hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-01 21:34:50 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
bc8e61366b7f3dc4f16d2eafefdec8a04e3bcbe5
codeql/java/ql/src/Security/CWE/CWE-732/ReadingFromWorldWritableFile.qhelp
Pavel Avgustinov 846c9d5860 Migrate Java code to separate QL repo.
2018-08-30 10:48:05 +01:00

54 lines
2.0 KiB
XML
Raw Blame History

<!DOCTYPE qhelp PUBLIC
"-//Semmle//qhelp//EN"
"qhelp.dtd">
<qhelp>
<overview>
<p>Reading from a world-writable file is dangerous on a multi-user system because other users may be
able to affect program execution by modifying or deleting the file.</p>
</overview>
<recommendation>
<p>Do not make files explicitly world writable unless the file is intended to be written by multiple
users on a multi-user system. In many cases, the file may only need to be writable for the current
user.</p>
<p>For some file systems, there may be alternatives to setting the file to be world writable. For
example, POSIX file systems support "groups" which may be used to ensure that only subset of all the
users can write to the file. Access Control Lists (ACLs) are available for many operating system
and file system combinations, and can provide fine-grained read and write support without resorting
to world writable permissions.</p>
</recommendation>
<example>
<p>
In the following example, we are loading some configuration parameters from a file:
</p>
<sample language="java">
private void readConfig(File configFile) {
if (!configFile.exists()) {
// Create an empty config file
configFile.createNewFile();
// Make the file writable for all
configFile.setWritable(true, false);
}
// Now read the config
loadConfig(configFile);
}
</sample>
<p>If the configuration file does not yet exist, an empty file is created. Creating an empty file
can simplify the later code and is a convenience for the user. However, by setting the file to be
world writable, we allow any user on the system to modify the configuration, not just the current
user. If there may be untrusted users on the system, this is potentially dangerous.</p>
</example>
<references>
<li>The CERT Oracle Secure Coding Standard for Java:
<a href="https://www.securecoding.cert.org/confluence/display/java/FIO01-J.+Create+files+with+appropriate+access+permissions">FIO01-J. Create files with appropriate access permissions</a>.</li>
</references>
</qhelp>
Reference in New Issue View Git Blame Copy Permalink