GSC-G302 @ 019e0ce • syncthing / syncthing

Run summary

3 years ago

4e2a9bb..019e0ce

1 min 58 s

Poor file permissions used when creating a file or using os.Chmod GSC-G302

Security

Major

4 occurrences in this check

a05 cwe-276 owasp top 10

Expect file permissions to be 0600 or less

lib/fs/basicfs_test.go

 75	path := filepath.Join(dir, "file")
 76	defer os.RemoveAll(dir)
 77
 78	defer os.Chmod(path, 0666) 79
 80	fd, err := os.Create(path)
 81	if err != nil {

Expect file permissions to be 0600 or less

lib/fs/basicfs_test.go

 42	}
 43	fd.Close()
 44
 45	if err := os.Chmod(path, 0666); err != nil { 46		t.Error(err)
 47	}
 48

Expect file permissions to be 0600 or less

lib/fs/basicfs_test.go

 34	path := filepath.Join(dir, "file")
 35	defer os.RemoveAll(dir)
 36
 37	defer os.Chmod(path, 0666) 38
 39	fd, err := os.Create(path)
 40	if err != nil {

Expect file permissions to be 0600 or less

lib/fs/basicfs.go

252	if err != nil {
253		return nil, err
254	}
255	fd, err := os.OpenFile(name, OptReadOnly, 0777)256	if err != nil {
257		return nil, err
258	}

Description

Excessive permissions granted to a file/directory. This warning is triggered whenever permission greater than 0600 is granted.

Generally, all security rules follow the principle of least privilege, except when the file being created needs to be accessed by anyone other than the user creating it.

Bad practice

package main

import (
    "fmt"
    "os"
)

func main() {
    err := os.Chmod("/tmp/somefile", 0777)
    if err != nil {
        fmt.Println("Error when changing file permissions!")
        return
    }
}

syncthing / syncthing

Bad practice

Recommended

References