gitlab.gosec.G303-1

unknown

Download Count*

MIT

License

File creation in shared tmp directory without using ioutil.Tempfile

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: gosec.G303-1
    patterns:
      - pattern-either:
          - pattern: |
              ioutil.WriteFile("$ARG", ...)
          - pattern: |
              os.Create("$ARG")
      - metavariable-regex:
          metavariable: $ARG
          regex: (/tmp/.*|/var/tmp/.*)
    message: |
      File creation in shared tmp directory without using ioutil.Tempfile
    metadata:
      cwe: "CWE-378: Creation of Temporary File With Insecure Permissions"
      primary_identifier: gosec.G303-1
      secondary_identifiers:
        - name: Gosec Rule ID G303
          type: gosec_rule_id
          value: G303
      license: MIT
    severity: WARNING
    languages:
      - go

Short Link: https://sg.run/qYxO