Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

tool: use random names for secure tempfiles #107

Merged
merged 1 commit into from
Feb 20, 2023
Merged

tool: use random names for secure tempfiles #107

merged 1 commit into from
Feb 20, 2023

Conversation

nikstur
Copy link
Member

@nikstur nikstur commented Feb 20, 2023
edited
Loading

This PR is part of a larger series which is supposed to be merged in order but is broken up into multiple pieces to make review easier. It is supposed to be merged in this order:

#108 -> (#107) -> #110 -> #109

Using random names for tempfiles makes handling them easier. It reduces the amount of noise in the code because no custom name needs to be provided for each tempfile. The names were not really useful in any case.

It also does not burden the developer with ensuring uniqueness of names. This is relevant when files for multiple generations need to be stored in the same directory (e.g. because they need to be accessed after handling one generation).

Out of an abundance of caution, 32 random alphanumeric characters are chosen for each filename. The tempfile crate, in comparison, only chooses 8. 32 characters should be enough to avoid collisions, even if the PRNG is not of cryptographic quality.

Depens on #108

This was referenced Feb 20, 2023
Merged
Merged
Merged
@nikstur nikstur force-pushed the random-names-for-tmpfiles branch from 71bdd62 to bc7f761 Compare February 20, 2023 20:30
@nikstur nikstur marked this pull request as ready for review February 20, 2023 22:18
@nikstur nikstur requested review from blitz and RaitoBezarius and removed request for blitz February 20, 2023 22:18
@nikstur nikstur force-pushed the random-names-for-tmpfiles branch from bc7f761 to 71be941 Compare February 20, 2023 22:31
blitz
blitz requested changes Feb 20, 2023
View reviewed changes
rust/tool/src/utils.rs Show resolved Hide resolved
@nikstur
tool: use random names for secure tempfiles
df6b1b0 
Using random names for tempfiles makes handling them easier. It reduces
the amount of noise in the code because no custom name needs to be
provided for each tempfile. The names were not really useful in any
case.

It also does not burden the developer with ensuring uniqueness of names.
This is relevant when files for multiple generations need to be stored
in the same directory (e.g. because they need to be accessed after
handling one generation).

Out of an abundance of caution, 32 random alphanumeric characters are
chosen for each filename. The tempfile crate, in comparison, only
chooses 8. 32 characters should be enough to avoid collisions, even
if the PRNG is not of cryptographic quality.
@nikstur nikstur force-pushed the random-names-for-tmpfiles branch from 71be941 to df6b1b0 Compare February 20, 2023 23:13
@blitz blitz merged commit 6924e6e into master Feb 20, 2023
@blitz blitz deleted the random-names-for-tmpfiles branch February 20, 2023 23:27
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@blitz blitz blitz approved these changes

@RaitoBezarius RaitoBezarius Awaiting requested review from RaitoBezarius

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@nikstur @blitz