GSC-G301 @ af968bb • concourse / concourse

Run summary

a month ago

86386eb..af968bb

3 mins 57 s

Poor file permissions used when creating a directory GSC-G301

Security

Major

9 occurrences in this check

a05 cwe-276 owasp top 10

Expect directory permissions to be 0750 or less

go-archive/zipfs/extract.go

59			return err
60		}
61	} else {
62		err := os.MkdirAll(filepath.Dir(filePath), 0755)63		if err != nil {
64			return err
65		}

Expect directory permissions to be 0750 or less

go-archive/zipfs/extract.go

12func Extract(srcFile string, dest string) error {
13	path, err := exec.LookPath("unzip")
14	if err == nil {
15		err = os.MkdirAll(dest, 0755)16		if err != nil {
17			return err
18		}

Expect directory permissions to be 0750 or less

go-archive/tgzfs/shell_out.go

14)
15
16func tarExtract(tarPath string, src io.Reader, dest string) error {
17	err := os.MkdirAll(dest, 0755)18	if err != nil {
19		return err
20	}

Expect directory permissions to be 0750 or less

go-archive/tgzfs/compress_test.go

 29		err = os.Mkdir(filepath.Join(dir, "outer-dir"), 0755)
 30		Expect(err).NotTo(HaveOccurred())
 31
 32		err = os.Mkdir(filepath.Join(dir, "outer-dir", "inner-dir"), 0755) 33		Expect(err).NotTo(HaveOccurred())
 34
 35		innerFile, err := os.Create(filepath.Join(dir, "outer-dir", "inner-dir", "some-file"))

Expect directory permissions to be 0750 or less

go-archive/tgzfs/compress_test.go

 26		dir, err := ioutil.TempDir("", "archive-dir")
 27		Expect(err).NotTo(HaveOccurred())
 28
 29		err = os.Mkdir(filepath.Join(dir, "outer-dir"), 0755) 30		Expect(err).NotTo(HaveOccurred())
 31
 32		err = os.Mkdir(filepath.Join(dir, "outer-dir", "inner-dir"), 0755)

Expect directory permissions to be 0750 or less

go-archive/tarfs/shell_out.go

14)
15
16func tarExtract(tarPath string, src io.Reader, dest string) error {
17	err := os.MkdirAll(dest, 0755)18	if err != nil {
19		return err
20	}

Expect directory permissions to be 0750 or less

go-archive/tarfs/extract.go

 60	fileInfo := header.FileInfo()
 61	fileMode := fileInfo.Mode()
 62
 63	err := os.MkdirAll(filepath.Dir(filePath), 0755) 64	if err != nil {
 65		return err
 66	}

Expect directory permissions to be 0750 or less

go-archive/tarfs/compress_test.go

 28		err = os.Mkdir(filepath.Join(dir, "outer-dir"), 0755)
 29		Expect(err).NotTo(HaveOccurred())
 30
 31		err = os.Mkdir(filepath.Join(dir, "outer-dir", "inner-dir"), 0755) 32		Expect(err).NotTo(HaveOccurred())
 33
 34		innerFile, err := os.Create(filepath.Join(dir, "outer-dir", "inner-dir", "some-file"))

Expect directory permissions to be 0750 or less

go-archive/tarfs/compress_test.go

 25		dir, err := ioutil.TempDir("", "archive-dir")
 26		Expect(err).NotTo(HaveOccurred())
 27
 28		err = os.Mkdir(filepath.Join(dir, "outer-dir"), 0755) 29		Expect(err).NotTo(HaveOccurred())
 30
 31		err = os.Mkdir(filepath.Join(dir, "outer-dir", "inner-dir"), 0755)

Description

Excessive permissions granted when creating a directory. This warning is triggered whenever permission greater than 0750 is given.

In general, all security rules follow the principle of least privilege, except when the created directory needs to be accessed by anyone other than the user creating it.

Bad practice

package main

import (
    "fmt"
    "os"
)

func main() {
    err := os.Mkdir("/tmp/mydir", 0777)
    if err != nil {
        fmt.Println("Error when creating a directory!")
        return
    }
}

concourse / concourse

Bad practice

Recommended

References