Opened 14 years ago

Closed 13 years ago

Last modified 13 years ago

#15768 closed Cleanup/optimization (fixed)

The setUp() method FileStorageTests in tests/regressiontests/file_storage/tests.py uses tempfile.mktemp()

Reported by: d1b Owned by: elbarto
Component: Testing framework Version: dev
Severity: Normal Keywords:
Cc: Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description (last modified by Łukasz Rekucki)

The tempfile.mktemp() function is deprecated and the documentation warns that the "Use of this function may introduce a security hole in your program" - see http://docs.python.org/library/tempfile.html#tempfile.mktemp for more information.

The setUp() method FileStorageTests in tests/regressiontests/file_storage/tests.py uses tempfile.mktemp() in creating a temporary directory. The temporary directory is then deleted during tearDown():

class FileStorageTests(unittest.TestCase):
    storage_class = FileSystemStorage

    def setUp(self):
        self.temp_dir = tempfile.mktemp()
        os.makedirs(self.temp_dir)
        self.storage = self.storage_class(location=self.temp_dir,
            base_url='/test_media_url/')

    def tearDown(self):
        shutil.rmtree(self.temp_dir)

This seems like a mistake because other classes such as FileSaveRaceConditionTest use tempfile.mkdtemp(). tempfile.mkdtemp is a safer way of creating a temporary directory.

Something like the following (_NOTE_: I haven't tested this) could be a 'fix'.

-        self.temp_dir = tempfile.mktemp()
-        os.makedirs(self.temp_dir)
+        self.temp_dir = tempfile.mkdtemp()

Attachments (2)

patch.diff (1.0 KB ) - added by elbarto 14 years ago.
15768.diff (1.0 KB ) - added by Graham King 13 years ago.
Updated to apply cleanly to latest svn version

Download all attachments as: .zip

Change History (8)

comment:2 by Łukasz Rekucki, 14 years ago

Description: modified (diff)
Triage Stage: UnreviewedAccepted
Type: UncategorizedCleanup/optimization

Reformated description so it's easier to read.

comment:3 by elbarto, 14 years ago

Easy pickings: unset
Owner: changed from nobody to elbarto

by elbarto, 14 years ago

Attachment: patch.diff added

comment:4 by elbarto, 14 years ago

Has patch: set

by Graham King, 13 years ago

Attachment: 15768.diff added

Updated to apply cleanly to latest svn version

comment:5 by Graham King, 13 years ago

Component: UncategorizedTesting framework
milestone: 1.4
Triage Stage: AcceptedReady for checkin
Version: 1.3SVN

Patch applies cleanly. Fixes the problem. Tests still pass.

comment:6 by Ramiro Morales, 13 years ago

Resolution: fixed
Status: newclosed

Fixed in [16267].

comment:7 by Jacob, 13 years ago

milestone: 1.4

Milestone 1.4 deleted

Note: See TracTickets for help on using tickets.
Back to Top