Skip to content

Do not use tempfile.mktemp() for creating named pipes on Windows #137335

New issue
New issue
Open
Open
Do not use tempfile.mktemp() for creating named pipes on Windows#137335
Assignees
serhiy-storchaka
Labels
3.13bugs and security fixes3.14bugs and security fixes3.15new features, bugs and security fixesOS-windowsstdlibPython modules in the Lib dirtopic-asynciotopic-multiprocessingtype-bugAn unexpected behavior, bug, or error
@lighting9999

Description

@lighting9999
lighting9999
opened on Aug 3, 2025

I change the pull requests to #137333, replace the mktemp() function.
bandit Tools:

Issue: [B306:blacklist] Use of insecure and deprecated function (mktemp).
Severity: Medium Confidence: High
CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b306-mktemp-q
Location: C:\Users\Administrator\Desktop\cpython\lib\asyncio\windows_utils.py:34:14
33 """Like os.pipe() but with overlapped support and using handles not fds."""
34 address = tempfile.mktemp(
35 prefix=r'\.\pipe\python-pipe-{:d}-{:d}-'.format(
36 os.getpid(), next(_mmap_counter)))
37

Linked PRs

Metadata

Metadata

Assignees

Labels

3.13bugs and security fixes3.14bugs and security fixes3.15new features, bugs and security fixesOS-windowsstdlibPython modules in the Lib dirtopic-asynciotopic-multiprocessingtype-bugAn unexpected behavior, bug, or error

Projects

asyncio

Status

Todo

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions
    pFad - Phonifier reborn

    Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

    Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


    Alternative Proxies:

    Alternative Proxy

    pFad Proxy

    pFad v3 Proxy

    pFad v4 Proxy