Skip to content

python.ephemeral_filesystem_write

Stability Medium

Detects writes to local filesystem paths that may be ephemeral in containerized or serverless environments (Docker, Kubernetes, Lambda, etc.).

Why It Matters

In modern cloud environments, the local filesystem is typically ephemeral:

Container restarts — Data written to the container filesystem is lost on restart
Serverless functions — Lambda/Cloud Functions have no persistent local storage
Horizontal scaling — Different instances don’t share local files
Deployment updates — New container images don’t have data from old containers

Example

# ❌ Before (ephemeral write)
with open("output.txt", "w") as f:
    f.write(data)

import pickle
with open("model.pkl", "wb") as f:
    pickle.dump(model, f)

# ✅ After (persistent storage)
# Option 1: Use object storage
import boto3
s3 = boto3.client('s3')
s3.put_object(Bucket='my-bucket', Key='output.txt', Body=data)

# Option 2: Use mounted volume
with open("/mnt/persistent/output.txt", "w") as f:
    f.write(data)

# Option 3: Use database
db.execute("INSERT INTO files (name, content) VALUES (?, ?)", ['output.txt', data])

What Unfault Detects

open() with write modes (‘w’, ‘a’, ‘x’, ‘wb’, etc.)
pathlib.Path.write_text() and write_bytes()
tempfile.NamedTemporaryFile, mkstemp, mkdtemp
os.mkdir, os.makedirs
shutil.copy, shutil.move
pickle.dump, json.dump, torch.save, joblib.dump

Auto-Fix

Unfault generates patches with comments suggesting persistent storage alternatives:

# Fix: Use object storage instead of local filesystem:
# s3 = boto3.client('s3')
# s3.put_object(Bucket='my-bucket', Key='output.txt', Body=data)

Persistent Path Patterns

These paths are considered persistent and won’t trigger findings:

/mnt/ — Mounted volumes
/data/, /var/data/ — Common data directories
/efs/, /nfs/ — Network filesystems
s3://, gs://, az:// — Cloud storage URIs
Environment variable paths (configurable locations)