Avoid hardcoded temp files

This product is not supported for your selected Datadog site. ().
이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Metadata

ID: ruby-security/hardcoded-tmp-file

Language: Ruby

Severity: Warning

Category: Security

CWE: 379

Description

The rule of avoiding hardcoded temp files is crucial in Ruby development to ensure the security and integrity of your code. Hardcoded temp files can expose your application to several potential risks such as unauthorized file access, data corruption, or even data loss.

This is particularly important in a multi-user environment where multiple processes might try to read or write to the same file, leading to race conditions. Hardcoding temp files also disregard the system’s temp directory, which could be problematic if the system lacks the necessary permissions or space in the specified location.

To avoid this, use Ruby’s Tempfile class or Dir.mktmpdir method which automatically handle the creation and cleanup of temporary files/directories in a safe manner. For instance, instead of File.write("/tmp/myfile.txt", "foobar"), you can use Tempfile.create to create a temporary file. This ensures your application is more secure, reliable, and portable across different operating systems.

Non-Compliant Code Examples

File.write("/tmp/myfile.txt", "foobar")
https://static.datadoghq.com/static/images/logos/github_avatar.svg https://static.datadoghq.com/static/images/logos/vscode_avatar.svg jetbrains

원활한 통합. Datadog Code Security를 경험해 보세요

Datadog Code Security