All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.sonar.l10n.py.rules.python.S2612.html Maven / Gradle / Ivy

There is a newer version: 4.23.0.17664
Show newest version

In Unix file system permissions, the "others" category refers to all users except the owner of the file system resource and the members of the group assigned to this resource.

Granting permissions to this category can lead to unintended access to files or directories that could allow attackers to obtain sensitive information, disrupt services or elevate privileges.

Ask Yourself Whether

  • The application is designed to be run on a multi-user environment.
  • Corresponding files and directories may contain confidential information.

There is a risk if you answered yes to any of those questions.

Recommended Secure Coding Practices

The most restrictive possible permissions should be assigned to files and directories.

Sensitive Code Example

For os.umask:

os.umask(0)  # Sensitive

For os.chmod, os.lchmod, and os.fchmod:

os.chmod("/tmp/fs", stat.S_IRWXO)   # Sensitive
os.lchmod("/tmp/fs", stat.S_IRWXO)  # Sensitive
os.fchmod(fd, stat.S_IRWXO)         # Sensitive

Compliant Solution

For os.umask:

os.umask(0o777)

For os.chmod, os.lchmod, and os.fchmod:

os.chmod("/tmp/fs", stat.S_IRWXU)
os.lchmod("/tmp/fs", stat.S_IRWXU)
os.fchmod(fd, stat.S_IRWXU)

See





© 2015 - 2024 Weber Informatics LLC | Privacy Policy