Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

G306 can be easily bypassed by os.Create #1019

Closed
seiyab opened this issue Sep 25, 2023 · 1 comment · Fixed by #1020
Closed

G306 can be easily bypassed by os.Create #1019

seiyab opened this issue Sep 25, 2023 · 1 comment · Fixed by #1020

Comments

@seiyab
Copy link

seiyab commented Sep 25, 2023

os.Create creates file with permission 0666.
https://pkg.go.dev/os#Create

os.Create is usually preffered to create & truncate a file so it can accidentally bypass G306 even if developers want to enforce stricter permissions.

I'm not sure what can be a reasonable behavior. Reporting os.Create if allowed permission is stricter than 0666 can be an instant one.
@seiyab seiyab changed the title G306 can be easily biased by os.Create G306 can be easily bypassed by os.Create Sep 25, 2023
@ccojocar
Copy link
Member

Thanks for bringing this up. I think adding a new rule for this, it would be appropriate.

@ccojocar ccojocar mentioned this issue Sep 25, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@ccojocar @seiyab