openstack/swift
Code Issues Proposed changes

Avoid usage of insecure mktemp() function

Browse Source 
This patch eliminates the use of the deprecated and insecure
tempfile.mktemp() function.  It has been replaced with secure
alternatives where temporary files are actually required.

Change-Id: I0a13d6d44cd1abc4b66fa33f39eea407617a01d5
SecurityImpact
Closes-bug: #1348869
This commit is contained in:
Nathan Kinder 2014-07-25 20:47:11 -07:00
parent 6c256c5057
commit 6978275cdb
2 changed files with 11 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
swift/common/middleware/x_profile/html_viewer.py
View File

@ -384,10 +384,7 @@ class HTMLViewer(object):
elif output_format == 'ods': elif output_format == 'ods':
data = stats.to_ods(nfl_esc, limit) data = stats.to_ods(nfl_esc, limit)
else: else:
profile_tmp_all = tempfile.mktemp('.profile', 'all') data = stats.print_stats()
stats.dump_stats(profile_tmp_all)
data = open(profile_tmp_all).read()
os.remove(profile_tmp_all)
return data, [('content-type', self.format_dict[output_format])] return data, [('content-type', self.format_dict[output_format])]
except ODFLIBNotInstalled as ex: except ODFLIBNotInstalled as ex:
raise ex raise ex
@ -427,10 +424,11 @@ class HTMLViewer(object):
plt.xlabel(names[metric_selected]) plt.xlabel(names[metric_selected])
plt.title('Profile Statistics (by %s)' % names[metric_selected]) plt.title('Profile Statistics (by %s)' % names[metric_selected])
#plt.gcf().tight_layout(pad=1.2) #plt.gcf().tight_layout(pad=1.2)
profile_img = tempfile.mktemp('.png', 'plot') profile_img = tempfile.TemporaryFile()
plt.savefig(profile_img, dpi=300) plt.savefig(profile_img, format='png', dpi=300)
data = open(profile_img).read() profile_img.seek(0)
os.remove(profile_img) data = profile_img.read()
os.close(profile_img)
return data, [('content-type', 'image/jpg')] return data, [('content-type', 'image/jpg')]
except Exception as ex: except Exception as ex:
raise ProfileException(_('plotting results failed due to %s') % ex) raise ProfileException(_('plotting results failed due to %s') % ex)

9
swift/common/middleware/x_profile/profile_model.py
View File

@ -222,10 +222,11 @@ class Stats2(pstats.Stats):
table.addElement(tr_header) table.addElement(tr_header)
spreadsheet.spreadsheet.addElement(table) spreadsheet.spreadsheet.addElement(table)
tmp_ods = tempfile.mktemp('.ods', 'stats') tmp_ods = tempfile.TemporaryFile()
spreadsheet.save(tmp_ods, False) spreadsheet.write(tmp_ods)
data = open(tmp_ods).read() tmp_ods.seek(0)
os.remove(tmp_ods) data = tmp_ods.read()
os.close(tmp_ods)
return data return data