Temporary Files High

Creating temporary files in shared /tmp or /var/tmp directories without using os.CreateTemp() can be insecure. An attacker may create symlinks to target sensitive files before the app writes the temp file. This can lead to overwriting or exposing unintended files. os.CreateTemp() sets permissions to prevent symlink attacks. Using it instead of directly writing temp files prevents unintended overwrites from malicious symlinks.

Detector ID

go/temporary-files@v1.0

Category

Security

Common Weakness Enumeration (CWE)

CWE-378CWE-377

Tags

-