Fix: Secure temporary file creation in chisel edit_session (#11744)

* Update dispatcher.rs

* Update Cargo.toml

* Update dispatcher.rs

* Update Cargo.toml

Author: zeevick10

crates/chisel/Cargo.toml

@@ -26,6 +26,8 @@ foundry-compilers.workspace = true
 foundry-config.workspace = true
 foundry-evm.workspace = true
 
+tempfile.workspace = true
+
 solar.workspace = true
 
 alloy-dyn-abi = { workspace = true, features = ["arbitrary"] }

crates/chisel/src/dispatcher.rs

@@ -27,10 +27,12 @@ use solar::{
 };
 use std::{
     borrow::Cow,
+    io::Write,
     ops::ControlFlow,
     path::{Path, PathBuf},
     process::Command,
 };
+use tempfile::Builder;
 use tracing::debug;
 use yansi::Paint;
 
@@ -488,20 +490,25 @@ impl ChiselDispatcher {
 
     pub(crate) async fn edit_session(&mut self) -> Result<()> {
         // create a temp file with the content of the run code
-        let tmp = std::env::temp_dir().join("chisel-tmp.sol");
-        std::fs::write(&tmp, self.source().run_code.as_bytes())
+        let mut tmp = Builder::new()
+            .prefix("chisel-")
+            .suffix(".sol")
+            .tempfile()
+            .wrap_err("Could not create temporary file")?;
+        tmp.as_file_mut()
+            .write_all(self.source().run_code.as_bytes())
             .wrap_err("Could not write to temporary file")?;
 
         // open the temp file with the editor
         let editor = std::env::var("EDITOR").unwrap_or_else(|_| "vim".to_string());
         let mut cmd = Command::new(editor);
-        cmd.arg(&tmp);
+        cmd.arg(tmp.path());
         let st = cmd.status()?;
         if !st.success() {
             eyre::bail!("Editor exited with {st}");
         }
 
-        let edited_code = std::fs::read_to_string(tmp)?;
+        let edited_code = std::fs::read_to_string(tmp.path())?;
         let mut new_source = self.source().clone();
         new_source.clear_run();
         new_source.add_run_code(&edited_code);