From 3bba467289aacd16d4376faeff253404b80255b0 Mon Sep 17 00:00:00 2001 From: RagavRida Date: Fri, 24 Apr 2026 00:06:58 +0530 Subject: [PATCH] fix(verify-rls): drop predictable $$-based tmp file fallback Same shape as gstack-telemetry-sync: on mktemp failure the script fell back to '/tmp/verify-rls-$$-$TOTAL', which is fully predictable from the PID and a per-check counter. On a shared box another user can pre-create or symlink the path and either capture the HTTP response body (which may leak what the RLS tests revealed) or corrupt an unrelated file that curl writes through. Make mktemp strict. On failure return from the check function; the caller tallies a FAIL and the run moves on. --- supabase/verify-rls.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/supabase/verify-rls.sh b/supabase/verify-rls.sh index 4ed92bc67..3657776a1 100755 --- a/supabase/verify-rls.sh +++ b/supabase/verify-rls.sh @@ -30,7 +30,12 @@ check() { TOTAL=$(( TOTAL + 1 )) local resp_file - resp_file="$(mktemp 2>/dev/null || echo "/tmp/verify-rls-$$-$TOTAL")" + # Use mktemp strictly. Don't fall back to a predictable $$-based path — + # that's a race/overwrite footgun on shared machines. + resp_file="$(mktemp "${TMPDIR:-/tmp}/verify-rls-XXXXXX")" || { + echo "verify-rls: mktemp failed, aborting" >&2 + return 1 + } local http_code if [ "$method" = "GET" ]; then