Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixed Improper Method Call: Replaced mktemp #6163

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

fazledyn-or
Copy link

@fazledyn-or fazledyn-or commented Nov 7, 2023

Environments Affected
Announce New Release
  • After merging, I will follow these instructions
    to announce a new commcare-cloud release.

Details

While triaging your project, our bug fixing tool generated the following message(s)-

In file: terraform_migrate_state.py, there is a method that creates a temporary file using an unsafe API mktemp. The use of this method is discouraged in the Python documentation. iCR suggested that a temporary file should be created using mkstemp which is a safe API. iCR replaced the usage of mktemp with mkstemp.

Changes

Replaced mktemp() method with a mkstemp() and closed the file-descriptors associated with it.

Testing

I ran nosetests after creating a virtualenv and running pip install -e .[test]. I got AttributeError: __enter__ in all of the FAILED tests.

Previously Found & Fixed

CLA Requirements

This section is only relevant if your project requires contributors to sign a Contributor License Agreement (CLA) for external contributions.

All contributed commits are already automatically signed off.

The meaning of a signoff depends on the project, but it typically certifies that committer has the rights to submit this work under the same license and agrees to a Developer Certificate of Origin (see https://developercertificate.org/ for more information).
- Git Commit SignOff documentation

Sponsorship and Support

This work is done by the security researchers from OpenRefactory and is supported by the Open Source Security Foundation (OpenSSF): Project Alpha-Omega. Alpha-Omega is a project partnering with open source software project maintainers to systematically find new, as-yet-undiscovered vulnerabilities in open source code - and get them fixed – to improve global software supply chain security.

The bug is found by running the Intelligent Code Repair (iCR) tool by OpenRefactory and then manually triaging the results.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant