Derived from the flake8-bandit linter.
What it does#
Checks for uses of
Why is this bad?#
tempfile.mktemp returns a pathname of a file that does not exist at the
time the call is made; then, the caller is responsible for creating the
file and subsequently using it. This is insecure because another process
could create a file with the same name between the time the function
returns and the time the caller creates the file.
tempfile.mktemp is deprecated in favor of
creates the file when it is called. Consider using
instead, either directly or via a context manager such as