Permissive file creation

• Rule ID: go_gosec_filesystem_poor_write_permissions
• Languages: go
• Source: poor_write_permissions.yml

Description

Your application sets file permissions that are overly permissive. This oversight could let unauthorized individuals read, write, or execute files, which could lead to the exposure of sensitive information or other security risks.

Remediations

• Do use restrictive file permissions. Assign file permissions that strictly limit access, aligning with what your application genuinely needs:
  • 0400 for read-only access by the file's owner.
  • 0200 for write-only access by the file's owner.
  • 0600 for read and write access by the file's owner, suitable for files that the application needs to read from and write to.
• Do set the correct permissions when you create or modify files. This step is crucial to prevent unauthorized access right from the start.
• Do regularly review and audit file permissions in your system to ensure they adhere to the principle of least privilege, minimizing the access level to what is strictly necessary for operational functionality.

References

• Go Documentation for os Package
• Linux 'chmod' Command
• OWASP File Handling Best Practices

Associated CWE

• CWE-732: Incorrect Permission Assignment for Critical Resource

Configuration

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=go_gosec_filesystem_poor_write_permissions

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=go_gosec_filesystem_poor_write_permissions