- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
ID: ruby-security/hardcoded-tmp-file
Language: Ruby
Severity: Warning
Category: Security
CWE: 379
The rule of avoiding hardcoded temp files is crucial in Ruby development to ensure the security and integrity of your code. Hardcoded temp files can expose your application to several potential risks such as unauthorized file access, data corruption, or even data loss.
This is particularly important in a multi-user environment where multiple processes might try to read or write to the same file, leading to race conditions. Hardcoding temp files also disregard the system’s temp directory, which could be problematic if the system lacks the necessary permissions or space in the specified location.
To avoid this, use Ruby’s Tempfile
class or Dir.mktmpdir
method which automatically handle the creation and cleanup of temporary files/directories in a safe manner. For instance, instead of File.write("/tmp/myfile.txt", "foobar")
, you can use Tempfile.create
to create a temporary file. This ensures your application is more secure, reliable, and portable across different operating systems.
File.write("/tmp/myfile.txt", "foobar")
|
|
For more information, please read the Code Security documentation
Identify code vulnerabilities directly in yourVS Code editor
Identify code vulnerabilities directly inJetBrains products