configure.py: don't use deprecated mktemp()

configure.py uses the deprecated Python function tempfile.mktemp(). Because this function is labeled a "security risk" it is also a magnet for automated security scanners... So let's replace it with the recommended tempfile.mkstemp() and avoid future complaints. The actual security implications of this mktemp() call is negligible to non-existent: First it's just the build process (configure.py), not the build product itself. Second, the worst that an attacker (which needs to run in the build machine!) can do is to cause a compilation test in configure.py to fail because it can't write to its output file. Reported by @srikanthprathi Signed-off-by: Nadav Har'El <nyh@scylladb.com> Message-Id: <20220111121924.615173-1-nyh@scylladb.com>
2026-06-09 00:13:31 +00:00 · 2022-01-11 14:19:24 +02:00
parent 97d74de8fc
commit c5f29fe3ea
1 changed files with 2 additions and 1 deletions
--- a/configure.py
+++ b/configure.py
@@ -168,7 +168,8 @@ def ensure_tmp_dir_exists():
 def try_compile_and_link(compiler, source='', flags=[], verbose=False):
    ensure_tmp_dir_exists()
    with tempfile.NamedTemporaryFile() as sfile:
-        ofile = tempfile.mktemp()
+        ofd, ofile = tempfile.mkstemp()
+        os.close(ofd)
        try:
            sfile.file.write(bytes(source, 'utf-8'))
            sfile.file.flush()