gitlab.bandit.B325

385

Download Count*

MIT

License

The Python 'os' tempnam|tmpnam functions are vulnerable to symlink attacks

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: bandit.B325
    pattern-either:
      - pattern: os.tempnam(...)
      - pattern: os.tmpnam(...)
    message: The Python 'os' tempnam|tmpnam functions are vulnerable to symlink attacks
    metadata:
      cwe: "CWE-377: Insecure Temporary File"
      primary_identifier: bandit.B325
      secondary_identifiers:
        - name: Bandit Test ID B325
          type: bandit_test_id
          value: B325
      license: MIT
    severity: WARNING
    languages:
      - python

Short Link: https://sg.run/DwwY