Go Insecure File Permissions
Description
Detects when file system permissions are set too permissively in Go code, either through os.Chmod calls or umask settings. Overly permissive file permissions can allow unauthorized users to read, modify or execute sensitive files, potentially leading to information disclosure or system compromise.
Detection Strategy
• Identifies calls to os.Chmod with permissions that grant excessive read/write/execute access
• Detects usage of umask with values that result in unsafe default permissions for newly created files
• Flags file operations where permissions are set to world-readable or world-writable
• Reports vulnerabilities when permission bits allow access beyond the file owner or group
Vulnerable code example
package main
import "os"
func main() {
// VULNERABLE: Sets file permissions to world-writable and executable (0777)
os.Chmod("config.sh", 0777)
...✅ Secure code example
package main
import "os"
func main() {
// SECURE: Restrict permissions to owner read/write only (0600)
os.Chmod("config.sh", 0600)
...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.