Skip to content

adding CWE-459 #893

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

adding CWE-459 #893

wants to merge 1 commit into from

Conversation

dwiley258
Copy link

No description provided.

@dwiley258
adding CWE-459
72b127b 
Signed-off-by: ewlxdnx <[email protected]>
@myteron myteron requested a review from BartyBoi1128 May 20, 2025 10:23
BartKaras1128
BartKaras1128 suggested changes May 20, 2025
View reviewed changes
Copy link
Contributor

@BartKaras1128 BartKaras1128 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Threw in a few extra bits about why "tempfile.mkstemp()" requires manual cleanup, and fixed a few minor bits. Happy with it besides that.

docs/Secure-Coding-Guide-for-Python/CWE-664/CWE-459/README.md

In Python there is two documented ways to create temporary files using the tempfile library, tempfile.mkstemp() and tempfile.NamedTemporaryFile() .

tempfile.mksdir() creates a secure file in the most secure fashion allowing only read and write to the user who executed the python script. It returns a tuple, which does not work well with the "with" statement. This mean that the user is responsible for deleting the temporary file after use.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
tempfile.mksdir() creates a secure file in the most secure fashion allowing only read and write to the user who executed the python script. It returns a tuple, which does not work well with the "with" statement. This mean that the user is responsible for deleting the temporary file after use.
tempfile.mkstemp() creates a secure file in the most secure fashion allowing only read and write to the user who executed the python script. The function returns a tuple containing a file descriptor and the file path, but since this tuple is not a context manager, it does not directly integrate with the "with" statement, which automatically manages resource cleanup. This means that the user is responsible for deleting the temporary file after use.

docs/Secure-Coding-Guide-for-Python/CWE-664/CWE-459/README.md

tempfile.mksdir() creates a secure file in the most secure fashion allowing only read and write to the user who executed the python script. It returns a tuple, which does not work well with the "with" statement. This mean that the user is responsible for deleting the temporary file after use.

tempfile.NamedTemporaryFile() is more advanced than the mkstemp() method as it returns a file-like object that works well with the "with" statement, although it creates the file with the same permissions as mkstemp(). The default behaviour is to delete the file once the "with" block is finished. If the file is needed outside of the with block, the delete_on_close parameter must be set to false.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
tempfile.NamedTemporaryFile() is more advanced than the mkstemp() method as it returns a file-like object that works well with the "with" statement, although it creates the file with the same permissions as mkstemp(). The default behaviour is to delete the file once the "with" block is finished. If the file is needed outside of the with block, the delete_on_close parameter must be set to false.
tempfile.NamedTemporaryFile() is more advanced than the mkstemp() method as it returns a file-like object, which acts as a context manager, which works well with the "with" statement, although it creates the file with the same permissions as mkstemp(). The default behaviour is to delete the file once the "with" block is finished. If the file is needed outside of the with block, the delete_on_close parameter must be set to false.

docs/Secure-Coding-Guide-for-Python/CWE-664/CWE-459/README.md
Comment on lines +21 to +22
"""Non-compliant Code Example"""

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
"""Non-compliant Code Example"""

docs/Secure-Coding-Guide-for-Python/CWE-664/CWE-459/README.md
Comment on lines +36 to +37
"""Non-compliant Code Example"""

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
"""Non-compliant Code Example"""

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@BartKaras1128 BartKaras1128 BartKaras1128 requested changes

@BartyBoi1128 BartyBoi1128 Awaiting requested review from BartyBoi1128

Assignees
No one assigned
Labels
Product: Python Hardening Guide
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@dwiley258 @BartKaras1128 @myteron