Amazon Q
Detector Library
C detectors (34/34)
Logging of sensitive informationInsecure Use Of ChrootDeadlock And Lock InconsistencyUnsafe File ExtensionOS command injectionIncorrect Use Of FreeUse Of Uninitialized VariableInsecure Use strcat fnSQL injectionBitwise Operator On Signed OperandInsecure use gets fnRandom fd exhaustionRedundant Free UsageInsecure Use MemsetDivide By Zero.Return Stack AddressUnchecked Return ValueIncorrect Format SpecifierUnhandled Expression ResultPath traversalImproper Input ValidationOut Of Bounds ReadInteger OverflowInsecure use strtok functionImproper size of a memory bufferincomplete-cleanupNull pointer dereferenceInsecure Temporary File Or DirectoryInsecure Buffer AccessIncorrect Use Ato FnLoose File PermissionsExposure of Sensitive InformationOut-of-bounds WriteString Equality
Insecure Temporary File Or Directory High
For secure creation of temporary files, it is advisable to use functions such as mkstemp() or tmpfile(), and ensure secure permissions by either setting appropriate file modes during creation with open() or fopen(), or by using chmod() afterward.
Detector ID
c/insecure-temporary-file-or-directory@v1.0
Category
Common Weakness Enumeration (CWE) 
Tags
-
Noncompliant example
1#include <stdio.h>
2#include <stdlib.h>
3#include <fcntl.h>
4#include <sys/stat.h>
5#include <string.h>
6#include <unistd.h>
7
8int insecureTemporaryFileorDirectoryNonCompliant(char *tempData) {
9 // Noncompliant: Insecure function used
10 char *path = tmpnam(NULL);
11 FILE* f = fopen(path, "w");
12 fputs(tempData, f);
13 fclose(f);
14}
Compliant example
1#include <stdio.h>
2#include <stdlib.h>
3#include <fcntl.h>
4#include <sys/stat.h>
5#include <string.h>
6#include <unistd.h>
7
8int insecureTemporaryFileorDirectoryCompliant(char *tempData) {
9 // Compliant: The file will be opened in "wb+" mode, and will be automatically removed on normal program exit
10 FILE* f = tmpfile();
11 fputs(tempData, f);
12 fclose(f);
13 return 0;
14}