Incorrect default permissions
Description
The application is setting file permissions to overly permissive values. Consider using the following values if the application user is the only process to access the file: 0400 for read only access, 0200 for write only access, or 0600 for read/write access.
Examples
Insecure Code
go
ioutil.WriteFile("file.txt", dat, 0644)Secure Code
go
os.WriteFile("file.txt", dat, 0600)Remediation
Use the os.WriteFile function with the correct permissions, such as 0600 for read/write access to the file.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0785 |
| Category | AccessControl |
| Severity | MEDIUM |
| CWE | CWE-276 |
| Confidence | HIGH |
| Impact | MEDIUM |
| Likelihood | MEDIUM |
| Exploitability | MODERATE |
| Tags | permissions, file system |
| OWASP | A5:2017-Broken Access Control, A01:2021-Broken Access Control |