Too Long; Didn't Read
SonarSource announces a new rule to detect a literal race condition: TOCTOU (or TOCTTOU) vulnerabilities, known in long-form as Time Of Check (to) Time Of Use. The idea is that there's a window of opportunity between when a privileged program checks a file (Does the file exist? Are permissions okay for what we're about to do? …) and when it operates on that file. In that window, an attacker could replace the file with e.g. a symlink to `/etc/passwd` and the operation you meant to perform on `/home/ann/tmp` happens to an important system file instead.