Permissive file assignment

Overview

Rule ID: javascript_lang_file_permissions
Applicable Languages: Javascript
Weakness ID: CWE-732

Description

Permissive file assignment exposes sensitive information by granting excessive read, write, or execute permissions to users who do not have ownership privileges. This can lead to unauthorized access and manipulation of files, increasing the risk of data breaches and security vulnerabilities.

Remediation Guidelines

Do keep file permissions as restrictive as possible to minimize the risk of unauthorized access. Use the principle of least privilege to grant only the permissions necessary for the operation of the application.
```
fs.chmod(path, 0o600);
```
Do prefer assigning file permissions to 'groups' rather than 'other' when you need to extend privileges to users who are not the owners. This approach helps limit access to a more controlled set of users.

References

CWE-732: Incorrect Permission Assignment for Critical Resource

Configuration

To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our SAST TOOL

PreviousObservable Timing Discrepancy NextPermissive origin in postMessage

Last updated 8 months ago