CodeQL documentation

Overly permissive file permissions

ID: py/overly-permissive-file
Kind: problem
Severity: warning
Precision: medium
   - external/cwe/cwe-732
   - security
Query suites:
   - python-security-extended.qls
   - python-security-and-quality.qls

Click to see the query in the CodeQL repository

When creating a file, POSIX systems allow permissions to be specified for owner, group and others separately. Permissions should be kept as strict as possible, preventing access to the files contents by other users.


Restrict the file permissions of files to prevent any but the owner being able to read or write to that file