[issue39768] remove tempfile.mktemp()

Change by wyz23x2 : -- status: open -> closed ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue39768] remove tempfile.mktemp()

wyz23x2 added the comment: Well, I just think it's *serious*. I respect your thoughts. If you want to close this, you can. -- ___ Python tracker ___

[issue39768] remove tempfile.mktemp()

Serhiy Storchaka added the comment: wyz23x2, why do you think that this is not a duplicate of issue36309? -- nosy: +serhiy.storchaka ___ Python tracker ___

[issue39768] remove tempfile.mktemp()

Change by Zackery Spytz : -- nosy: +ZackerySpytz ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue39768] remove tempfile.mktemp()

Change by wyz23x2 : -- nosy: -ZackerySpytz ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue39768] remove tempfile.mktemp()

wyz23x2 added the comment: Reopen. 1.See https://mail.python.org/pipermail/python-dev/2019-March/156765.html and https://owasp.org/www-community/vulnerabilities/Insecure_Temporary_File. It's *serious*. 2.Why not use this to generate a temporary name that an other program will create/act on?

[issue39768] remove tempfile.mktemp()

Change by Serhiy Storchaka : -- resolution: -> duplicate stage: -> resolved status: open -> closed superseder: -> Remove tempfile.mktemp() ___ Python tracker ___

[issue39768] remove tempfile.mktemp()

wyz23x2 added the comment: Sorry, in (a)(b) is should be with "open(mktemp(),'x') as f:". -- ___ Python tracker ___ ___

[issue39768] remove tempfile.mktemp()

wyz23x2 added the comment: I know it's hard to achieve :) -- ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue39768] remove tempfile.mktemp()

wyz23x2 added the comment: case c is used for the case that is stated in https://mail.python.org/pipermail/python-dev/2019-March/156725.html (a temporary name that an other program will create / act on). -- ___ Python tracker

[issue39768] remove tempfile.mktemp()

wyz23x2 added the comment: (c) from tempfile import mktemp # do something... path = mktemp() # do something... (the "path" var is not used at all) ## No Warning -- ___ Python tracker

[issue39768] remove tempfile.mktemp()

wyz23x2 added the comment: You could add a check that does this: (a) from tempfile import mktemp with open(mktemp()) as f: # do something... ## No Warnings (b) from tempfile import mktemp path = mktemp() # do something... with open(mktemp()) as f: # do something... ## RuntimeWarning:

[issue39768] remove tempfile.mktemp()

wyz23x2 added the comment: But I think the function should redirect to NamedTemporaryFile(delete=False). -- ___ Python tracker ___

[issue39768] remove tempfile.mktemp()

wyz23x2 added the comment: Sorry, didn't realize that. -- ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue39768] remove tempfile.mktemp()

Zackery Spytz added the comment: I think this is a duplicate of bpo-36309. -- nosy: +ZackerySpytz ___ Python tracker ___ ___

[issue39768] remove tempfile.mktemp()

Change by wyz23x2 : -- components: +Library (Lib) ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue39768] remove tempfile.mktemp()

wyz23x2 added the comment: A small typo in the 1st comment: The tempfile.mktemp() function was deprecated since version 2.3; it's long ago (nearly 17 years!). It should be removed since it causes security holes, as stated in the tempfile doc

[issue39768] remove tempfile.mktemp()

New submission from wyz23x2 : the tempfile.mktemp() function was deprecated since version 2.3; it's long ago (nearly 17 years)! It should be removed since it causes security holes, as stated in the tempfile doc (https://docs.python.org/3/library/tempfile.html#tempfile.mktemp). --