Incorrect Permission Assignment for Critical Resource

scala.perm.scala_perm_rule_overlypermissivefilepermissionobj

Severity

low

Resource

Perm

Language

Scala

Description

Overly permissive file permission

Rationale

Overly permissive file permission

The following code illustrates a vulnerable pattern detected by this rule:

def dangerObjOriented(path: Path): Unit = {
  val perms = new java.util.HashSet[PosixFilePermission]()
  perms.add(PosixFilePermission.OWNER_READ)
  perms.add(PosixFilePermission.OWNER_WRITE)
  perms.add(PosixFilePermission.OWNER_EXECUTE)
  perms.add(PosixFilePermission.GROUP_READ)
  perms.add(PosixFilePermission.GROUP_WRITE)
  perms.add(PosixFilePermission.GROUP_EXECUTE)
  // VULNERABLE: Incorrect Permission Assignment for Critical Resource
  perms.add(PosixFilePermission.OTHERS_READ)
  // VULNERABLE: Incorrect Permission Assignment for Critical Resource
  perms.add(PosixFilePermission.OTHERS_WRITE)
  // VULNERABLE: Incorrect Permission Assignment for Critical Resource
  perms.add(PosixFilePermission.OTHERS_EXECUTE)
  Files.setPosixFilePermissions(path, perms)
}

Remediation

Follow secure coding practices and review the references below for detailed remediation guidance.

Configuration

This detector does not need any configuration.

References

CWE-732
OWASP Top 10 2021 - A01 : Broken Access Control.