AWS logo
Amazon QDetector Library

Loose file permissions High

File and directory permissions should be granted to specific users and groups. Granting permissions to wildcards, such as everyone or others, can lead to privilege escalations, leakage of sensitive information, and inadvertently running malicious code.

Detector ID
python/loose-file-permissions@v1.0
Category
Common Weakness Enumeration (CWE) external icon

Noncompliant example

1def change_file_permissions_noncompliant():
2    import os
3    import stat
4    # Noncompliant: permissions assigned to all users.
5    os.chmod("sample.txt", stat.S_IRWXU | stat.S_IRWXG | stat.S_IRWXO)

Compliant example

1def change_file_permissions_compliant():
2    import os
3    import stat
4    # Compliant: permissions assigned to owner and owner group.
5    os.chmod("sample.txt", stat.S_IRWXU | stat.S_IRWXG)