Get Started
- CodeAnt AI
- Control Center
- Pull Request Review
- IDE
- Compliance
- Anti-Patterns
- Code Governance
- Infrastructure Security Database
- Application Security Database
- Apex
- Bash
- C
- Clojure
- Cpp
- Csharp
- Dockerfile
- Elixir
- Fingerprints
- Generic
- Go
- Html
- Java
- Javascript
- Json
- Kotlin
- Ocaml
- Php
- Problem-based-packs
- Python
- Airflow
- Attr
- Aws-lambda
- Bokeh
- Boto3
- Cassandra
- Click
- Correctness
- Couchbase
- Cryptography
- Distributed
- Django
- Docker
- Elasticsearch
- Fastapi
- Flask
- Jinja2
- Jwt
- Lang
- Best practice
- Code
- Compatibility
- Correctness
- Correctness
- Deserialization
- File
- Avoid-mktemp
- Tainted-path-traversal-stdlib
- Tainted-shelve
- Hardcoded
- Maintainability
- Os
- Security
- Security
- Ldap3
- Mariadb
- Mysql
- Mysqlclient
- Neo4j
- Openai
- Peewee
- Pg8000
- Psycopg2
- Pycryptodome
- Pyjwt
- Pymongo
- Pymssql
- Pymysql
- Pyramid
- Redis
- Requests
- Sh
- Sqlalchemy
- Tormysql
- Urllib3
- Webrepl
- Wtforms
- Ruby
- Rust
- Scala
- Solidity
- Swift
- Terraform
- Typescript
- Yaml
Avoid-mktemp
Avoid mktemp
The function mktemp
is deprecated. When using this function, it is possible for an attacker to modify the created file before the filename is returned. Use NamedTemporaryFile()
instead and pass it the delete=False
parameter.
Likelihood: LOW
Confidence: HIGH
CWE:
- CWE-377: Insecure Temporary File
OWASP:
- A01:2021 - Broken Access Control