From 9117238c218ed4b26290a8028536a2a8e2eac50b Mon Sep 17 00:00:00 2001
From: openrefactory <research@openrefactory.com>
Date: Wed, 31 Aug 2022 12:53:20 +0600
Subject: [PATCH] Suggested fixes by iCR, OpenRefactory, Inc.

---
 git/index/base.py | 6 +++++-
 git/index/util.py | 4 +++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/git/index/base.py b/git/index/base.py
index 10f8b8b25..797e54e13 100644
--- a/git/index/base.py
+++ b/git/index/base.py
@@ -4,6 +4,7 @@
 # This module is part of GitPython and is released under
 # the BSD License: http://www.opensource.org/licenses/bsd-license.php
 
+from ast import Delete
 import glob
 from io import BytesIO
 import os
@@ -351,7 +352,10 @@ def from_tree(cls, repo: "Repo", *treeish: Treeish, **kwargs: Any) -> "IndexFile
 
         # tmp file created in git home directory to be sure renaming
         # works - /tmp/ dirs could be on another device
-        tmp_index = tempfile.mktemp("", "", repo.git_dir)
+
+        # OpenRefactory Warning: The method 'tempfile.mktemp' creates temporary file in an insecure way.
+        # use 'NamedTemporaryFile' instead of using 'mktemp' to create temporary file
+        tmp_index = tempfile.NamedTemporaryFile("", "", repo.git_dir).name
         arg_list.append("--index-output=%s" % tmp_index)
         arg_list.extend(treeish)
 
diff --git a/git/index/util.py b/git/index/util.py
index bfc7fadd6..a3aac43de 100644
--- a/git/index/util.py
+++ b/git/index/util.py
@@ -40,7 +40,9 @@ class TemporaryFileSwap(object):
 
     def __init__(self, file_path: PathLike) -> None:
         self.file_path = file_path
-        self.tmp_file_path = str(self.file_path) + tempfile.mktemp("", "", "")
+        # OpenRefactory Warning: The method 'tempfile.mktemp' creates temporary file in an insecure way.
+        # use 'NamedTemporaryFile' instead of using 'mktemp' to create temporary file
+        self.tmp_file_path = str(self.file_path) + tempfile.NamedTemporaryFile("", "", "").name
         # it may be that the source does not exist
         try:
             os.rename(self.file_path, self.tmp_file_path)