Pattern: Avoid permissive file permissions
Issue: -
This rule looks for the use of chmod and will alert when it is used
to set particularly permissive control flags. Discretion should be used when granting write access to files such as configuration files to prevent vulnerabilities including denial of service and remote code execution.
POSIX based operating systems utilize a permissions model to protect access to
parts of the file system. This model supports three roles - owner, group and
world. Each role may have a combination of read, write or execute flags
sets. Python provides chmod to manipulate POSIX style permissions.
Example of insecure code:
os.chmod('/etc/passwd', 07)Example of secure code:
os.chmod('/etc/passwd', 0664)