Bandit

general_hardcoded_tmp only considers /tmp and not other FHS locations

Bug #1473725 reported by Dave Walker on 2015-07-12

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Bandit	Fix Released	Undecided	Dave Walker

Bug Description

Currently, only /tmp is considered when looking for hard coded uses of temporary files. Other places that should be part of this test are /var/tmp and /dev/shm.

Maybe also /run, /var/run and /var/lock ?

Dave Walker (davewalker) on 2015-07-12

Changed in bandit:
assignee:	nobody → Dave Walker (davewalker)
status:	New → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-07-15: Fix merged to bandit (master)

Reviewed: https://review.openstack.org/200882
Committed: https://git.openstack.org/cgit/openstack/bandit/commit/?id=a8325942e41b0df2489458ee6980a8e2d39f4501
Submitter: Jenkins
Branch: master

commit a8325942e41b0df2489458ee6980a8e2d39f4501
Author: Dave Walker (Daviey) <email address hidden>
Date: Sun Jul 12 13:44:33 2015 +0100

Consider other hardcoded tmp paths

    Previously general_hardcoded_tmp plugin was only testing
    for hard-coded usage of "/tmp/", however the same issues
    can be present on other FHS locations such as /var/tmp/
    and /dev/shm.

This change adds these additional locations for
consideration.

    Closes-Bug: #1473725
    Signed-off-by: Dave Walker (Daviey) <email address hidden>
    Change-Id: I76f154134e6cc90a1f30c1c5e41c98dd74c13d33

Changed in bandit:
status:	In Progress → Fix Committed

Revision history for this message

Eric Brown (ericwb) wrote on 2015-08-19:

Fix released in 0.13.0

Changed in bandit:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.