CWE-378

Creation of Temporary File With Insecure Permissions. [File-Handling-Issues, Improper-Control-Of-A-Resource-Through-Its-Lifetime]

Required inputs: IR

Opening temporary files without appropriate measures or controls can leave the file, its contents and any function that it impacts vulnerable to attack.

Demonstrative Examples

Example 1

In the following code examples a temporary file is created and written to. After using the temporary file, the file is closed and deleted from the file system.

Example Language:C
    FILE *stream;
    if( (stream = tmpfile()) == NULL ) {
        perror("Could not open new temporary file\n");
        return (-1);
    }
    // write data to tmp file
    ...
    // remove tmp file
    rmtmp();

However, within this C/C++ code the method tmpfile() is used to create and open the temp file. The tmpfile() method works the same way as the fopen() method would with read/write permission, allowing attackers to read potentially sensitive information contained in the temp file or modify the contents of the file.

Example Language:Java (Unsupported language for documentation only)
    try {
        File temp = File.createTempFile("pattern", ".suffix");
        temp.deleteOnExit();
        BufferedWriter out = new BufferedWriter(new FileWriter(temp));
        out.write("aString");
        out.close();
    }
    catch (IOException e) {
    }

Similarly, the createTempFile() method used in the Java code creates a temp file that may be readable and writable to all users.

Additionally both methods used above place the file into a default directory. On UNIX systems the default directory is usually "/tmp" or "/var/tmp" and on Windows systems the default directory is usually "C:\\Windows\\Temp", which may be easily accessible to attackers, possibly enabling them to read and modify the contents of the temp file.

Excerpts from CWE [https://cwe.mitre.org], Copyright (C) 2006-2026, the MITRE Corporation. See section 9.4. "3rd-Party Licenses" in the documentation for full details.

Possible Messages

Key	Text	Severity	Disabled
forbidden_libfunc_call	Call to forbidden function.	None	False

Options

• This rule shares the following common options: exclude_in_macros, exclude_messages_in_system_headers, excludes, extend_exclude_to_macro_invocations, includes, justification_checker, languages, post_processing, provider, report_at, severity

• The following places define options that affect this rule: Stylechecks, Analysis-GlobalOptions

blacklist

blacklist

Type: dict[bauhaus.analysis.config.FileGlobPattern, list[bauhaus.analysis.config.GlobPattern]]

Default:

{
   '*stdio.h': ['tmpfile']
}

Dictionary of header globbing to (list of) function name globbing(s) of forbidden functions.