5 use std
::fs
::{self, File, OpenOptions}
;
6 use std
::io
::{self, Read, Seek, SeekFrom, Write}
;
9 use std
::path
::{Path, PathBuf}
;
11 use crate::error
::IoResultExt
;
16 /// Create a new temporary file.
18 /// The file will be created in the location returned by [`std::env::temp_dir()`].
22 /// This variant is secure/reliable in the presence of a pathological temporary file cleaner.
24 /// # Resource Leaking
26 /// The temporary file will be automatically removed by the OS when the last handle to it is closed.
27 /// This doesn't rely on Rust destructors being run, so will (almost) never fail to clean up the temporary file.
31 /// If the file can not be created, `Err` is returned.
36 /// use tempfile::tempfile;
37 /// use std::io::{self, Write};
40 /// # if let Err(_) = run() {
41 /// # ::std::process::exit(1);
44 /// # fn run() -> Result<(), io::Error> {
45 /// // Create a file inside of `std::env::temp_dir()`.
46 /// let mut file = tempfile()?;
48 /// writeln!(file, "Brian was here. Briefly.")?;
53 /// [`std::env::temp_dir()`]: https://doc.rust-lang.org/std/env/fn.temp_dir.html
54 pub fn tempfile() -> io
::Result
<File
> {
55 tempfile_in(&env
::temp_dir())
58 /// Create a new temporary file in the specified directory.
62 /// This variant is secure/reliable in the presence of a pathological temporary file cleaner.
63 /// If the temporary file isn't created in [`std::env::temp_dir()`] then temporary file cleaners aren't an issue.
65 /// # Resource Leaking
67 /// The temporary file will be automatically removed by the OS when the last handle to it is closed.
68 /// This doesn't rely on Rust destructors being run, so will (almost) never fail to clean up the temporary file.
72 /// If the file can not be created, `Err` is returned.
77 /// use tempfile::tempfile_in;
78 /// use std::io::{self, Write};
81 /// # if let Err(_) = run() {
82 /// # ::std::process::exit(1);
85 /// # fn run() -> Result<(), io::Error> {
86 /// // Create a file inside of the current working directory
87 /// let mut file = tempfile_in("./")?;
89 /// writeln!(file, "Brian was here. Briefly.")?;
94 /// [`std::env::temp_dir()`]: https://doc.rust-lang.org/std/env/fn.temp_dir.html
95 pub fn tempfile_in
<P
: AsRef
<Path
>>(dir
: P
) -> io
::Result
<File
> {
96 imp
::create(dir
.as_ref())
99 /// Error returned when persisting a temporary file path fails.
101 pub struct PathPersistError
{
102 /// The underlying IO error.
103 pub error
: io
::Error
,
104 /// The temporary file path that couldn't be persisted.
108 impl From
<PathPersistError
> for io
::Error
{
110 fn from(error
: PathPersistError
) -> io
::Error
{
115 impl From
<PathPersistError
> for TempPath
{
117 fn from(error
: PathPersistError
) -> TempPath
{
122 impl fmt
::Display
for PathPersistError
{
123 fn fmt(&self, f
: &mut fmt
::Formatter
<'_
>) -> fmt
::Result
{
124 write
!(f
, "failed to persist temporary file path: {}", self.error
)
128 impl error
::Error
for PathPersistError
{
129 fn source(&self) -> Option
<&(dyn error
::Error
+ '
static)> {
134 /// A path to a named temporary file without an open file handle.
136 /// This is useful when the temporary file needs to be used by a child process,
139 /// When dropped, the temporary file is deleted.
140 pub struct TempPath
{
145 /// Close and remove the temporary file.
147 /// Use this if you want to detect errors in deleting the file.
151 /// If the file cannot be deleted, `Err` is returned.
157 /// use tempfile::NamedTempFile;
160 /// # if let Err(_) = run() {
161 /// # ::std::process::exit(1);
164 /// # fn run() -> Result<(), io::Error> {
165 /// let file = NamedTempFile::new()?;
167 /// // Close the file, but keep the path to it around.
168 /// let path = file.into_temp_path();
170 /// // By closing the `TempPath` explicitly, we can check that it has
171 /// // been deleted successfully. If we don't close it explicitly, the
172 /// // file will still be deleted when `file` goes out of scope, but we
173 /// // won't know whether deleting the file succeeded.
178 pub fn close(mut self) -> io
::Result
<()> {
179 let result
= fs
::remove_file(&self.path
).with_err_path(|| &self.path
);
180 self.path
= PathBuf
::new();
185 /// Persist the temporary file at the target path.
187 /// If a file exists at the target path, persist will atomically replace it.
188 /// If this method fails, it will return `self` in the resulting
189 /// [`PathPersistError`].
191 /// Note: Temporary files cannot be persisted across filesystems. Also
192 /// neither the file contents nor the containing directory are
193 /// synchronized, so the update may not yet have reached the disk when
194 /// `persist` returns.
198 /// Only use this method if you're positive that a temporary file cleaner
199 /// won't have deleted your file. Otherwise, you might end up persisting an
200 /// attacker controlled file.
204 /// If the file cannot be moved to the new location, `Err` is returned.
209 /// # use std::io::{self, Write};
210 /// use tempfile::NamedTempFile;
213 /// # if let Err(_) = run() {
214 /// # ::std::process::exit(1);
217 /// # fn run() -> Result<(), io::Error> {
218 /// let mut file = NamedTempFile::new()?;
219 /// writeln!(file, "Brian was here. Briefly.")?;
221 /// let path = file.into_temp_path();
222 /// path.persist("./saved_file.txt")?;
227 /// [`PathPersistError`]: struct.PathPersistError.html
228 pub fn persist
<P
: AsRef
<Path
>>(mut self, new_path
: P
) -> Result
<(), PathPersistError
> {
229 match imp
::persist(&self.path
, new_path
.as_ref(), true) {
231 // Don't drop `self`. We don't want to try deleting the old
232 // temporary file path. (It'll fail, but the failure is never
234 self.path
= PathBuf
::new();
238 Err(e
) => Err(PathPersistError
{
245 /// Persist the temporary file at the target path if and only if no file exists there.
247 /// If a file exists at the target path, fail. If this method fails, it will
248 /// return `self` in the resulting [`PathPersistError`].
250 /// Note: Temporary files cannot be persisted across filesystems. Also Note:
251 /// This method is not atomic. It can leave the original link to the
252 /// temporary file behind.
256 /// Only use this method if you're positive that a temporary file cleaner
257 /// won't have deleted your file. Otherwise, you might end up persisting an
258 /// attacker controlled file.
262 /// If the file cannot be moved to the new location or a file already exists
263 /// there, `Err` is returned.
268 /// # use std::io::{self, Write};
269 /// use tempfile::NamedTempFile;
272 /// # if let Err(_) = run() {
273 /// # ::std::process::exit(1);
276 /// # fn run() -> Result<(), io::Error> {
277 /// let mut file = NamedTempFile::new()?;
278 /// writeln!(file, "Brian was here. Briefly.")?;
280 /// let path = file.into_temp_path();
281 /// path.persist_noclobber("./saved_file.txt")?;
286 /// [`PathPersistError`]: struct.PathPersistError.html
287 pub fn persist_noclobber
<P
: AsRef
<Path
>>(
290 ) -> Result
<(), PathPersistError
> {
291 match imp
::persist(&self.path
, new_path
.as_ref(), false) {
293 // Don't drop `self`. We don't want to try deleting the old
294 // temporary file path. (It'll fail, but the failure is never
296 self.path
= PathBuf
::new();
300 Err(e
) => Err(PathPersistError
{
307 /// Keep the temporary file from being deleted. This function will turn the
308 /// temporary file into a non-temporary file without moving it.
313 /// On some platforms (e.g., Windows), we need to mark the file as
314 /// non-temporary. This operation could fail.
319 /// # use std::io::{self, Write};
320 /// use tempfile::NamedTempFile;
323 /// # if let Err(_) = run() {
324 /// # ::std::process::exit(1);
327 /// # fn run() -> Result<(), io::Error> {
328 /// let mut file = NamedTempFile::new()?;
329 /// writeln!(file, "Brian was here. Briefly.")?;
331 /// let path = file.into_temp_path();
332 /// let path = path.keep()?;
337 /// [`PathPersistError`]: struct.PathPersistError.html
338 pub fn keep(mut self) -> Result
<PathBuf
, PathPersistError
> {
339 match imp
::keep(&self.path
) {
341 // Don't drop `self`. We don't want to try deleting the old
342 // temporary file path. (It'll fail, but the failure is never
344 let path
= mem
::replace(&mut self.path
, PathBuf
::new());
348 Err(e
) => Err(PathPersistError
{
356 impl fmt
::Debug
for TempPath
{
357 fn fmt(&self, f
: &mut fmt
::Formatter
<'_
>) -> fmt
::Result
{
362 impl Drop
for TempPath
{
364 let _
= fs
::remove_file(&self.path
);
368 impl Deref
for TempPath
{
371 fn deref(&self) -> &Path
{
376 impl AsRef
<Path
> for TempPath
{
377 fn as_ref(&self) -> &Path
{
382 impl AsRef
<OsStr
> for TempPath
{
383 fn as_ref(&self) -> &OsStr
{
384 self.path
.as_os_str()
388 /// A named temporary file.
390 /// The default constructor, [`NamedTempFile::new()`], creates files in
391 /// the location returned by [`std::env::temp_dir()`], but `NamedTempFile`
392 /// can be configured to manage a temporary file in any location
393 /// by constructing with [`NamedTempFile::new_in()`].
397 /// Most operating systems employ temporary file cleaners to delete old
398 /// temporary files. Unfortunately these temporary file cleaners don't always
399 /// reliably _detect_ whether the temporary file is still being used.
401 /// Specifically, the following sequence of events can happen:
403 /// 1. A user creates a temporary file with `NamedTempFile::new()`.
405 /// 3. The temporary file cleaner deletes (unlinks) the temporary file from the
407 /// 4. Some other program creates a new file to replace this deleted temporary
409 /// 5. The user tries to re-open the temporary file (in the same program or in a
410 /// different program) by path. Unfortunately, they'll end up opening the
411 /// file created by the other program, not the original file.
413 /// ## Operating System Specific Concerns
415 /// The behavior of temporary files and temporary file cleaners differ by
416 /// operating system.
420 /// On Windows, open files _can't_ be deleted. This removes most of the concerns
421 /// around temporary file cleaners.
423 /// Furthermore, temporary files are, by default, created in per-user temporary
424 /// file directories so only an application running as the same user would be
425 /// able to interfere (which they could do anyways). However, an application
426 /// running as the same user can still _accidentally_ re-create deleted
427 /// temporary files if the number of random bytes in the temporary file name is
430 /// So, the only real concern on Windows is:
432 /// 1. Opening a named temporary file in a world-writable directory.
433 /// 2. Using the `into_temp_path()` and/or `into_parts()` APIs to close the file
434 /// handle without deleting the underlying file.
435 /// 3. Continuing to use the file by path.
439 /// Unlike on Windows, UNIX (and UNIX like) systems allow open files to be
440 /// "unlinked" (deleted).
444 /// Like on Windows, temporary files are created in per-user temporary file
445 /// directories by default so calling `NamedTempFile::new()` should be
450 /// Unfortunately, most _Linux_ distributions don't create per-user temporary
451 /// file directories. Worse, systemd's tmpfiles daemon (a common temporary file
452 /// cleaner) will happily remove open temporary files if they haven't been
453 /// modified within the last 10 days.
455 /// # Resource Leaking
457 /// If the program exits before the `NamedTempFile` destructor is
458 /// run, such as via [`std::process::exit()`], by segfaulting, or by
459 /// receiving a signal like `SIGINT`, then the temporary file
460 /// will not be deleted.
462 /// Use the [`tempfile()`] function unless you absolutely need a named file.
464 /// [`tempfile()`]: fn.tempfile.html
465 /// [`NamedTempFile::new()`]: #method.new
466 /// [`NamedTempFile::new_in()`]: #method.new_in
467 /// [`std::env::temp_dir()`]: https://doc.rust-lang.org/std/env/fn.temp_dir.html
468 /// [`std::process::exit()`]: http://doc.rust-lang.org/std/process/fn.exit.html
469 pub struct NamedTempFile
{
474 impl fmt
::Debug
for NamedTempFile
{
475 fn fmt(&self, f
: &mut fmt
::Formatter
<'_
>) -> fmt
::Result
{
476 write
!(f
, "NamedTempFile({:?})", self.path
)
480 impl AsRef
<Path
> for NamedTempFile
{
482 fn as_ref(&self) -> &Path
{
487 /// Error returned when persisting a temporary file fails.
489 pub struct PersistError
{
490 /// The underlying IO error.
491 pub error
: io
::Error
,
492 /// The temporary file that couldn't be persisted.
493 pub file
: NamedTempFile
,
496 impl From
<PersistError
> for io
::Error
{
498 fn from(error
: PersistError
) -> io
::Error
{
503 impl From
<PersistError
> for NamedTempFile
{
505 fn from(error
: PersistError
) -> NamedTempFile
{
510 impl fmt
::Display
for PersistError
{
511 fn fmt(&self, f
: &mut fmt
::Formatter
<'_
>) -> fmt
::Result
{
512 write
!(f
, "failed to persist temporary file: {}", self.error
)
516 impl error
::Error
for PersistError
{
517 fn source(&self) -> Option
<&(dyn error
::Error
+ '
static)> {
523 /// Create a new named temporary file.
525 /// See [`Builder`] for more configuration.
529 /// This will create a temporary file in the default temporary file
530 /// directory (platform dependent). This has security implications on many
531 /// platforms so please read the security section of this type's
534 /// Reasons to use this method:
536 /// 1. The file has a short lifetime and your temporary file cleaner is
537 /// sane (doesn't delete recently accessed files).
539 /// 2. You trust every user on your system (i.e. you are the only user).
541 /// 3. You have disabled your system's temporary file cleaner or verified
542 /// that your system doesn't have a temporary file cleaner.
544 /// Reasons not to use this method:
546 /// 1. You'll fix it later. No you won't.
548 /// 2. You don't care about the security of the temporary file. If none of
549 /// the "reasons to use this method" apply, referring to a temporary
550 /// file by name may allow an attacker to create/overwrite your
551 /// non-temporary files. There are exceptions but if you don't already
552 /// know them, don't use this method.
556 /// If the file can not be created, `Err` is returned.
560 /// Create a named temporary file and write some data to it:
563 /// # use std::io::{self, Write};
564 /// use tempfile::NamedTempFile;
567 /// # if let Err(_) = run() {
568 /// # ::std::process::exit(1);
571 /// # fn run() -> Result<(), ::std::io::Error> {
572 /// let mut file = NamedTempFile::new()?;
574 /// writeln!(file, "Brian was here. Briefly.")?;
579 /// [`Builder`]: struct.Builder.html
580 pub fn new() -> io
::Result
<NamedTempFile
> {
581 Builder
::new().tempfile()
584 /// Create a new named temporary file in the specified directory.
586 /// See [`NamedTempFile::new()`] for details.
588 /// [`NamedTempFile::new()`]: #method.new
589 pub fn new_in
<P
: AsRef
<Path
>>(dir
: P
) -> io
::Result
<NamedTempFile
> {
590 Builder
::new().tempfile_in(dir
)
593 /// Get the temporary file's path.
597 /// Referring to a temporary file's path may not be secure in all cases.
598 /// Please read the security section on the top level documentation of this
599 /// type for details.
604 /// # use std::io::{self, Write};
605 /// use tempfile::NamedTempFile;
608 /// # if let Err(_) = run() {
609 /// # ::std::process::exit(1);
612 /// # fn run() -> Result<(), ::std::io::Error> {
613 /// let file = NamedTempFile::new()?;
615 /// println!("{:?}", file.path());
620 pub fn path(&self) -> &Path
{
624 /// Close and remove the temporary file.
626 /// Use this if you want to detect errors in deleting the file.
630 /// If the file cannot be deleted, `Err` is returned.
636 /// use tempfile::NamedTempFile;
639 /// # if let Err(_) = run() {
640 /// # ::std::process::exit(1);
643 /// # fn run() -> Result<(), io::Error> {
644 /// let file = NamedTempFile::new()?;
646 /// // By closing the `NamedTempFile` explicitly, we can check that it has
647 /// // been deleted successfully. If we don't close it explicitly,
648 /// // the file will still be deleted when `file` goes out
649 /// // of scope, but we won't know whether deleting the file
655 pub fn close(self) -> io
::Result
<()> {
656 let NamedTempFile { path, .. }
= self;
660 /// Persist the temporary file at the target path.
662 /// If a file exists at the target path, persist will atomically replace it.
663 /// If this method fails, it will return `self` in the resulting
664 /// [`PersistError`].
666 /// Note: Temporary files cannot be persisted across filesystems. Also
667 /// neither the file contents nor the containing directory are
668 /// synchronized, so the update may not yet have reached the disk when
669 /// `persist` returns.
673 /// This method persists the temporary file using its path and may not be
674 /// secure in the in all cases. Please read the security section on the top
675 /// level documentation of this type for details.
679 /// If the file cannot be moved to the new location, `Err` is returned.
684 /// # use std::io::{self, Write};
685 /// use tempfile::NamedTempFile;
688 /// # if let Err(_) = run() {
689 /// # ::std::process::exit(1);
692 /// # fn run() -> Result<(), io::Error> {
693 /// let file = NamedTempFile::new()?;
695 /// let mut persisted_file = file.persist("./saved_file.txt")?;
696 /// writeln!(persisted_file, "Brian was here. Briefly.")?;
701 /// [`PersistError`]: struct.PersistError.html
702 pub fn persist
<P
: AsRef
<Path
>>(self, new_path
: P
) -> Result
<File
, PersistError
> {
703 let NamedTempFile { path, file }
= self;
704 match path
.persist(new_path
) {
707 let PathPersistError { error, path }
= err
;
709 file
: NamedTempFile { path, file }
,
716 /// Persist the temporary file at the target path if and only if no file exists there.
718 /// If a file exists at the target path, fail. If this method fails, it will
719 /// return `self` in the resulting PersistError.
721 /// Note: Temporary files cannot be persisted across filesystems. Also Note:
722 /// This method is not atomic. It can leave the original link to the
723 /// temporary file behind.
727 /// This method persists the temporary file using its path and may not be
728 /// secure in the in all cases. Please read the security section on the top
729 /// level documentation of this type for details.
733 /// If the file cannot be moved to the new location or a file already exists there,
734 /// `Err` is returned.
739 /// # use std::io::{self, Write};
740 /// use tempfile::NamedTempFile;
743 /// # if let Err(_) = run() {
744 /// # ::std::process::exit(1);
747 /// # fn run() -> Result<(), io::Error> {
748 /// let file = NamedTempFile::new()?;
750 /// let mut persisted_file = file.persist_noclobber("./saved_file.txt")?;
751 /// writeln!(persisted_file, "Brian was here. Briefly.")?;
755 pub fn persist_noclobber
<P
: AsRef
<Path
>>(self, new_path
: P
) -> Result
<File
, PersistError
> {
756 let NamedTempFile { path, file }
= self;
757 match path
.persist_noclobber(new_path
) {
760 let PathPersistError { error, path }
= err
;
762 file
: NamedTempFile { path, file }
,
769 /// Keep the temporary file from being deleted. This function will turn the
770 /// temporary file into a non-temporary file without moving it.
775 /// On some platforms (e.g., Windows), we need to mark the file as
776 /// non-temporary. This operation could fail.
781 /// # use std::io::{self, Write};
782 /// use tempfile::NamedTempFile;
785 /// # if let Err(_) = run() {
786 /// # ::std::process::exit(1);
789 /// # fn run() -> Result<(), io::Error> {
790 /// let mut file = NamedTempFile::new()?;
791 /// writeln!(file, "Brian was here. Briefly.")?;
793 /// let (file, path) = file.keep()?;
798 /// [`PathPersistError`]: struct.PathPersistError.html
799 pub fn keep(self) -> Result
<(File
, PathBuf
), PersistError
> {
800 let (file
, path
) = (self.file
, self.path
);
802 Ok(path
) => Ok((file
, path
)),
803 Err(PathPersistError { error, path }
) => Err(PersistError
{
804 file
: NamedTempFile { path, file }
,
810 /// Securely reopen the temporary file.
812 /// This function is useful when you need multiple independent handles to
813 /// the same file. It's perfectly fine to drop the original `NamedTempFile`
814 /// while holding on to `File`s returned by this function; the `File`s will
815 /// remain usable. However, they may not be nameable.
819 /// If the file cannot be reopened, `Err` is returned.
823 /// Unlike `File::open(my_temp_file.path())`, `NamedTempFile::reopen()`
824 /// guarantees that the re-opened file is the _same_ file, even in the
825 /// presence of pathological temporary file cleaners.
831 /// use tempfile::NamedTempFile;
834 /// # if let Err(_) = run() {
835 /// # ::std::process::exit(1);
838 /// # fn run() -> Result<(), io::Error> {
839 /// let file = NamedTempFile::new()?;
841 /// let another_handle = file.reopen()?;
845 pub fn reopen(&self) -> io
::Result
<File
> {
846 imp
::reopen(self.as_file(), NamedTempFile
::path(self))
847 .with_err_path(|| NamedTempFile
::path(self))
850 /// Get a reference to the underlying file.
851 pub fn as_file(&self) -> &File
{
855 /// Get a mutable reference to the underlying file.
856 pub fn as_file_mut(&mut self) -> &mut File
{
860 /// Convert the temporary file into a `std::fs::File`.
862 /// The inner file will be deleted.
863 pub fn into_file(self) -> File
{
867 /// Closes the file, leaving only the temporary file path.
869 /// This is useful when another process must be able to open the temporary
871 pub fn into_temp_path(self) -> TempPath
{
875 /// Converts the named temporary file into its constituent parts.
877 /// Note: When the path is dropped, the file is deleted but the file handle
879 pub fn into_parts(self) -> (File
, TempPath
) {
880 (self.file
, self.path
)
884 impl Read
for NamedTempFile
{
885 fn read(&mut self, buf
: &mut [u8]) -> io
::Result
<usize> {
886 self.as_file_mut().read(buf
).with_err_path(|| self.path())
890 impl<'a
> Read
for &'a NamedTempFile
{
891 fn read(&mut self, buf
: &mut [u8]) -> io
::Result
<usize> {
892 self.as_file().read(buf
).with_err_path(|| self.path())
896 impl Write
for NamedTempFile
{
897 fn write(&mut self, buf
: &[u8]) -> io
::Result
<usize> {
898 self.as_file_mut().write(buf
).with_err_path(|| self.path())
901 fn flush(&mut self) -> io
::Result
<()> {
902 self.as_file_mut().flush().with_err_path(|| self.path())
906 impl<'a
> Write
for &'a NamedTempFile
{
907 fn write(&mut self, buf
: &[u8]) -> io
::Result
<usize> {
908 self.as_file().write(buf
).with_err_path(|| self.path())
911 fn flush(&mut self) -> io
::Result
<()> {
912 self.as_file().flush().with_err_path(|| self.path())
916 impl Seek
for NamedTempFile
{
917 fn seek(&mut self, pos
: SeekFrom
) -> io
::Result
<u64> {
918 self.as_file_mut().seek(pos
).with_err_path(|| self.path())
922 impl<'a
> Seek
for &'a NamedTempFile
{
923 fn seek(&mut self, pos
: SeekFrom
) -> io
::Result
<u64> {
924 self.as_file().seek(pos
).with_err_path(|| self.path())
929 impl std
::os
::unix
::io
::AsRawFd
for NamedTempFile
{
931 fn as_raw_fd(&self) -> std
::os
::unix
::io
::RawFd
{
932 self.as_file().as_raw_fd()
937 impl std
::os
::windows
::io
::AsRawHandle
for NamedTempFile
{
939 fn as_raw_handle(&self) -> std
::os
::windows
::io
::RawHandle
{
940 self.as_file().as_raw_handle()
944 pub(crate) fn create_named(
946 open_options
: &mut OpenOptions
,
947 ) -> io
::Result
<NamedTempFile
> {
948 // Make the path absolute. Otherwise, changing directories could cause us to
949 // delete the wrong file.
950 if !path
.is_absolute() {
951 path
= env
::current_dir()?
.join(path
)
953 imp
::create_named(&path
, open_options
)
954 .with_err_path(|| path
.clone())
955 .map(|file
| NamedTempFile
{
956 path
: TempPath { path }
,