Fix insecure temporary file creation (#1890)

* Fix insecure temporary file creation * minor error fix tmp_path.name (NamedTemporaryFile().name) is required to return the filename string. old-commit-hash: a34b9f5cb5
5 years ago · 9b94e0ae8b
parent 370a68623e
commit 9b94e0ae8b
1 changed files with 3 additions and 3 deletions
--- a/common/params.py
+++ b/common/params.py
@ -319,14 +319,14 @@ def write_db(params_path, key, value):
  lock.acquire()

  try:
-    tmp_path = tempfile.mktemp(prefix=".tmp", dir=params_path)
-    with open(tmp_path, "wb") as f:
+    tmp_path = tempfile.NamedTemporaryFile(mode="wb", prefix=".tmp", dir=params_path, delete=False)
+    with tmp_path as f:
      f.write(value)
      f.flush()
      os.fsync(f.fileno())

    path = "%s/d/%s" % (params_path, key)
-    os.rename(tmp_path, path)
+    os.rename(tmp_path.name, path)
    fsync_dir(os.path.dirname(path))
  finally:
    os.umask(prev_umask)