Permissive folder creation

  • Rule ID: go_gosec_file_permissions_mkdir
  • Languages: go
  • Source: mkdir.yml

Description

Incorrect directory permissions can severely compromise system security.Directories with overly permissive access rights can allow unauthorized users to manipulate files, potentially leading to malicious code execution, data breaches, or full system compromise.

Remediations

  • Do not use overly broad permissions like 0777 for directories, as this allows all users to read, write, and execute files, posing a significant security risk.
    os.Mkdir("example_directory", 0777) // unsafe
  • Do set directory permissions to:
    • 0700 for private user data, granting full control to the owner only.
    • 0750 for directories requiring group access, granting full control to the owner and read/execute to the group.
    os.Mkdir("secure_directory", 0700)
  • Do verify file permissions after creation or update to ensure they are set as intended.
  • Do consider setting umask to a secure default, if your application creates multiple files, to ensure that files are created with safe default permissions.
  • Do regularly review and audit file permissions in your system to ensure they adhere to the principle of least privilege, minimizing the access level to what is strictly necessary for operational functionality.

Associated CWE

Configuration

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=go_gosec_file_permissions_mkdir

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=go_gosec_file_permissions_mkdir