Add a new rule which detects when a file is created with os.Create but the configured permissions are less than 0666

It seems that the os.Create will create by default a file with 0666 permissions. This should be detected when the configured permissions are less than 0666. By default will not detect this case unless the more restrictive mode is configured. Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2025-06-14 23:45:03 +02:00 · 2023-09-25 13:11:00 +02:00
parent 293d887525
commit 0d332a1027
4 changed files with 89 additions and 0 deletions
--- a/testutils/source.go
+++ b/testutils/source.go
@ -2913,6 +2913,46 @@ func main() {
 }`}, 1, gosec.NewConfig()},
 	}

+	// SampleCodeG307 - Poor permissions for os.Create
+	SampleCodeG307 = []CodeSample{
+		{[]string{`package main
+
+import (
+	"fmt"
+	"os"
+)
+
+func check(e error) {
+	if e != nil {
+		panic(e)
+	}
+}
+
+func main() {
+		f, err := os.Create("/tmp/dat2")
+	check(err)
+	defer f.Close()
+}`}, 0, gosec.NewConfig()},
+		{[]string{`package main
+
+import (
+	"fmt"
+	"os"
+)
+
+func check(e error) {
+	if e != nil {
+		panic(e)
+	}
+}
+
+func main() {
+		f, err := os.Create("/tmp/dat2")
+	check(err)
+	defer f.Close()
+}`}, 1, gosec.Config{"G307": "0o600"}},
+	}
+
 	// SampleCodeG401 - Use of weak crypto MD5
 	SampleCodeG401 = []CodeSample{
 		{[]string{`