AWS logo
Amazon CodeGuruDetector Library

Loose file permissions High

File and directory permissions should be granted to specific users and groups. Granting permissions to wildcards, such as everyone or others, can lead to privilege escalations, leakage of sensitive information, and inadvertently running malicious code.

Detector ID
javascript/loose-file-permissions@v1.0
Category
Common Weakness Enumeration (CWE) external icon

Noncompliant example

1var fs = require('fs')
2function looseFilePermissionsNoncompliant() {
3    // Noncompliant: read permissions assigned to others.
4    fs.promises.chmod("/path", 0o774).then(r => {})
5}

Compliant example

1var fs = require('fs');
2function looseFilePermissionsCompliant() {
3    // Compliant: read, write and execute permissions assigned to owner and no permission assigned to others.
4    fs.promises.chmod("/path", 0o770).then(r => {})
5}