From a34b9f5cb5a691b2153f6a2ba905e6f1f84af341 Mon Sep 17 00:00:00 2001
From: Mufeed VH <mufeedvh@gmail.com>
Date: Sat, 18 Jul 2020 12:19:57 +0530
Subject: [PATCH] Fix insecure temporary file creation (#1890)

* Fix insecure temporary file creation

* minor error fix

tmp_path.name (NamedTemporaryFile().name) is required to return the filename string.
---
 common/params.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/common/params.py b/common/params.py
index 7b90913e7d..fc387b6227 100755
--- a/common/params.py
+++ b/common/params.py
@@ -319,14 +319,14 @@ def write_db(params_path, key, value):
   lock.acquire()
 
   try:
-    tmp_path = tempfile.mktemp(prefix=".tmp", dir=params_path)
-    with open(tmp_path, "wb") as f:
+    tmp_path = tempfile.NamedTemporaryFile(mode="wb", prefix=".tmp", dir=params_path, delete=False)
+    with tmp_path as f:
       f.write(value)
       f.flush()
       os.fsync(f.fileno())
 
     path = "%s/d/%s" % (params_path, key)
-    os.rename(tmp_path, path)
+    os.rename(tmp_path.name, path)
     fsync_dir(os.path.dirname(path))
   finally:
     os.umask(prev_umask)