Securely create temporary directories and files using fsPromises.mkdtemp()
#191
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This change causes temporary directories and files to be created securely. Specifically, they will always be new (and therefore will not contain any untrusted data) and accessible only to the current user.
This pull request changes the four files I found by searching for
tmpdir
.Since
mkstemp
isn't supported by Node.js yet (nodejs/node#33549), temporary files are created within temporary directories usingmkdtemp
; this affects the cleanup code. While working on this, I got confused about theTranscoding
andComponentize
tests in https://github.com/bytecodealliance/jco/blob/463589973dcf5f9fec27425e083db03ca6b4e8d3/test/cli.js, which set their own output directories and don't clean them up. I took the liberty of fixing that inconsistency by making all tests use the same temporary directory and using Mocha'steardown
hook.Closes #181.