Skip to content
Critiq Docs

Search docs

Search documentation pages and rules

security.filesystem

Avoid deprecated `ioutil` temporary file helpers

Go code should use `os.CreateTemp` and `os.MkdirTemp` instead of the deprecated `ioutil.TempFile` / `ioutil.TempDir` helpers.

#Metadata

Rule ID
go.security.insecure-temp-file
Severity
medium
Confidence
0.88
Languages
go
Presets
security, strict
Stability
experimental
Applies to
block
Tags
filesystem, go, rules-catalog, security, tempfile

#Why it matters

The `ioutil` temp helpers are deprecated and frequently appear alongside race-prone temp-file patterns; the `os` replacements receive ongoing security fixes.

#Remediation

Switch to `os.CreateTemp(dir, pattern)` or `os.MkdirTemp(dir, pattern)` and ensure the pattern includes a `*` so a random component is generated.

#Repository path

The generated metadata points to critiq-rules/libs/rules/catalog/rules/go/go.security.insecure-temp-file.rule.yaml.

Back to directoryOpen rule in repository