Skip to content
Critiq Docs

Search docs

Search documentation pages and rules

security.filesystem

Avoid predictable or permissionless temporary files

Temporary file creation should use secure helpers with random suffixes and restrictive permissions.

#Metadata

Rule ID
rust.security.insecure-temp-file
Severity
medium
Confidence
0.85
Languages
rust
Presets
security, strict
Stability
experimental
Applies to
block
Tags
filesystem, rules-catalog, rust, security, tempfile

#Why it matters

Predictable temp paths and default-permission temp files enable symlink races and information disclosure.

#Remediation

Use `tempfile::Builder` with explicit permissions and patterns containing `*`, or `std::env::temp_dir` with random names.

#Repository path

The generated metadata points to critiq-rules/libs/rules/catalog/rules/rust/rust.security.insecure-temp-file.rule.yaml.

Back to directoryOpen rule in repository