From bd1399c861315eaa654fb32dda6c18e3879ebe41 Mon Sep 17 00:00:00 2001
From: A <258483684+la14-1@users.noreply.github.com>
Date: Sun, 8 Mar 2026 18:46:48 -0700
Subject: [PATCH] fix: use mktemp in _sprite_fix_config to prevent race
 conditions (#2359)

Replaces ${cfg}.fix$$ temp pattern with mktemp for guaranteed uniqueness.
Both temp file usages in the function are updated.

Fixes #2354

Agent: security-auditor

Co-authored-by: B <6723574+louisgv@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 sh/e2e/lib/clouds/sprite.sh | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/sh/e2e/lib/clouds/sprite.sh b/sh/e2e/lib/clouds/sprite.sh
index 1370d352..bb5e90be 100644
--- a/sh/e2e/lib/clouds/sprite.sh
+++ b/sh/e2e/lib/clouds/sprite.sh
@@ -31,14 +31,16 @@ _sprite_fix_config() {
     # The sprite CLI's concurrent writes append an extra } at the end.
     # Use grep on the whole file for any line that is just }}
     if grep -q '^}}$' "${cfg}" 2>/dev/null; then
-      local tmp="${cfg}.fix$$"
+      local tmp
+      tmp=$(mktemp "${cfg}.XXXXXX") || return
       sed 's/^}}$/}/' "${cfg}" > "${tmp}" 2>/dev/null && mv "${tmp}" "${cfg}" 2>/dev/null || rm -f "${tmp}"
     fi
     # Also check if last non-empty line ends with }}
     local last_content
     last_content=$(tail -5 "${cfg}" | grep -v '^$' | tail -1)
     if printf '%s' "${last_content}" | grep -q '}}$'; then
-      local tmp="${cfg}.fix$$"
+      local tmp
+      tmp=$(mktemp "${cfg}.XXXXXX") || return
       # Replace the LAST occurrence of }} with }
       sed '$ s/}}$/}/' "${cfg}" > "${tmp}" 2>/dev/null && mv "${tmp}" "${cfg}" 2>/dev/null || rm -f "${tmp}"
     fi