Skip to main content

Sonar: Upgrade and Secure Temp File Creation


ImportanceReview GuidanceRequires Scanning Tool
HighMerge Without ReviewYes (Sonar)

This codemod acts upon the following Sonar rules: python:S5445.

This codemod replaces all tempfile.mktemp calls to the more secure tempfile.mkstemp.

The Python tempfile documentation is explicit that tempfile.mktemp should be deprecated to avoid an unsafe and unexpected race condition. The changes from this codemod look like this:

  import tempfile
- tempfile.mktemp(...)
+ tempfile.mkstemp(...)

If you have feedback on this codemod, please let us know!


Why is this codemod marked as Merge Without Review?

We believe this codemod is safe and will cause no unexpected errors.

Codemod Settings