Merge pull request #70 from pixee/python-tempfile

add tempfile py docs
pixee · Sep 5, 2023 · 16d2526 · 16d2526
2 parents ad72d70 + 908475b
commit 16d2526
Showing 1 changed file with 34 additions and 0 deletions.
diff --git a/docs/codemods/python/pixee_python_secure-tempfile.md b/docs/codemods/python/pixee_python_secure-tempfile.md
@@ -0,0 +1,34 @@
+---
+title: Make Secure Tempfiles
+sidebar_position: 1
+---
+
+## pixee:python/secure-tempfile
+
+| Importance | Review Guidance        | Requires SARIF Tool |
+|-----------|------------------------|---------------------|
+| High      | Merge Without Review   | No                  |
+
+This codemod replaces all `tempfile.mktemp` calls to the more secure `tempfile.mkstemp`.
+
+The Python [tempfile documentation](https://docs.python.org/3/library/tempfile.html#tempfile.mktemp) is explicit
+that `tempfile.mktemp` should be deprecated to avoid an unsafe and unexpected race condition.
+The changes from this codemod look like this:
+
+
+```diff
+  import tempfile
+- tempfile.mktemp(...)
++ tempfile.mkstemp(...)
+```
+
+If you have feedback on this codemod, [please let us know](mailto:[email protected])!
+
+## F.A.Q. 
+
+### Why is this codemod marked as Merge Without Review?
+
+We believe this codemod is safe and will cause no unexpected errors.
+
+## References
+* [https://docs.python.org/3/library/tempfile.html#tempfile.mktemp](https://docs.python.org/3/library/tempfile.html#tempfile.mktemp)