Merge "Avoid usage of insecure mktemp() function"

swift/common/middleware/x_profile/html_viewer.py

@@ -384,10 +384,7 @@ class HTMLViewer(object):
             elif output_format == 'ods':
                 data = stats.to_ods(nfl_esc, limit)
             else:
-                profile_tmp_all = tempfile.mktemp('.profile', 'all')
+                data = stats.print_stats()
-                stats.dump_stats(profile_tmp_all)
-                data = open(profile_tmp_all).read()
-                os.remove(profile_tmp_all)
             return data, [('content-type', self.format_dict[output_format])]
         except ODFLIBNotInstalled as ex:
             raise ex
@@ -427,10 +424,11 @@ class HTMLViewer(object):
                 plt.xlabel(names[metric_selected])
             plt.title('Profile Statistics (by %s)' % names[metric_selected])
             #plt.gcf().tight_layout(pad=1.2)
-            profile_img = tempfile.mktemp('.png', 'plot')
+            profile_img = tempfile.TemporaryFile()
-            plt.savefig(profile_img, dpi=300)
+            plt.savefig(profile_img, format='png', dpi=300)
-            data = open(profile_img).read()
+            profile_img.seek(0)
-            os.remove(profile_img)
+            data = profile_img.read()
+            os.close(profile_img)
             return data, [('content-type', 'image/jpg')]
         except Exception as ex:
             raise ProfileException(_('plotting results failed due to %s') % ex)

swift/common/middleware/x_profile/profile_model.py

@@ -222,10 +222,11 @@ class Stats2(pstats.Stats):
             table.addElement(tr_header)
 
         spreadsheet.spreadsheet.addElement(table)
-        tmp_ods = tempfile.mktemp('.ods', 'stats')
+        tmp_ods = tempfile.TemporaryFile()
-        spreadsheet.save(tmp_ods, False)
+        spreadsheet.write(tmp_ods)
-        data = open(tmp_ods).read()
+        tmp_ods.seek(0)
-        os.remove(tmp_ods)
+        data = tmp_ods.read()
+        os.close(tmp_ods)
         return data