Skip to content
unfault

go.ephemeral_filesystem_write

Stability Medium

Detects filesystem writes to ephemeral locations in containerized environments.

Why It Matters

Section titled “Why It Matters”

Ephemeral writes:

  • Lost on restart — Container restarts lose local files
  • Not shared — Multiple instances don’t share files
  • Lost on scale — New pods don’t have the data

Example

Section titled “Example”
// ❌ Before (ephemeral)
func saveFile(data []byte) error {
    return os.WriteFile("/tmp/data.json", data, 0644)
}
// ✅ After (persistent storage)
func saveFile(ctx context.Context, data []byte) error {
    // Use S3 or mounted volume
    _, err := s3Client.PutObject(ctx, &s3.PutObjectInput{
        Bucket: aws.String("my-bucket"),
        Key:    aws.String("data.json"),
        Body:   bytes.NewReader(data),
    })
    return err
}

What Unfault Detects

Section titled “What Unfault Detects”
  • os.WriteFile() to local paths
  • os.Create() for persistent data
  • ioutil.WriteFile() in containerized apps
Section titled “Related Rules”