From 0a928c24cad7ec4602fd169d801576baabdf7135 Mon Sep 17 00:00:00 2001
From: allegroai <>
Date: Tue, 30 Jan 2024 19:20:22 +0200
Subject: [PATCH] Fix unsafe usage of tempfile.mktemp

---
 clearml/storage/helper.py | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/clearml/storage/helper.py b/clearml/storage/helper.py
index 5da873db..77c8c020 100644
--- a/clearml/storage/helper.py
+++ b/clearml/storage/helper.py
@@ -17,7 +17,7 @@ from concurrent.futures import ThreadPoolExecutor
 from copy import copy
 from datetime import datetime
 from multiprocessing.pool import ThreadPool
-from tempfile import mktemp
+from tempfile import mkstemp
 from time import time
 from types import GeneratorType
 
@@ -2004,7 +2004,7 @@ class StorageHelper(object):
             return None
         # create temp file with the requested file name
         file_name = '.' + remote_url.split('/')[-1].split(os.path.sep)[-1]
-        local_path = mktemp(suffix=file_name)
+        _, local_path = mkstemp(suffix=file_name)
         return helper.download_to_file(remote_url, local_path, skip_zero_size_check=skip_zero_size_check)
 
     def __init__(
@@ -2614,7 +2614,9 @@ class StorageHelper(object):
         try:
             if verbose:
                 self._log.info("Start downloading from {}".format(remote_path))
-            if not overwrite_existing and Path(local_path).is_file():
+            # check for 0 sized files as well - we want to override empty files that were created
+            # via mkstemp or similar functions
+            if not overwrite_existing and Path(local_path).is_file() and Path(local_path).stat().st_size != 0:
                 self._log.debug(
                     'File {} already exists, no need to download, thread id = {}'.format(
                         local_path,