From 188d459ab10b9908676f18c4f52527b60e23f4ba Mon Sep 17 00:00:00 2001 From: Anders Kaseorg Date: Thu, 9 Nov 2023 15:10:16 -0800 Subject: [PATCH] ruff: Fix S108 Probable insecure usage of temporary file or directory. Signed-off-by: Anders Kaseorg --- zulip/integrations/codebase/requirements.txt | 1 + zulip/integrations/codebase/zulip_codebase_config.py | 5 ++++- zulip/integrations/log2zulip/log2zulip | 9 +++++---- zulip/integrations/log2zulip/requirements.txt | 1 + zulip/integrations/zephyr/zephyr_mirror_backend.py | 7 ++++--- 5 files changed, 15 insertions(+), 8 deletions(-) diff --git a/zulip/integrations/codebase/requirements.txt b/zulip/integrations/codebase/requirements.txt index e69de29b..67fd014b 100644 --- a/zulip/integrations/codebase/requirements.txt +++ b/zulip/integrations/codebase/requirements.txt @@ -0,0 +1 @@ +platformdirs diff --git a/zulip/integrations/codebase/zulip_codebase_config.py b/zulip/integrations/codebase/zulip_codebase_config.py index 5ea2ed2c..1449e809 100644 --- a/zulip/integrations/codebase/zulip_codebase_config.py +++ b/zulip/integrations/codebase/zulip_codebase_config.py @@ -1,5 +1,8 @@ +import os from typing import Optional +import platformdirs + # Change these values to configure authentication for your codebase account # Note that this is the Codebase API Username, found in the Settings page # for your account @@ -36,4 +39,4 @@ LOG_FILE: Optional[str] = None # This file is used to resume this mirror in case the script shuts down. # It is required and needs to be writeable. -RESUME_FILE = "/var/tmp/zulip_codebase.state" +RESUME_FILE = os.path.join(platformdirs.user_state_dir(), "zulip_codebase.state") diff --git a/zulip/integrations/log2zulip/log2zulip b/zulip/integrations/log2zulip/log2zulip index 3e6692d2..b282ab97 100755 --- a/zulip/integrations/log2zulip/log2zulip +++ b/zulip/integrations/log2zulip/log2zulip @@ -9,7 +9,6 @@ import platform import re import subprocess import sys -import tempfile import traceback from pathlib import Path from typing import List @@ -26,9 +25,11 @@ except ImportError: sys.path.insert(0, os.path.join(os.path.dirname(__file__), "../../")) +import platformdirs + import zulip -temp_dir = "/var/tmp/" if os.name == "posix" else tempfile.gettempdir() +state_dir = platformdirs.user_state_dir() def mkdir_p(path: str) -> None: @@ -71,7 +72,7 @@ def process_lines(raw_lines: List[str], file_name: str) -> None: def process_logs() -> None: - data_file_path = os.path.join(temp_dir, "log2zulip.state") + data_file_path = os.path.join(state_dir, "log2zulip.state") mkdir_p(os.path.dirname(data_file_path)) if not os.path.exists(data_file_path): Path(data_file_path).write_text("{}") @@ -106,7 +107,7 @@ if __name__ == "__main__": parser.add_argument("--control-path", default="/etc/log2zulip.conf") args = parser.parse_args() - lock_path = os.path.join(temp_dir, "log2zulip.lock") + lock_path = os.path.join(state_dir, "log2zulip.lock") if os.path.exists(lock_path): # This locking code is here to protect against log2zulip, # running in a cron job, ending up with multiple copies diff --git a/zulip/integrations/log2zulip/requirements.txt b/zulip/integrations/log2zulip/requirements.txt index e69de29b..67fd014b 100644 --- a/zulip/integrations/log2zulip/requirements.txt +++ b/zulip/integrations/log2zulip/requirements.txt @@ -0,0 +1 @@ +platformdirs diff --git a/zulip/integrations/zephyr/zephyr_mirror_backend.py b/zulip/integrations/zephyr/zephyr_mirror_backend.py index 43bcd599..d07aa7d9 100755 --- a/zulip/integrations/zephyr/zephyr_mirror_backend.py +++ b/zulip/integrations/zephyr/zephyr_mirror_backend.py @@ -1285,6 +1285,10 @@ or specify the --api-key-file option.""" logger.error("\nnagios_path is required with nagios_class\n") sys.exit(1) + if options.use_sessions and options.session_path is None: + logger.error("--session-path is required with --use-sessions") + sys.exit(1) + zulip_account_email = options.user + "@mit.edu" start_time = time.time() @@ -1330,9 +1334,6 @@ or specify the --api-key-file option.""" if options.forward_mail_zephyrs is None: options.forward_mail_zephyrs = subscribed_to_mail_messages() - if options.session_path is None: - options.session_path = f"/var/tmp/{options.user}" - if options.forward_from_zulip: child_pid: Optional[int] = os.fork() if child_pid == 0: