perl-App-Wallflower-scripts-1.004-alt1.noarch	unsafe-tmp-usage-in-scripts	fail	The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/bin/wallflower: $ grep -A5 -B5 /tmp/ /usr/bin/wallflower /javascripts/jquery.js Passing this list to B<wallflower> gives the following result: $ wallflower -a bin/app.pl -d /tmp -F urls.txt 200 / => /tmp/output/index.html [5367] 200 /404.html => /tmp/output/404.html [499] 200 /500.html => /tmp/output/500.html [510] 200 /css/error.css => /tmp/output/css/error.css [1210] 200 /css/style.css => /tmp/output/css/style.css [2850] 404 /favicon.ico 404 /images/perldancer-bg.jpg 404 /images/perldancer.jpg 200 /javascripts/jquery.js => /tmp/output/javascripts/jquery.js [248235] Note that URLs with a path ending in a C</> are considered directories and have the default I<index> filename appended, and that wallflower will behave unpredictably if the site contains pages accessible through URLs ending both in F<foo> and F<foo/>. This is arguably a bug, but it's;