Products
In-IDE
IDE extension that lets you fix coding issues before they exist!
Discover SonarLint
SaaS
Setup is effortless and analysis is automatic for most languages
Discover SonarCloud
Self-Hosted
Fast, accurate analysis; enterprise scalability
Discover SonarQube

C++ static code analysis

Unique rules to find Bugs, Vulnerabilities, Security Hotspots, and Code Smells in your C++ code

Filtered: 41 rules found

symbolic-execution

Impact

Clean code attribute

"mktemp" family of functions templates should have at least six trailing "X"s

consistency - conventional

maintainability

Code Smell

CriticalSonarSource default severity
click to learn more

The template parameter for creating temporary files or directories must contain at least six trailing "X"s to ensure uniqueness.

Why is this an issue?

The standard C library provides several functions to create temporary files and directories. These functions include mktemp, mkstemp, mkstemps and mkdtemp, and they accept as a parameter a template that defines the path where the file (or directory) should be created. The filename part of the template must contain at least six trailing "X"s to ensure the uniqueness of the filename, since these "X"'s are replaced with a string that makes the filename unique.

Note that the template parameter will be modified and therefore, it may not be a string constant, but should be declared as a character array, instead.

#include <stdio.h>
#include <stdlib.h>

int create_tmp_file() {
  char tmp_name[] = "example_XXXXX"; // `template` parameter only contains five "X"s
  printf("raw template: %s\n", tmp_name);
  int fd = mkstemp(tmp_name); // Noncompliant: `mkstemp` will fail due to an invalid template parameter.
  if (fd == -1) {
    perror("mkstemp failed");
    return 1;
  }
  printf("unique name: %s\n", tmp_name);
  return 0;
}

What is the potential impact?

If the last six characters of the template parameter are different from "XXXXXX", mktemp, mkstemp, mkstemps and mkdtemp will fail to create the desired unique temporary file or directory.

How to fix it

Ensure that the template parameter ends on at least six "X"'s, i.e., "XXXXXX".

Code examples

Noncompliant code example

#include <stdio.h>
#include <stdlib.h>

int create_tmp_file() {
  char tmp_name[] = "/tmp/example_XXXXX";
  int fd = mkstemp(tmp_name); // Noncompliant: `mkstemp` will fail due to an invalid template parameter.
  if (fd == -1) {
    perror("mkstemp failed");
    return 1;
  }
  return 0;
}

Compliant solution

#include <stdio.h>
#include <stdlib.h>

int create_tmp_file() {
  char tmp_name[] = "/tmp/example_XXXXXX";
  int fd = mkstemp(tmp_name); // Compliant: template parameter ends on six "X"s.
  if (fd == -1) {
    perror("mkstemp failed");
    return 1;
  }
  printf("unique name: %s\n", tmp_name); // May print "/tmp/example_hNjl9G"
  return 0;
}

Available In:

Catch issues on the fly,
in your IDE

Detect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories

Developer
Edition

In-IDE

SaaS

Self-Hosted