seafile-seahub-5.1.4-alt1.noarch	unsafe-tmp-usage-in-scripts	fail	The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/seafile-seahub/tests/seahubtests.sh: $ grep -A5 -B5 /tmp/ /usr/share/seafile-seahub/tests/seahubtests.sh # TODO: cache api token. echo "REST_FRAMEWORK = {'DEFAULT_THROTTLE_RATES': {'ping': '600/minute', 'anon': '5000/minute', 'user': '300/minute',},}" >> "${local_settings_py}" } function start_seahub() { $PYTHON ./manage.py runserver 1>/tmp/seahub.access.log 2>&1 & sleep 5 } function check_phantom_js() { if ! which phantomjs >/dev/null; then -- set +e py.test $nose_opts tests rvalue=$? if [[ ${TRAVIS} != "" ]]; then # On travis-ci, dump seahub logs when test finished for logfile in /tmp/seahub*.log; do echo -e "\nLog file $logfile:\n" cat "${logfile}" echo done fi Found error in /usr/share/seafile-seahub/tests/install-deps.sh: $ grep -A5 -B5 /tmp/ /usr/share/seafile-seahub/tests/install-deps.sh SEAHUB_SRCDIR=$(dirname "${SEAHUB_TESTSDIR}") cd "$SEAHUB_SRCDIR" # install phantomjs curl -L -o /tmp/phantomjs.tar.bz2 https://bitbucket.org/ariya/phantomjs/downloads/phantomjs-1.9.7-linux-x86_64.tar.bz2 tar -C /tmp -xf /tmp/phantomjs.tar.bz2 sudo install -m 755 /tmp/phantomjs-1.9.7-linux-x86_64/bin/phantomjs /usr/bin/phantomjs sudo apt-get install nginx sudo mv /etc/nginx/sites-enabled/default /etc/nginx/default.backup cat <<'EOF' >/tmp/seafile.conf server { listen 80; server_name _ default_server; location /seafhttp { rewrite ^/fileserver(.*)$ $1 break; -- } } EOF sudo mv /tmp/seafile.conf /etc/nginx/sites-enabled/ sudo service nginx restart;