Expect directory permissions to be 0750 or less
19func TestMtimeFS(t *testing.T) {
20 os.RemoveAll("testdata")
21 defer os.RemoveAll("testdata")
22 os.Mkdir("testdata", 0755) 23 ioutil.WriteFile("testdata/exists0", []byte("hello"), 0644)
24 ioutil.WriteFile("testdata/exists1", []byte("hello"), 0644)
25 ioutil.WriteFile("testdata/exists2", []byte("hello"), 0644)
Expect directory permissions to be 0750 or less
199 theTest := func(t *testing.T, fs *mtimeFS, shouldSucceed bool) {
200 os.RemoveAll("testdata")
201 defer os.RemoveAll("testdata")
202 os.Mkdir("testdata", 0755)203 ioutil.WriteFile("testdata/FiLe", []byte("hello"), 0644)
204
205 // a random time with nanosecond precision
Expect directory permissions to be 0750 or less
227 sort.Strings(testCases)
228
229 for _, sub := range testCases {
230 if err := os.Mkdir(filepath.Join(dir, sub), 0777); err != nil {231 t.Error(err)
232 }
233 }
Description
Excessive permissions granted when creating a directory. This warning is
triggered whenever permission greater than 0750
is given.
In general, all security rules follow the principle of least privilege, except when the created directory needs to be accessed by anyone other than the user creating it.
Bad practice
package main
import (
"fmt"
"os"
)
func main() {
err := os.Mkdir("/tmp/mydir", 0777)
if err != nil {
fmt.Println("Error when creating a directory!")
return
}
}
Recommended
package main
import (
"fmt"
"os"
)
func main() {
err := os.Mkdir("/tmp/mydir", 0600)
if err != nil {
fmt.Println("Error when creating a directory!")
return
}
}