Is your feature request related to a problem? Please describe.
Right now we are creating non-temporary folders where we download the pull request files for deletion and then we delete all those folders and their content.
It's better to use temp folders because that way for whatever reason Precaution fails to delete those folders the OS itself will delete them in future.
Another argument is that using temp folders is a lot harder to predict the path or use path-traversal based attacks.
There is a problem to implement this right now because Gosec is depending heavily on the GOPATH and the location of all go files.
When they adopt Go modules (which will happen really soon: https://github.com/securego/gosec/pull/297) we won't be restricted by the GOPATH.
Is your feature request related to a problem? Please describe. Right now we are creating non-temporary folders where we download the pull request files for deletion and then we delete all those folders and their content. It's better to use temp folders because that way for whatever reason Precaution fails to delete those folders the OS itself will delete them in future.
Another argument is that using temp folders is a lot harder to predict the path or use path-traversal based attacks.
There is a problem to implement this right now because Gosec is depending heavily on the GOPATH and the location of all go files. When they adopt Go modules (which will happen really soon: https://github.com/securego/gosec/pull/297) we won't be restricted by the GOPATH.
Describe the solution you'd like The solution will be just to use the OS temp directory with this function - https://nodejs.org/api/os.html#os_os_tmpdir and then create a directory with a unique name with this function - https://nodejs.org/api/fs.html#fs_fs_mkdtemp_prefix_options_callback