[Python-checkins] bpo-42278: Use tempfile.TemporaryDirectory rather than tempfile.mktemp in pydoc (GH-23200)

miss-islington webhook-mailer at python.org
Sun Aug 29 08:57:26 EDT 2021


https://github.com/python/cpython/commit/532ebba6c8697d214a0d94514ad0b2464a59cb7c
commit: 532ebba6c8697d214a0d94514ad0b2464a59cb7c
branch: 3.10
author: Miss Islington (bot) <31488909+miss-islington at users.noreply.github.com>
committer: miss-islington <31488909+miss-islington at users.noreply.github.com>
date: 2021-08-29T05:57:22-07:00
summary:

bpo-42278: Use tempfile.TemporaryDirectory rather than tempfile.mktemp in pydoc (GH-23200)


Co-authored-by: Łukasz Langa <lukasz at langa.pl>
(cherry picked from commit c9227df5a9d8e958a2324cf0deba8524d1ded26a)

Co-authored-by: E-Paine <63801254+E-Paine at users.noreply.github.com>

files:
A Misc/NEWS.d/next/Security/2021-08-29-12-39-44.bpo-42278.jvmQz_.rst
M Lib/pydoc.py

diff --git a/Lib/pydoc.py b/Lib/pydoc.py
index 9f0acd0271e07..4a8c10a379ed8 100755
--- a/Lib/pydoc.py
+++ b/Lib/pydoc.py
@@ -1618,13 +1618,14 @@ def pipepager(text, cmd):
 def tempfilepager(text, cmd):
     """Page through text by invoking a program on a temporary file."""
     import tempfile
-    filename = tempfile.mktemp()
-    with open(filename, 'w', errors='backslashreplace') as file:
-        file.write(text)
-    try:
+    with tempfile.TemporaryDirectory() as tempdir:
+        filename = os.path.join(tempdir, 'pydoc.out')
+        with open(filename, 'w', errors='backslashreplace',
+                  encoding=os.device_encoding(0) if
+                  sys.platform == 'win32' else None
+                  ) as file:
+            file.write(text)
         os.system(cmd + ' "' + filename + '"')
-    finally:
-        os.unlink(filename)
 
 def _escape_stdout(text):
     # Escape non-encodable characters to avoid encoding errors later
diff --git a/Misc/NEWS.d/next/Security/2021-08-29-12-39-44.bpo-42278.jvmQz_.rst b/Misc/NEWS.d/next/Security/2021-08-29-12-39-44.bpo-42278.jvmQz_.rst
new file mode 100644
index 0000000000000..db880cd9026da
--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2021-08-29-12-39-44.bpo-42278.jvmQz_.rst
@@ -0,0 +1,2 @@
+Replaced usage of :func:`tempfile.mktemp` with
+:class:`~tempfile.TemporaryDirectory` to avoid a potential race condition.



More information about the Python-checkins mailing list