mirror of
https://github.com/ceph/ceph
synced 2025-03-11 02:39:05 +00:00
misc: Use tempfile.mkstemp() instead of tempnam
tempnam() is considered an unsafe security risk because the filename generated is easy to guess and can be symlinked in advance. Use mkstemp() instead. Signed-off-by: Sam Lang <sam.lang@inktank.com> Reviewed-by: Joe Buck <jbbuck@gmail.com>
This commit is contained in:
parent
35e6db72a1
commit
3b0d91533e
@ -399,7 +399,7 @@ def remove_lines_from_file(remote, path, line_is_valid_test, string_to_test_for)
|
|||||||
move_file(remote, temp_file_path, path)
|
move_file(remote, temp_file_path, path)
|
||||||
|
|
||||||
def append_lines_to_file(remote, path, lines, sudo=False):
|
def append_lines_to_file(remote, path, lines, sudo=False):
|
||||||
temp_file_path = get_remote_tempnam(remote)
|
temp_file_path = remote_mktemp(remote)
|
||||||
|
|
||||||
data = get_file(remote, path, sudo)
|
data = get_file(remote, path, sudo)
|
||||||
|
|
||||||
@ -413,14 +413,14 @@ def append_lines_to_file(remote, path, lines, sudo=False):
|
|||||||
# then do a 'mv' to the actual file location
|
# then do a 'mv' to the actual file location
|
||||||
move_file(remote, temp_file_path, path)
|
move_file(remote, temp_file_path, path)
|
||||||
|
|
||||||
def get_remote_tempnam(remote, sudo=False):
|
def remote_mktemp(remote, sudo=False):
|
||||||
args = []
|
args = []
|
||||||
if sudo:
|
if sudo:
|
||||||
args.append('sudo')
|
args.append('sudo')
|
||||||
args.extend([
|
args.extend([
|
||||||
'python',
|
'python',
|
||||||
'-c',
|
'-c',
|
||||||
'import os; print os.tempnam()'
|
'import os; import tempfile; (fd,fname) = tempfile.mkstemp(); fd.close(); print fname.rstrip()'
|
||||||
])
|
])
|
||||||
proc = remote.run(
|
proc = remote.run(
|
||||||
args=args,
|
args=args,
|
||||||
|
Loading…
Reference in New Issue
Block a user