CodeQL documentation

Overly permissive file permissions

ID: py/overly-permissive-file
Kind: problem
Severity: warning
Precision: medium
Tags:
   - external/cwe/cwe-732
   - security
Query suites:
   - python-security-extended.qls
   - python-security-and-quality.qls

Click to see the query in the CodeQL repository

When creating a file, POSIX systems allow permissions to be specified for owner, group and others separately. Permissions should be kept as strict as possible, preventing access to the files contents by other users.

Recommendation

Restrict the file permissions of files to prevent any but the owner being able to read or write to that file

References