Overly permissive file permissions¶
ID: py/overly-permissive-fileKind: problemSecurity severity: 7.8Severity: warningPrecision: mediumTags: - external/cwe/cwe-732 - securityQuery suites: - python-security-extended.qls - python-security-and-quality.qls
Click to see the query in the CodeQL repository
When creating a file, POSIX systems allow permissions to be specified for owner, group and others separately. Permissions should be kept as strict as possible, preventing access to the files contents by other users.
Recommendation¶
Restrict the file permissions of files to prevent any but the owner being able to read or write to that file
References¶
Wikipedia:File system permissions.
Common Weakness Enumeration:CWE-732.