subject:"\[issue39768\] remove tempfile.mktemp\(\)"

[issue39768] remove tempfile.mktemp()

2020-03-07 Thread wyz23x2



Change by wyz23x2 :


--
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue39768] remove tempfile.mktemp()

2020-02-27 Thread wyz23x2



wyz23x2  added the comment:

Well, I just think it's *serious*.
I respect your thoughts. If you want to close this, you can.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue39768] remove tempfile.mktemp()

2020-02-27 Thread Serhiy Storchaka



Serhiy Storchaka  added the comment:

wyz23x2, why do you think that this is not a duplicate of issue36309?

--
nosy: +serhiy.storchaka

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue39768] remove tempfile.mktemp()

2020-02-27 Thread Zackery Spytz



Change by Zackery Spytz :


--
nosy: +ZackerySpytz

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue39768] remove tempfile.mktemp()

2020-02-26 Thread wyz23x2



Change by wyz23x2 :


--
nosy:  -ZackerySpytz

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue39768] remove tempfile.mktemp()

2020-02-26 Thread wyz23x2



wyz23x2  added the comment:

Reopen.
1.See https://mail.python.org/pipermail/python-dev/2019-March/156765.html and 
https://owasp.org/www-community/vulnerabilities/Insecure_Temporary_File. It's 
*serious*.
2.Why not use this to generate a
temporary name that an other program will create/act on?
import secrets
path = f"{x}{secrets.token_hex(n)}" # n is an large int
# x is a path like "/tmp"
# do something...

--
resolution: duplicate -> 
status: closed -> open

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue39768] remove tempfile.mktemp()

2020-02-26 Thread Serhiy Storchaka



Change by Serhiy Storchaka :


--
resolution:  -> duplicate
stage:  -> resolved
status: open -> closed
superseder:  -> Remove tempfile.mktemp()

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue39768] remove tempfile.mktemp()

2020-02-26 Thread wyz23x2



wyz23x2  added the comment:

Sorry, in (a)(b) is should be with "open(mktemp(),'x') as f:".

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue39768] remove tempfile.mktemp()

2020-02-26 Thread wyz23x2



wyz23x2  added the comment:

I know it's hard to achieve :)

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue39768] remove tempfile.mktemp()

2020-02-26 Thread wyz23x2



wyz23x2  added the comment:

case c is used for the case that is stated in 
https://mail.python.org/pipermail/python-dev/2019-March/156725.html (a
temporary name that an other program will create / act on).

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue39768] remove tempfile.mktemp()

2020-02-26 Thread wyz23x2



wyz23x2  added the comment:

(c)
from tempfile import mktemp
# do something...
path = mktemp()
# do something... (the "path" var is not used at all)

## No Warning

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue39768] remove tempfile.mktemp()

2020-02-26 Thread wyz23x2



wyz23x2  added the comment:

You could add a check that does this:
(a)
from tempfile import mktemp
with open(mktemp()) as f:
# do something...

## No Warnings
(b)
from tempfile import mktemp
path = mktemp()
# do something...
with open(mktemp()) as f:
# do something...

## RuntimeWarning: mktemp() is unsafe. Use NamedTemporaryFile(delete=False).

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue39768] remove tempfile.mktemp()

2020-02-26 Thread wyz23x2



wyz23x2  added the comment:

But I think the function should redirect to NamedTemporaryFile(delete=False).

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue39768] remove tempfile.mktemp()

2020-02-26 Thread wyz23x2



wyz23x2  added the comment:

Sorry, didn't realize that.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue39768] remove tempfile.mktemp()

2020-02-26 Thread Zackery Spytz



Zackery Spytz  added the comment:

I think this is a duplicate of bpo-36309.

--
nosy: +ZackerySpytz

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue39768] remove tempfile.mktemp()

2020-02-26 Thread wyz23x2



Change by wyz23x2 :


--
components: +Library (Lib)

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue39768] remove tempfile.mktemp()

2020-02-26 Thread wyz23x2



wyz23x2  added the comment:

A small typo in the 1st comment:
The tempfile.mktemp() function was deprecated since version 2.3; it's long ago 
(nearly 17 years!). It should be removed since it causes security holes, as 
stated in the tempfile doc 
(https://docs.python.org/3/library/tempfile.html#tempfile.mktemp).

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue39768] remove tempfile.mktemp()

2020-02-26 Thread wyz23x2



New submission from wyz23x2 :

the tempfile.mktemp() function was deprecated since version 2.3; it's long ago 
(nearly 17 years)! It should be removed since it causes security holes, as 
stated in the tempfile doc 
(https://docs.python.org/3/library/tempfile.html#tempfile.mktemp).

--
components: IO
messages: 362762
nosy: wyz23x2
priority: normal
severity: normal
status: open
title: remove tempfile.mktemp()
type: security
versions: Python 3.7, Python 3.8, Python 3.9

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue39768] remove tempfile.mktemp()

[issue39768] remove tempfile.mktemp()

[issue39768] remove tempfile.mktemp()

[issue39768] remove tempfile.mktemp()

[issue39768] remove tempfile.mktemp()

[issue39768] remove tempfile.mktemp()

[issue39768] remove tempfile.mktemp()

[issue39768] remove tempfile.mktemp()

[issue39768] remove tempfile.mktemp()

[issue39768] remove tempfile.mktemp()

[issue39768] remove tempfile.mktemp()

[issue39768] remove tempfile.mktemp()

[issue39768] remove tempfile.mktemp()

[issue39768] remove tempfile.mktemp()

[issue39768] remove tempfile.mktemp()

[issue39768] remove tempfile.mktemp()

[issue39768] remove tempfile.mktemp()

[issue39768] remove tempfile.mktemp()

18 matches

Site Navigation

Mail list logo

Footer information