Usage of permissive file permission ('other')

Description

Having overly permissive file permissions, such as extending read, write, or execute privileges to 'other', is risky and could lead to accidental exposure of sensitive information.

Remediations

✅ Keep file permissions as restrictive as possible. With the Posix enum, for example, prefer 'groups' to 'other', when extending privileges to users without owner privileges.

  permissions.add(PosixFilePermission.GROUP_WRITE)

Resources

Associated CWE

Configuration

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=java_lang_file_permission_others

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=java_lang_file_permission_others