In Unix, "others" class refers to all users except the owner of the file and the members of the group assigned to this file.
Granting permissions to this group can lead to unintended access to files.
There is a risk if you answered yes to any of those questions.
The most restrictive possible permissions should be assigned to files and directories.
Node.js fs
const fs = require('fs');
fs.chmodSync("/tmp/fs", 0o777); // Sensitive
const fs = require('fs');
const fsPromises = fs.promises;
fsPromises.chmod("/tmp/fsPromises", 0o777); // Sensitive
const fs = require('fs');
const fsPromises = fs.promises
async function fileHandler() {
let filehandle;
try {
filehandle = fsPromises.open('/tmp/fsPromises', 'r');
filehandle.chmod(0o777); // Sensitive
} finally {
if (filehandle !== undefined)
filehandle.close();
}
}
Node.js process.umask
const process = require('process');
process.umask(0o000); // Sensitive
Node.js fs
const fs = require('fs');
fs.chmodSync("/tmp/fs", 0o770); // Compliant
const fs = require('fs');
const fsPromises = fs.promises;
fsPromises.chmod("/tmp/fsPromises", 0o770); // Compliant
const fs = require('fs');
const fsPromises = fs.promises
async function fileHandler() {
let filehandle;
try {
filehandle = fsPromises.open('/tmp/fsPromises', 'r');
filehandle.chmod(0o770); // Compliant
} finally {
if (filehandle !== undefined)
filehandle.close();
}
}
Node.js process.umask
const process = require('process');
process.umask(0o007); // Compliant