configure.py: don't use deprecated mktemp()

configure.py uses the deprecated Python function tempfile.mktemp(). Because this function is labeled a "security risk" it is also a magnet for automated security scanners... So let's replace it with the recommended tempfile.mkstemp() and avoid future complaints. The actual security implications of this mktemp() call is negligible to non-existent: First it's just the build process (configure.py), not the build product itself. Second, the worst that an attacker (which needs to run in the build machine!) can do is to cause a compilation test in configure.py to fail because it can't write to its output file. Reported by @srikanthprathi Refs #997 Signed-off-by: Nadav Har'El <nyh@scylladb.com> Message-Id: <20220111121412.609430-1-nyh@scylladb.com>
scylladb · Jan 11, 2022 · eccb5c3 · eccb5c3
1 parent ae8d1c2
commit eccb5c3
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/configure.py b/configure.py
@@ -42,7 +42,8 @@ def ensure_tmp_dir_exists():
 def try_compile_and_link(compiler, source = '', flags = []):
     ensure_tmp_dir_exists()
     with tempfile.NamedTemporaryFile() as sfile:
-        ofile = tempfile.mktemp()
+        ofd, ofile = tempfile.mkstemp()
+        os.close(ofd)
         try:
             sfile.file.write(bytes(source, 'utf-8'))
             sfile.file.flush()