Incorrect permission assignment for critical resource

Description

The application is setting file permissions to overly permissive values. Consider using restrictive permissions such as 0400 for read-only access, 0200 for write-only access, or 0600 for read/write access to the file.

Examples

Insecure Code

python

os.chmod('somefile.txt', 0o777)

Secure Code

python

os.chmod('somefile.txt', 0o600)

Remediation

Use os.chmod with restrictive permissions, for example: os.chmod('somefile.txt', 0o600) for read/write access to the file.

Rule Details

Field	Value
ID	CODE-0153
Category	AccessControl
Severity	MEDIUM
CWE	CWE-732
Confidence	HIGH
Impact	MEDIUM
Likelihood	MEDIUM
Exploitability	MODERATE
Tags	file permissions, access control
OWASP	A5:2017-Broken Access Control, A01:2021-Broken Access Control

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

Incorrect permission assignment for critical resource

Description

Examples

Insecure Code

Secure Code

Remediation

Rule Details

SAST Rules

IaC Rules

License Rules

Incorrect permission assignment for critical resource ​

Description ​

Examples ​

Insecure Code ​

Secure Code ​

Remediation ​

Rule Details ​

Incorrect permission assignment for critical resource

Description

Examples

Insecure Code

Secure Code

Remediation

Rule Details