Python Insecure File Permissions
Description
Detects insecure file permission settings in Python code that could allow unauthorized access or modifications. This includes overly permissive file permissions set through os.chmod() or unsafe umask values that could expose sensitive files to other users on the system.
Detection Strategy
• Check for imports of 'os', 'os.chmod', or 'os.umask' in the Python code
• Look for calls to os.chmod() or os.umask() functions
• Identify file permission values that are too permissive (e.g. world-readable/writable)
• Flag cases where file permissions grant excessive access beyond the file owner
• Report vulnerable permission settings that could lead to unauthorized access
Vulnerable code example
import os
# VULNERABLE: Sets world-writable and executable permissions (777)
os.chmod("config.sh", 0o777)
# VULNERABLE: Another way to set insecure permissions using decimal
os.chmod("script.py", 511) # 511 is decimal for 0o777
...✅ Secure code example
import os
import stat
# SECURE: Restricted to owner read/write only (600) for sensitive config file
os.chmod("config.sh", 0o600)
# SECURE: Owner read/write/execute for scripts (700)
os.chmod("script.py", 0o700)...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.