Make a unique filesystem path, without creating the file
Thomas 'PointedEars' Lahn
PointedEars at web.de
Sun Feb 14 17:48:25 EST 2016
Ben Finney wrote:
> How should a program generate a unique filesystem path and *not* create
> the filesystem entry?
The Python documentation suggests that it should not.
> The ‘tempfile.mktemp’ function is strongly deprecated, and rightly so
> because it leaves the program vulnerable to insecure file creation.
> In some code (e.g. unit tests) I am calling ‘tempfile.mktemp’ to
> generate a unique path for a filesystem entry that I *do not want* to
> exist on the real filesystem. In this case the filesystem security
> concerns are irrelevant because there is no file.
I do not think that you have properly understood the problems with
> It is also prone to that API function disappearing at some point in the
> future, because it is explicitly and strongly deprecated.
> So I agree with the deprecation, but the library doesn't appear to
> provide a replacement.
| mktemp() usage can be replaced easily with NamedTemporaryFile(), passing
| it the delete=False parameter: [example]
> What standard library function should I be using to generate
> ‘tempfile.mktemp’-like unique paths, and *not* ever create a real file
> by that path?
I do not think it is possible to avoid the creation of a real file using the
PSL; in fact, that a file is created appears to be precisely what fixes the
problems with tempfile.mktemp() because then it cannot happen that someone
else creates a file with the same name at the same time:
| tempfile.NamedTemporaryFile(mode='w+b', buffering=None, encoding=None,
| newline=None, suffix=None, prefix=None, dir=None, delete=True)
| This function operates exactly as TemporaryFile() does, except that the
| file is guaranteed to have a visible name in the file system (on Unix, the
| directory entry is not unlinked). […] If delete is true (the default), the
| file is deleted as soon as it is closed. […]
It is of course possible to generate a filename that is not currently used,
but I am not aware of a PSL feature that does this, and if there were such a
feature there would be the same problems with it as with mktemp().
Please do not cc me. / Bitte keine Kopien per E-Mail.
More information about the Python-list