[B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
sandrobonazzola opened this issue · comments
bandit reports:
Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
Severity: Medium Confidence: Medium
CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
Location:
./run_kraken.py:
29 : with open("/tmp/kraken_status", "w+") as file:
./server.py:
22 : f = open("/tmp/kraken_status", "rb")
37 : with open("/tmp/kraken_status", "w+") as file:
43 : with open("/tmp/kraken_status", "w+") as file:
49 : with open("/tmp/kraken_status", "w+") as file:
More Info: https://bandit.readthedocs.io/en/1.7.4/plugins/b108_hardcoded_tmp_directory.html
Usage of /tmp/kraken_status
was added in pr #158. @paigerube14 if I get it right you want to record RUN
, STOP
, PAUSE
events and send the logs over HTTP when a GET
request is coming for /
path.
Do you really need to store the log on disk? Could it be stored in an io.StringIO
memory buffer instead?
@sandrobonazzola how did you get that security output? Should we add that as a github workflow so we can more readily catch errors like this
closing with PR being merged