python.lang.best-practice.hardcoded-tmp-path.hardcoded-tmp-path

semgrep

Author

5,959

Download Count*

LGPL Commons Clause

License

Detected hardcoded temp directory. Consider using 'tempfile.TemporaryFile' instead.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: hardcoded-tmp-path
    pattern: open("=~/^\/tmp.*/", ...)
    message: Detected hardcoded temp directory. Consider using
      'tempfile.TemporaryFile' instead.
    metadata:
      references:
        - https://docs.python.org/3/library/tempfile.html#tempfile.TemporaryFile
      category: best-practice
      technology:
        - python
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]
    severity: WARNING
    languages:
      - python

Examples

hardcoded-tmp-path.py

def test1():
    # ruleid:hardcoded-tmp-path
    f = open("/tmp/blah.txt", 'w')
    f.write("hello world")
    f.close()

def test2():
    # ruleid:hardcoded-tmp-path
    f = open("/tmp/blah/blahblah/blah.txt", 'r')
    data = f.read()
    f.close()

def test3():
    # ok:hardcoded-tmp-path
    f = open("./tmp/blah.txt", 'w')
    f.write("hello world")
    f.close()

def test3a():
    # ok:hardcoded-tmp-path
    f = open("/var/log/something/else/tmp/blah.txt", 'w')
    f.write("hello world")
    f.close()

def test4():
    # ruleid:hardcoded-tmp-path
    with open("/tmp/blah.txt", 'r') as fin:
        data = fin.read()

def test5():
    # ok:hardcoded-tmp-path
    with open("./tmp/blah.txt", 'w') as fout:
        fout.write("hello world")

Short Link: https://sg.run/zv0W