ocaml.lang.security.tempfile.ocamllint-tempfile

profile photo of semgrepsemgrep
Author
unknown
Download Count*
LGPL Commons Clause
License

Filename.temp_file might lead to race conditions, since the file could be altered or replaced by a symlink before being opened.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit RuleView Source
Open in Playground 
rules:
  - id: ocamllint-tempfile
    pattern: Filename.temp_file
    message: Filename.temp_file might lead to race conditions, since the file could
      be altered or replaced by a symlink before being opened.
    languages:
      - ocaml
    severity: WARNING
    metadata:
      category: security
      references:
        - https://v2.ocaml.org/api/Filename.html
      technology:
        - ocaml
      cwe: "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition"
      confidence: LOW
      likelihood: MEDIUM
      impact: MEDIUM
      subcategory:
        - audit
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]
      vulnerability_class:
        - Other

Examples

tempfile.ml

(* ruleid:ocamllint-tempfile *)
let ofile = Filename.temp_file "test" "" in
Printf.printf "%s\n" ofile