From c5f29fe3ea6cd9a61883f2cdabd80ea888ae8b4f Mon Sep 17 00:00:00 2001 From: Nadav Har'El Date: Tue, 11 Jan 2022 14:19:24 +0200 Subject: [PATCH] configure.py: don't use deprecated mktemp() configure.py uses the deprecated Python function tempfile.mktemp(). Because this function is labeled a "security risk" it is also a magnet for automated security scanners... So let's replace it with the recommended tempfile.mkstemp() and avoid future complaints. The actual security implications of this mktemp() call is negligible to non-existent: First it's just the build process (configure.py), not the build product itself. Second, the worst that an attacker (which needs to run in the build machine!) can do is to cause a compilation test in configure.py to fail because it can't write to its output file. Reported by @srikanthprathi Signed-off-by: Nadav Har'El Message-Id: <20220111121924.615173-1-nyh@scylladb.com> --- configure.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/configure.py b/configure.py index 198315550c..4b70ca13f4 100755 --- a/configure.py +++ b/configure.py @@ -168,7 +168,8 @@ def ensure_tmp_dir_exists(): def try_compile_and_link(compiler, source='', flags=[], verbose=False): ensure_tmp_dir_exists() with tempfile.NamedTemporaryFile() as sfile: - ofile = tempfile.mktemp() + ofd, ofile = tempfile.mkstemp() + os.close(ofd) try: sfile.file.write(bytes(source, 'utf-8')) sfile.file.flush()