From b2f2f786acecd88d68a18a453379b951c7ac2c68 Mon Sep 17 00:00:00 2001 From: Alex Ford Date: Thu, 13 May 2021 13:22:14 +0100 Subject: [PATCH] allow the WeakFilePermissions access predicate to return multiple values --- ql/src/queries/security/cwe-732/WeakFilePermissions.ql | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/ql/src/queries/security/cwe-732/WeakFilePermissions.ql b/ql/src/queries/security/cwe-732/WeakFilePermissions.ql index 7d6916e667c..41c0edceb16 100644 --- a/ql/src/queries/security/cwe-732/WeakFilePermissions.ql +++ b/ql/src/queries/security/cwe-732/WeakFilePermissions.ql @@ -40,9 +40,7 @@ bindingset[p] string access(int p) { p.bitAnd(2) != 0 and result = "writable" or - // report only the "most permissive" permission, i.e. report the file as - // readable only if it is not also writable - p.bitAnd(2) = 0 and p.bitAnd(4) != 0 and result = "readable" + p.bitAnd(4) != 0 and result = "readable" } /** An expression specifing a file permission that allows group/others read or write access */