Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issue #4239 - Fix CWE-732: Insecure File Permissions #4240

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Issue #4239 - Fix CWE-732: Insecure File Permissions #4240

wants to merge 1 commit into from

Conversation

omordyk
Copy link
Contributor

@omordyk omordyk commented Feb 3, 2025
edited
Loading

Description

CWE-732: Insecure File Permissions refers to a vulnerability where a file or directory has permissions that are too permissive, allowing unauthorized users or processes to read, modify, or execute it. This can lead to a range of security risks, such as unauthorized data access, data corruption, privilege escalation, and even remote code execution in some cases.

Starting from Go 1.16, the ioutil package has been deprecated.

Fixes # (#4239 )

Type of change

  • Bug fix (non-breaking change which fixes an issue)

How Has This Been Tested?

  • Ran unit-tests

Checklist:

  • My code follows the style guidelines of this project
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • My changes generate no new warnings
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes
  • Any dependent changes have been merged and published in downstream modules
  • I have checked my code and corrected any misspellings
  • I have tagged the reviewers in a comment below incase my pull request is ready for a review
  • I have signed the commit message to agree to Developer Certificate of Origin (DCO) (to certify that you wrote or otherwise have the right to submit your contribution to the project.) by adding "--signoff" to my git commit command.

@omordyk omordyk requested review from LiilyZhang and kroczi February 3, 2025 09:45
@omordyk omordyk self-assigned this Feb 3, 2025
@omordyk omordyk force-pushed the security_4239 branch 2 times, most recently from 5a14ce7 to bc9f0fb Compare February 3, 2025 10:04
@omordyk omordyk linked an issue Feb 3, 2025 that may be closed by this pull request
CWE-732: Insecure File Permissions #4239
Open
@omordyk omordyk removed their assignment Feb 4, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kroczi kroczi kroczi approved these changes

@LiilyZhang LiilyZhang Awaiting requested review from LiilyZhang

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

CWE-732: Insecure File Permissions
2 participants
@omordyk @kroczi