-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathrule-umask.yml
26 lines (26 loc) · 1.05 KB
/
rule-umask.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
# yamllint disable
# The ruleset is generated from flawfinder official rule repository hosted on github.
# License: GPL 2.0 (c) 1989, 1991 Free Software Foundation, Inc.
# source: https://github.com/david-a-wheeler/flawfinder/blob/e0d8827c3b714a883ce8036edc832721f4619524/flawfinder.py
# yamllint enable
---
rules:
- id: "c_access_rule-umask"
languages:
- "c"
message: |
The umask function call sets the process's file mode creation mask. umask values determine
what permissions a file should be created with and who can read or write to these files.
Ensure that umask is given most restrictive possible setting depending on the context,
usually 066 or 077, for more information please see:
https://en.wikipedia.org/wiki/Umask#Mask_effect.
metadata:
shortDescription: "Ensure restrictive umask values"
cwe: "CWE-732"
owasp:
- "A6:2017-Security Misconfiguration"
- "A05:2021-Security Misconfiguration"
security-severity: "INFO"
category: "security"
pattern: "umask(...)"
severity: "INFO"