DeepSource
Dashboard Resources Pricing Discover Directory Log in

Run your first analysis.

Find thousands of code security and quality issues in your codebase, before they end up in production.

Start now
Rust

Rust

Made by DeepSource
Use Analyzer

Setting global write permission on file RS-S1016

Security
Critical
 a01 cwe-732 owasp top 10 cwe-284

Calling set_readonly(false) on a std::fs::Permissions object results in the file being world-writable, and is equivalent to running chmod a+w on the file. This provides global write access to all users and processes, and introduces an insecure permissions vulnerability.

Use the set_mode() method provided by the std::fs::PermissionsExt trait to provide secure write access to a file.

Bad practice

use std::fs::File;

fn foo() {
    let f = File::create("foo.txt").unwrap();
    let metadata = f.metadata().unwrap();
    let mut permissions = metadata.permissions();
    permissions.set_readonly(false);
}

Recommended

use std::fs::File;

fn foo() {
    let f = File::create("foo.txt").unwrap();
    let metadata = f.metadata().unwrap();
    let mut permissions = metadata.permissions();
    // Set write permission for file owner
    permissions.set_mode(0o644);
}

References