Skip to content

Do not use tempfile.mktemp() for creating named pipes on Windows #137335

Closed
Closed
Do not use tempfile.mktemp() for creating named pipes on Windows#137335
Assignees
serhiy-storchaka
Labels
3.13bugs and security fixes3.14bugs and security fixes3.15pre-release feature fixes, bugs and security fixesOS-windowsstdlibStandard Library Python modules in the Lib/ directorytopic-asynciotopic-multiprocessingtype-bugAn unexpected behavior, bug, or error

Description

@lighting9999
lighting9999
opened on Aug 3, 2025

I change the pull requests to #137333, replace the mktemp() function.
bandit Tools:

Issue: [B306:blacklist] Use of insecure and deprecated function (mktemp).
Severity: Medium Confidence: High
CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b306-mktemp-q
Location: C:\Users\Administrator\Desktop\cpython\lib\asyncio\windows_utils.py:34:14
33 """Like os.pipe() but with overlapped support and using handles not fds."""
34 address = tempfile.mktemp(
35 prefix=r'\.\pipe\python-pipe-{:d}-{:d}-'.format(
36 os.getpid(), next(_mmap_counter)))
37

Linked PRs

Metadata

Metadata

Assignees

Labels

3.13bugs and security fixes3.14bugs and security fixes3.15pre-release feature fixes, bugs and security fixesOS-windowsstdlibStandard Library Python modules in the Lib/ directorytopic-asynciotopic-multiprocessingtype-bugAn unexpected behavior, bug, or error

Fields

No fields configured for issues without a type.

Projects

asyncio
Status
Done

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions