# Insecure Temporary File (CWE-377)

Creating and using insecure temporary files can leave application and system data vulnerable to attack.

- Prevalence: 보통 1개 언어 지원
- Impact: 보통 검토 권장
- Prevention: 문서화됨 1개의 수정 예시

**OWASP:** Insecure Design (A04:2021-Insecure Design) - #4

## Description

Temporary files that are created with predictable names, insecure permissions, or in shared directories can be exploited by attackers to read or modify sensitive data, or to inject malicious content.

## Prevention

### Key Practices

- Use tempfile

### Python

Use tempfile.NamedTemporaryFile or tempfile.mkstemp instead of mktemp

## Warning Signs

- [MEDIUM] insecure temporary file creation using tempfile

## Consequences

- 애플리케이션 데이터 읽기
- 애플리케이션 데이터 수정
- 승인되지 않은 코드 실행

## Mitigations

- 안전한 임시 파일 생성 함수(예: mkstemp)를 사용하세요
- 모든 사용자에게 쓰기 가능하지 않은 안전한 디렉터리에 임시 파일을 생성하세요
- 임시 파일에는 제한적인 권한을 설정하세요

## Detection

- Total rules: 1
- Languages: python

## Rules by Language

### Python (1 rules)

- **Insecure Temporary File Creation** [MEDIUM]: Detects insecure temporary file creation using tempfile.mktemp(), predictable
names, or world-readable permissions. These can lead to symlink attacks, race
conditions, or information disclosure. Use tempfile.mkstemp() or NamedTemporaryFile.
  - Remediation: Use tempfile.NamedTemporaryFile or tempfile.mkstemp instead of mktemp().

```python
import tempfile

with tempfile.NamedTemporaryFile(mode='w+', delete=True) as tmp:
    tmp.write(data)
    tmp.flush()
    result = process_file(tmp.name)
```

Learn more: https://shoulder.dev/learn/python/cwe-377/insecure-tempfile