mirror of
https://github.com/github/codeql.git
synced 2026-02-05 01:31:08 +01:00
34 lines
833 B
Plaintext
34 lines
833 B
Plaintext
/**
|
|
* @name Insecure temporary file
|
|
* @description Creating a temporary file using this method may be insecure.
|
|
* @kind problem
|
|
* @id py/insecure-temporary-file
|
|
* @problem.severity error
|
|
* @security-severity 7.0
|
|
* @sub-severity high
|
|
* @precision high
|
|
* @tags external/cwe/cwe-377
|
|
* security
|
|
*/
|
|
|
|
import python
|
|
import semmle.python.ApiGraphs
|
|
|
|
API::Node temporary_name_function(string mod, string function) {
|
|
(
|
|
mod = "tempfile" and function = "mktemp"
|
|
or
|
|
mod = "os" and
|
|
(
|
|
function = "tmpnam"
|
|
or
|
|
function = "tempnam"
|
|
)
|
|
) and
|
|
result = API::moduleImport(mod).getMember(function)
|
|
}
|
|
|
|
from Call c, string mod, string function
|
|
where temporary_name_function(mod, function).getACall().asExpr() = c
|
|
select c, "Call to deprecated function " + mod + "." + function + " may be insecure."
|