The Tempfile argument of `basename` can use `../` without escaping. Therefore, directory traversal may occur and unintended files may be generated. #### create file patern ```log [vagrant@localhost ~]$ ls . [vagrant@localhost ~]$ irb irb(main):001:0> require 'tempfile' => true irb(main):002:0> …