LotusGuild/gandalf
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix B108: replace hardcoded /tmp with tempfile.gettempdir()
Lint / Python (flake8) (push) Successful in 40s
Details
Lint / JS (eslint) (push) Successful in 8s
Details
Security / Python Security (bandit) (push) Successful in 42s
Details
Test / Python Tests (pytest) (push) Successful in 1m18s
Details
Lint / Notify on failure (push) Has been skipped
Details
Lint / Deploy (push) Successful in 8s
Details

Browse Source 
Bandit flags hardcoded /tmp strings as CWE-377 (insecure temp file).
Use tempfile.gettempdir() for the avatar cache dir default so the
path resolves correctly on all platforms and passes the security scan.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Jared Vititoe
2026-05-07 13:34:37 -04:00
parent 760e45bb68
commit 08543ac25a
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app.py
+2 -1
View File
@@ -10,6 +10,7 @@ import json
import logging import logging
import os import os
import re import re
import tempfile
import threading import threading
import time import time
import uuid import uuid
@@ -458,7 +459,7 @@ def api_avatar():
# Build a safe cache filename from the username (alphanumeric + - _ .) # Build a safe cache filename from the username (alphanumeric + - _ .)
safe_name = re.sub(r'[^a-zA-Z0-9._-]', '_', username) safe_name = re.sub(r'[^a-zA-Z0-9._-]', '_', username)
cache_dir = ldap_cfg.get('cache_dir', '/tmp/gandalf_avatars') cache_dir = ldap_cfg.get('cache_dir', os.path.join(tempfile.gettempdir(), 'gandalf_avatars'))
os.makedirs(cache_dir, exist_ok=True) os.makedirs(cache_dir, exist_ok=True)
cache_file = os.path.join(cache_dir, f'user_{safe_name}.jpg') cache_file = os.path.join(cache_dir, f'user_{safe_name}.jpg')
sentinel = os.path.join(cache_dir, f'user_{safe_name}.none') sentinel = os.path.join(cache_dir, f'user_{safe_name}.none')