gem-foreman-chef-0.10.0.1-alt0.3.noarch	unsafe-tmp-usage-in-scripts	fail	The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/ruby/gemie/gems/foreman_chef-0.10.0.1/app/views/foreman/unattended/snippets/_chef_client_bootstrap.erb: $ grep -A5 -B5 /tmp/ /usr/lib/ruby/gemie/gems/foreman_chef-0.10.0.1/app/views/foreman/unattended/snippets/_chef_client_bootstrap.erb foreman_reports_upload true foreman_enc true EOF # You may set here the default run list for all your nodes cat << 'EOF' > /tmp/base.json <%= @host.run_list.to_chef_json %> EOF #first run of chef-client echo "First run of chef-client" <% chef_args = "-j /tmp/base.json -E #{@host.chef_environment.nil? ? '_default' : @host.chef_environment.name }" -%> /usr/local/bin/chef-client <%= chef_args %> || /usr/bin/chef-client <%= chef_args %> echo "Finished, cleaning" rm -f /tmp/base.json <% if validation_bootstrap_method? -%> # you can comment this line to keep validaton.pem (e.g. for debugging purposes) rm -f /etc/chef/validation.pem <% end -%>;