ruff: Fix S108 Probable insecure usage of temporary file or directory.

Signed-off-by: Anders Kaseorg <anders@zulip.com>

zulip/integrations/codebase/requirements.txt

@@ -0,0 +1 @@
+platformdirs

zulip/integrations/codebase/zulip_codebase_config.py

@@ -1,5 +1,8 @@
+import os
 from typing import Optional
 
+import platformdirs
+
 # Change these values to configure authentication for your codebase account
 # Note that this is the Codebase API Username, found in the Settings page
 # for your account
@@ -36,4 +39,4 @@ LOG_FILE: Optional[str] = None
 
 # This file is used to resume this mirror in case the script shuts down.
 # It is required and needs to be writeable.
-RESUME_FILE = "/var/tmp/zulip_codebase.state"
+RESUME_FILE = os.path.join(platformdirs.user_state_dir(), "zulip_codebase.state")

zulip/integrations/log2zulip/log2zulip

@@ -9,7 +9,6 @@ import platform
 import re
 import subprocess
 import sys
-import tempfile
 import traceback
 from pathlib import Path
 from typing import List
@@ -26,9 +25,11 @@ except ImportError:
 
 sys.path.insert(0, os.path.join(os.path.dirname(__file__), "../../"))
 
+import platformdirs
+
 import zulip
 
-temp_dir = "/var/tmp/" if os.name == "posix" else tempfile.gettempdir()
+state_dir = platformdirs.user_state_dir()
 
 
 def mkdir_p(path: str) -> None:
@@ -71,7 +72,7 @@ def process_lines(raw_lines: List[str], file_name: str) -> None:
 
 
 def process_logs() -> None:
-    data_file_path = os.path.join(temp_dir, "log2zulip.state")
+    data_file_path = os.path.join(state_dir, "log2zulip.state")
     mkdir_p(os.path.dirname(data_file_path))
     if not os.path.exists(data_file_path):
         Path(data_file_path).write_text("{}")
@@ -106,7 +107,7 @@ if __name__ == "__main__":
     parser.add_argument("--control-path", default="/etc/log2zulip.conf")
     args = parser.parse_args()
 
-    lock_path = os.path.join(temp_dir, "log2zulip.lock")
+    lock_path = os.path.join(state_dir, "log2zulip.lock")
     if os.path.exists(lock_path):
         # This locking code is here to protect against log2zulip,
         # running in a cron job, ending up with multiple copies

zulip/integrations/log2zulip/requirements.txt

@@ -0,0 +1 @@
+platformdirs

zulip/integrations/zephyr/zephyr_mirror_backend.py

@@ -1285,6 +1285,10 @@ or specify the --api-key-file option."""
         logger.error("\nnagios_path is required with nagios_class\n")
         sys.exit(1)
 
+    if options.use_sessions and options.session_path is None:
+        logger.error("--session-path is required with --use-sessions")
+        sys.exit(1)
+
     zulip_account_email = options.user + "@mit.edu"
 
     start_time = time.time()
@@ -1330,9 +1334,6 @@ or specify the --api-key-file option."""
     if options.forward_mail_zephyrs is None:
         options.forward_mail_zephyrs = subscribed_to_mail_messages()
 
-    if options.session_path is None:
-        options.session_path = f"/var/tmp/{options.user}"
-
     if options.forward_from_zulip:
         child_pid: Optional[int] = os.fork()
         if child_pid == 0: