---
title: Avoid hardcoded temp files
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > Code Security > Static Code Analysis (SAST) > SAST
  Rules > Avoid hardcoded temp files
---

# Avoid hardcoded temp files

{% callout %}
# Important note for users on the following Datadog sites: app.ddog-gov.com

{% alert level="danger" %}
This product is not supported for your selected [Datadog site](https://docs.datadoghq.com/getting_started/site). ().
{% /alert %}

{% /callout %}

## Metadata{% #metadata %}

**ID:** `ruby-security/hardcoded-tmp-file`

**Language:** Ruby

**Severity:** Warning

**Category:** Security

**CWE**: [379](https://cwe.mitre.org/data/definitions/379.html)

## Description{% #description %}

The rule of avoiding hardcoded temp files is crucial in Ruby development to ensure the security and integrity of your code. Hardcoded temp files can expose your application to several potential risks such as unauthorized file access, data corruption, or even data loss.

This is particularly important in a multi-user environment where multiple processes might try to read or write to the same file, leading to race conditions. Hardcoding temp files also disregard the system's temp directory, which could be problematic if the system lacks the necessary permissions or space in the specified location.

To avoid this, use Ruby's `Tempfile` class or `Dir.mktmpdir` method which automatically handle the creation and cleanup of temporary files/directories in a safe manner. For instance, instead of `File.write("/tmp/myfile.txt", "foobar")`, you can use `Tempfile.create` to create a temporary file. This ensures your application is more secure, reliable, and portable across different operating systems.

## Non-Compliant Code Examples{% #non-compliant-code-examples %}

```ruby
File.write("/tmp/myfile.txt", "foobar")
```

## Compliant Code Examples{% #compliant-code-examples %}

```ruby
# Safe: using Tempfile instead of hardcoded tmp path
require 'tempfile'
Tempfile.create('myfile') do |f|
  f.write("foobar")
end
```
  Seamless integrations. Try Datadog Code SecurityDatadog Code Security 
{% icon name="icon-external-link" /%}