Q
Detector Library
C detectors (34/34)
Logging of sensitive informationInsecure Use Of ChrootDeadlock And Lock InconsistencyUnsafe File ExtensionOS command injectionIncorrect Use Of FreeUse Of Uninitialized VariableInsecure Use strcat fnSQL injectionBitwise Operator On Signed OperandInsecure use gets fnRandom fd exhaustionRedundant Free UsageInsecure Use MemsetDivide By Zero.Return Stack AddressUnchecked Return ValueIncorrect Format SpecifierUnhandled Expression ResultPath traversalImproper Input ValidationOut Of Bounds ReadInteger OverflowInsecure use strtok functionImproper size of a memory bufferincomplete-cleanupNull pointer dereferenceInsecure Temporary File Or DirectoryInsecure Buffer AccessIncorrect Use Ato FnLoose File PermissionsExposure of Sensitive InformationOut-of-bounds WriteString Equality
Loose File Permissions High
Detects files with world write or read permissions, highlighting security risks and emphasizing the importance of restricting access for improved data protection.
Detector ID
c/loose-file-permissions@v1.0
Category
Noncompliant example
1#include <sys/stat.h>
2#include <fcntl.h>
3
4void looseFilePermissionsNonCompliant(){
5
6 int fd;
7
8 // Noncompliant: The process set 777 permissions to this newly created file
9 open("myfile.txt", O_CREAT, S_IRWXU | S_IRWXG | S_IRWXO);
10
11 // Noncompliant: The process try to set 777 permissions to this newly created directory
12 mkdir("myfolder", S_IRWXU | S_IRWXG | S_IRWXO);
13
14 // Noncompliant: The process set 777 permissions to this file
15 chmod("myfile.txt", S_IRWXU | S_IRWXG | S_IRWXO);
16}
Compliant example
1#include <sys/stat.h>
2#include <fcntl.h>
3
4void looseFilePermissionsCompliant(){
5
6 int fd;
7
8 // Compliant: The O_CREAT flag indicates that the file should be created if it doesn't exist.
9 open("myfile.txt", O_CREAT, S_IRWXU | S_IRWXG);
10 // Compliant: further created files or directories will not have permissions set for "other group"
11 umask(S_IRWXO);
12
13}