Comment 7 for bug 2008742

Thanks for the answers, Dan, and for considering the suggested changes.

To now answer your questions:

- Regarding the Coverity availability for future use, I think it is possible to use a free version of Coverity, available through https://scan.coverity.com/ (Coverity offers free scanning for open source projects via integrations with GitHub/GitLab).

- Regarding the second issue (saving files in the '/tmp' directory), the concern is indeed the fact that the '/tmp' directory has a high visibility and is commonly used to assist with certain attacks. In this case, we are creating a directory with a predictable name which will have files in it that also will have predictable names, so that might be dangerous. When saving to '/tmp' it is always ideal to generate things with sufficiently strong permissions (umask 077, as you mentioned, for example) and random names, however, I saw that creating the directory or the files with random names might involve more of a complicated change to the code, so maybe adding it to '/run' instead of '/tmp' would be best in this case. The important thing would be to also properly set permissions to the temporary directory where the final JSONs are uploaded to in order to avoid situations where a user could simple add a possibly malicious file into the directory for processing.

Let me know if there are any more questions regarding the review or even the answers provided above!
Thanks!