gitlab.bandit.B103

385

Download Count*

MIT

License

Chmod setting a permissive mask on file.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: bandit.B103
    patterns:
      - pattern: os.chmod(...,$MASK)
      - metavariable-regex:
          metavariable: $MASK
          regex: (0x..f|0o..[2,3,7]|stat.S_IXGRP|stat.S_IWOTH)
    message: Chmod setting a permissive mask on file.
    metadata:
      cwe: "CWE-732: Incorrect Permission Assignment for Critical Resource"
      owasp: "A6: Security Misconfiguration"
      primary_identifier: bandit.B103
      secondary_identifiers:
        - name: Bandit Test ID B103
          type: bandit_test_id
          value: B103
      license: MIT
    severity: WARNING
    languages:
      - python

Short Link: https://sg.run/bDNv