr> </tbody> </table> <p>tempfile.TemporaryFile should be used whenever possible. Besides creating temporary files safely it also hides the file and cleans up the file automatically.</p> </section> <section id="incorrect"> <h2>Incorrect<a class="headerlink" href="#incorrect" title="Link to this heading">¶</a></h2> <p>Creating temporary files with predictable paths leaves them open to time of check, time of use attacks (TOCTOU). Given the following code snippet an attacker might pre-emptively place a file at the specified location.</p> <div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="kn">import</span><span class="w"> </span><span class="nn">os</span> <span class="kn">import</span><span class="w"> </span><span class="nn">tempfile</span> <span class="c1"># This will most certainly put you at risk</span> <span class="n">tmp</span> <span class="o">=</span> <span class="n">os</span><span class="o">.</span><span class="n">path</span><span class="o">.</span><span class="n">join</span><span class="p">(</span><span class="n">tempfile</span><span class="o">.</span><span class="n">gettempdir</span><span class="p">(),</span> <span class="n">filename</span><span class="p">)</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">os</span><span class="o">.</span><span class="n">path</span><span class="o">.</span><span class="n">exists</span><span class="p">(</span><span class="n">tmp</span><span class="p">):</span> <span class="k">with</span> <span class="nb">open</span><span class="p">(</span><span class="n">tmp</span><span class="p">,</span> <span class="s2">"w"</span><span class="p">)</span> <span class="n">file</span><span class="p">:</span> <span class="n">file</span><span class="o">.</span><span class="n">write</span><span class="p">(</span><span class="s2">"defaults"</span><span class="p">)</span> </pre></div> </div> <p>There is also an insecure method within the Python standard library that cannot be used in a secure way to create temporary file creation.</p> <div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="kn">import</span><span class="w"> </span><span class="nn">os</span> <span class="kn">import</span><span class="w"> </span><span class="nn">tempfile</span> <span class="nb">open</span><span class="p">(</span><span class="n">tempfile</span><span class="o">.</span><span class="n">mktemp</span><span class="p">(),</span> <span class="s2">"w"</span><span class="p">)</span> </pre></div> </div> <p>Finally there are many ways we could try to create a secure filename that will not be secure and is easily predictable.</p> <div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">filename</span> <span class="o">=</span> <span class="s2">"</span><span class="si">{}</span><span class="s2">/</span><span class="si">{}</span><span class="s2">.tmp"</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">tempfile</span><span class="o">.</span><span class="n">gettempdir</span><span class="p">(),</span> <span class="n">os</span><span class="o">.</span><span class="n">getpid</span><span class="p">())</span> <span class="nb">open</span><span class="p">(</span><span class="n">filename</span><span class="p">,</span> <span class="s2">"w"</span><span class="p">)</span> </pre></div> </div> </section> <section id="correct"> <h2>Correct<a class="headerlink" href="#correct" title="Link to this heading">¶</a></h2> <p>The Python standard library provides a number of secure ways to create temporary files and directories. The following are examples of how you can use them.</p> <p>Creating files:</p> <div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="kn">import</span><span class="w"> </span><span class="nn">os</span> <span class="kn">import</span><span class="w"> </span><span class="nn">tempfile</span> <span class="c1"># Use the TemporaryFile context manager for easy clean-up</span> <span class="k">with</span> <span class="n">tempfile</span><span class="o">.</span><span class="n">TemporaryFile</span><span class="p">()</span> <span class="k">as</span> <span class="n">tmp</span><span class="p">:</span> <span class="c1"># Do stuff with tmp</span> <span class="n">tmp</span><span class="o">.</span><span class="n">write</span><span class="p">(</span><span class="s1">'stuff'</span><span class="p">)</span> <span class="c1"># Clean up a NamedTemporaryFile on your own</span> <span class="c1"># delete=True means the file will be deleted on close</span> <span class="n">tmp</span> <span class="o">=</span> <span class="n">tempfile</span><span class="o">.</span><span class="n">NamedTemporaryFile</span><span class="p">(</span><span class="n">delete</span><span class="o">=</span><span class="kc">True</span><span class="p">)</span> <span class="k">try</span><span class="p">:</span> <span class="c1"># do stuff with temp</span> <span class="n">tmp</span><span class="o">.</span><span class="n">write</span><span class="p">(</span><span class="s1">'stuff'</span><span class="p">)</span> <span class="k">finally</span><span class="p">:</span> <span class="n">tmp</span><span class="o">.</span><span class="n">close</span><span class="p">()</span> <span class="c1"># deletes the file</span> <span class="c1"># Handle opening the file yourself. This makes clean-up</span> <span class="c1"># more complex as you must watch out for exceptions</span> <span class="n">fd</span><span class="p">,</span> <span class="n">path</span> <span class="o">=</span> <span class="n">tempfile</span><span class="o">.</span><span class="n">mkstemp</span><span class="p">()</span> <span class="k">try</span><span class="p">:</span> <span class="k">with</span> <span class="n">os</span><span class="o">.</span><span class="n">fdopen</span><span class="p">(</span><span class="n">fd</span><span class="p">,</span> <span class="s1">'w'</span><span class="p">)</span> <span class="k">as</span> <span class="n">tmp</span><span class="p">:</span> <span class="c1"># do stuff with temp file</span> <span class="n">tmp</span><span class="o">.</span><span class="n">write</span><span class="p">(</span><span class="s1">'stuff'</span><span class="p">)</span> <span class="k">finally</span><span class="p">:</span> <span class="n">os</span><span class="o">.</span><span class="n">remove</span><span class="p">(</span><span class="n">path</span><span class="p">)</span> </pre></div> </div> <p>We can also safely create a temporary directory and create temporary files inside it. We need to set the umask before creating the file to ensure the permissions on the file only allow the creator read and write access.</p> <div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="kn">import</span><span class="w"> </span><span class="nn">os</span> <span class="kn">import</span><span class="w"> </span><span class="nn">tempfile</span> <span class="n">tmpdir</span> <span class="o">=</span> <span class="n">tempfile</span><span class="o">.</span><span class="n">mkdtemp</span><span class="p">()</span> <span class="n">predictable_filename</span> <span class="o">=</span> <span class="s1">'myfile'</span> <span class="c1"># Ensure the file is read/write by the creator only</span> <span class="n">saved_umask</span> <span class="o">=</span> <span class="n">os</span><span class="o">.</span><span class="n">umask</span><span class="p">(</span><span class="mi">0077</span><span class="p">)</span> <span class="n">path</span> <span class="o">=</span> <span class="n">os</span><span class="o">.</span><span class="n">path</span><span class="o">.</span><span class="n">join</span><span class="p">(</span><span class="n">tmpdir</span><span class="p">,</span> <span class="n">predictable_filename</span><span class="p">)</span> <span class="nb">print</span> <span class="n">path</span> <span class="k">try</span><span class="p">:</span> <span class="k">with</span> <span class="nb">open</span><span class="p">(</span><span class="n">path</span><span class="p">,</span> <span class="s2">"w"</span><span class="p">)</span> <span class="k">as</span> <span class="n">tmp</span><span class="p">:</span> <span class="n">tmp</span><span class="o">.</span><span class="n">write</span><span class="p">(</span><span class="s2">"secrets!"</span><span class="p">)</span> <span class="k">except</span> <span class="ne">IOError</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span> <span class="nb">print</span> <span class="s1">'IOError'</span> <span class="k">else</span><span class="p">:</span> <span class="n">os</span><span class="o">.</span><span class="n">remove</span><span class="p">(</span><span class="n">path</span><span class="p">)</span> <span class="k">finally</span><span class="p">:</span> <span class="n">os</span><span class="o">.</span><span class="n">umask</span><span class="p">(</span><span class="n">saved_umask</span><span class="p">)</span> <span class="n">os</span><span class="o">.</span><span class="n">rmdir</span><span class="p">(</span><span class="n">tmpdir</span><span class="p">)</span> </pre></div> </div> </section> <section id="consequences"> <h2>Consequences<a class="headerlink" href="#consequences" title="Link to this heading">¶</a></h2> <ul class="simple"> <li><p>The program can be tricked into performing file actions against the wrong file or using a malicious file instead of the expected temporary file</p></li> </ul> </section> <section id="references"> <h2>References<a class="headerlink" href="#references" title="Link to this heading">¶</a></h2> <ul class="simple"> <li><p><a class="reference external" href="https://www.securecoding.cert.org/confluence/download/attachments/3524/07.5+Temporary+Files+v2.pdf">Temporary File - CERT Secure Coding Standards</a></p></li> <li><p><a class="reference external" href="https://www.securecoding.cert.org/confluence/display/seccode/FIO21-C.+Do+not+create+temporary+files+in+shared+directories">FIO21-C. Do not create temporary files in shared directories</a></p></li> <li><p><a class="reference external" href="https://www.securecoding.cert.org/confluence/display/java/FIO03-J.+Remove+temporary+files+before+termination">FIO03-J. Remove temporary files before termination</a></p></li> <li><p><a class="reference external" href="http://cwe.mitre.org/data/definitions/377.html">CWE-377: Insecure Temporary File</a></p></li> <li><p><a class="reference external" href="http://cwe.mitre.org/data/definitions/379.html">CWE-379: Creation of Temporary File in Directory with Incorrect Permissions</a></p></li> <li><p><a class="reference external" href="http://cwe.mitre.org/data/definitions/459.html">CWE-459: Incomplete Cleanup</a></p></li> <li><p><a class="reference external" href="https://docs.python.org/2/library/tempfile.html">Python tempfile</a></p></li> </ul> </section> </section> </div> </div> </div> <div class="docs-actions"> <a href="dg_using-file-paths.html"><i class="fa fa-angle-double-left" data-toggle="tooltip" data-placement="top" title="Previous: Restrict path access to prevent path traversal"></i></a> <a href="dg_validate-certificates.html"><i class="fa fa-angle-double-right" data-toggle="tooltip" data-placement="top" title="Next: Validate certificates on HTTPS connections to avoid man-in-the-middle attacks"></i></a> <a id="logABugLink3" href="" target="_blank" title="Found an error? Report a bug against this page"><i class="fa fa-bug" data-toggle="tooltip" data-placement="top" title="Report a Bug"></i></a> </div> <div class="row docs-byline bottom"> <div class="docs-updated">this page last updated: 2015-05-07 12:16:44</div> </div> <div class="row"> <div class="col-lg-8 col-md-8 col-sm-8 docs-license"> <a href="https://creativecommons.org/licenses/by/3.0/"> <img src="../_static/images/docs/license.png" alt="Creative Commons Attribution 3.0 License"/> </a> <p> Except where otherwise noted, this document is licensed under <a href="https://creativecommons.org/licenses/by/3.0/">Creative Commons Attribution 3.0 License</a>. See all <a href="https://www.openstack.org/legal"> OpenStack Legal Documents</a>. </p> </div> <div class="col-lg-4 col-md-4 col-sm-4 docs-actions-wrapper">  <a href="#" id="logABugLink2" class="docs-footer-actions"><i class="fa fa-bug"></i> found an error? report a bug</a> </div> </div> </div> <div class="col-lg-3 col-md-4 col-sm-4 col-lg-pull-9 col-md-pull-8 col-sm-pull-8 docs-sidebar"> <div class="btn-group docs-sidebar-releases"> <button onclick="location.href='/'" class="btn docs-sidebar-home" data-toggle="tooltip" data-placement="top" title="OpenStack Docs Home"><i class="fa fa-arrow-circle-o-left"></i></button> <button type="button" data-toggle="dropdown" class="btn docs-sidebar-release-select">OpenStack Documentation<i class="fa fa-caret-down"></i></button> <ul class="dropdown-menu docs-sidebar-dropdown" role="menu"> <li role="presentation" class="dropdown-header">Guides</li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://docs.openstack.org/index.html#install-guides">Install Guides</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://docs.openstack.org/index.html#user-guides">User Guides</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://docs.openstack.org/index.html#configuration-guides">Configuration Guides</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://docs.openstack.org/index.html#ops-and-admin-guides">Operations and Administration Guides</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://docs.openstack.org/index.html#api-guides">API Guides</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://docs.openstack.org/index.html#contributor-guides">Contributor Guides</a></li> <li role="presentation" class="dropdown-header">Languages</li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://docs.openstack.org/de/">Deutsch (German)</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://docs.openstack.org/fr/">Français (French)</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://docs.openstack.org/id/">Bahasa Indonesia (Indonesian)</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://docs.openstack.org/it/">Italiano (Italian)</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://docs.openstack.org/ja/">日本語 (Japanese)</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://docs.openstack.org/ko_KR/">한국어 (Korean)</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://docs.openstack.org/pt_BR/">Português (Portuguese)</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://docs.openstack.org/tr_TR/">Türkçe (Türkiye)</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://docs.openstack.org/zh_CN/">简体中文 (Simplified Chinese)</a></li> </ul> </div> <div class="docs-sidebar-toc"> <div class="docs-sidebar-toc"> <div class="docs-sidebar-section" id="local-table-of-contents"> <h4 class="docs-sidebar-section-title">Contents</h4> <ul> <li><a class="reference internal" href="#">Create, use, and remove temporary files securely</a><ul> <li><a class="reference internal" href="#python">Python</a></li> <li><a class="reference internal" href="#incorrect">Incorrect</a></li> <li><a class="reference internal" href="#correct">Correct</a></li> <li><a class="reference internal" href="#consequences">Consequences</a></li> <li><a class="reference internal" href="#references">References</a></li> </ul> </li> </ul> </div> </div> </div> </div> </div> </div> <footer> <div class="container"> <div class="row footer-links"> <div class="col-lg-2 col-sm-2"> <h3>OpenStack</h3> <ul> <li><a href="https://www.openstack.org/software/project-navigator/">Projects</a></li> <li><a href="https://security.openstack.org/">OpenStack Security</a></li> <li><a href="https://openstack.org/blog/">Blog</a></li> <li><a href="https://openstack.org/news/">News</a></li> </ul> </div> <div class="col-lg-2 col-sm-2"> <h3>Community</h3> <ul> <li><a href="https://www.meetup.com/pro/openinfradev/">User Groups</a></li> <li><a href="https://openstack.org/community/events/">Events</a></li> <li><a href="https://openstack.org/community/jobs/">Jobs</a></li> <li><a href="https://openinfra.dev/members/">Companies</a></li> <li><a href="https://docs.openstack.org/contributors">Contribute</a></li> </ul> </div> <div class="col-lg-2 col-sm-2"> <h3>Documentation</h3> <ul> <li><a href="https://docs.openstack.org">OpenStack Manuals</a></li> <li><a href="https://openstack.org/software/start/">Getting Started</a></li> <li><a href="https://developer.openstack.org">API Documentation</a></li> <li><a href="https://wiki.openstack.org">Wiki</a></li> </ul> </div> <div class="col-lg-2 col-sm-2"> <h3>Branding & Legal</h3> <ul> <li><a href="https://openinfra.dev/legal">Legal Docs</a></li> <li><a href="https://openstack.org/brand/">Logos & Guidelines</a></li> <li><a href="https://openinfra.dev/legal/trademark-policy">Trademark Policy</a></li> <li><a href="https://openinfra.dev/privacy-policy">Privacy Policy</a></li> <li><a href="https://docs.openstack.org/contributors/common/setup-gerrit.html#individual-contributor-license-agreement">OpenInfra CLA</a></li> </ul> </div> <div class="col-lg-4 col-sm-4"> <h3>Stay In Touch</h3> <a href="https://twitter.com/OpenStack" target="_blank" class="social-icons footer-twitter"></a> <a href="https://www.facebook.com/openinfradev" target="_blank" class="social-icons footer-facebook"></a> <a href="https://www.linkedin.com/company/open-infrastructure-foundation" target="_blank" class="social-icons footer-linkedin"></a> <a href="https://www.youtube.com/user/OpenStackFoundation" target="_blank" class="social-icons footer-youtube"></a> <p class="fine-print"> The OpenStack project is provided under the <a href="https://www.apache.org/licenses/LICENSE-2.0">Apache 2.0 license</a>. Docs.openstack.org is powered by <a href="https://rackspace.com" target="_blank">Rackspace Cloud Computing</a>. </p> </div> </div> </div> </footer>  <script src="../_static/js/jquery-3.2.1.min.js"></script>  <script src="../_static/js/bootstrap.min.js"></script>  <script src="../_static/js/navigation.js"></script>  <script src="../_static/js/docs.js"></script>  <script> /* Build a description of this page including SHA, source location on git * repo, build time and the project's launchpad bug tag. Set the HREF of the * bug buttons */ var lineFeed = "%0A"; var gitURL = "Source: Can't derive source file URL"; /* there have been cases where "pagename" wasn't set; better check for it */ /* "giturl" is the URL of the source file on Git and is auto-generated by * openstackdocstheme. * * "pagename" is a standard sphinx parameter containing the name of * the source file, without extension. */ var sourceFile = "guidelines/dg_using-temporary-files-securely" + ".rst"; gitURL = "Source: https://opendev.org/openstack/ossa/src/doc/source" + "/" + sourceFile; /* gitsha, project and bug_tag rely on variables in conf.py */ var gitSha = "SHA: 50c8dff72ca6116a181238306ada1adb826a1494"; var repositoryName = "openstack/ossa"; var bugProject = "ossa"; var bugTitle = "Create, use, and remove temporary files securely in OpenStack Security Advisories"; var fieldTags = ""; var useStoryboard = ""; /* "last_updated" is the build date and time. It relies on the conf.py variable "html_last_updated_fmt", which should include year/month/day as well as hours and minutes */ var buildstring = "Release: 0.0.1.dev290 on 2015-05-07 12:16:44"; var fieldComment = encodeURI(buildstring) + lineFeed + encodeURI(gitSha) + lineFeed + encodeURI(gitURL) ; logABug(bugTitle, bugProject, fieldComment, fieldTags, repositoryName, useStoryboard); </script> </body> </html>