Summary
Refactor scripts/diffcheck.sh
to improve security and reliability by replacing fixed /tmp
paths with secure temporary directories and avoiding destructive git checkout
.
Changes
- Secure temp files: Use
mktemp -d
with automatic cleanup viatrap
instead of hardcoded/tmp
paths - Non-destructive git operations: Replace
git checkout HEAD^
withgit archive
to avoid modifying working tree state