CS-S1000 · Filesystem related permissions specified are too broad

Filesystem related permissions specified are too broad CS-S1000

Security

Critical

8 months ago — 8 months old

a01 a04 cwe-276 cwe-732 cwe-266 sans top 25 owasp top 10

Access rule specifies broad permissions

 9    {
10        // CS-S1000: Broad permissions granted.
11        // https://deepsource.io/directory/analyzers/csharp/issues/CS-S1000
12        var accessRule = new FileSystemAccessRule("Everyone", FileSystemRights.FullControl, AccessControlType.Allow);13
14        // CS-A1008: Insecurely generated random number.
15        // https://deepsource.io/directory/analyzers/csharp/issues/CS-A1008

Description

It is always recommended that you grant only the minimum required permissions to the necessary user accounts rather than providing complete control to everyone. Giving full control may lead to unintended access that may put your organization and any potentially sensitive information at risk. Consider limiting the scope of the permissions.

Bad Practice

new FileSystemAccessRule("Everyone", FileSystemRights.FullControl, AccessControlType.Allow)

deepsourcestatus / test-repository

Bad Practice

Recommended

Reference