Update permissions to make it more restrictive #1619
Closed
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
| Thanks for the PR but this is not worth changing. #1618 (comment) |
arpitjain099 changed the title 
| @RobertCraigie I choose to differ and would request for a re-review. CodeQL consistently marks this issue as a high severity warning. |
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit. This suggestion is invalid because no changes were made to the code. Suggestions cannot be applied while the pull request is closed. Suggestions cannot be applied while viewing a subset of changes. Only one suggestion per line can be applied in a batch. Add this suggestion to a batch that can be applied as a single commit. Applying suggestions on deleted lines is not supported. You must change the existing code in this line in order to create a valid suggestion. Outdated suggestions cannot be applied. This suggestion has been applied or marked resolved. Suggestions cannot be applied from pending reviews. Suggestions cannot be applied on multi-line comments. Suggestions cannot be applied while the pull request is queued to merge. Suggestion cannot be applied right now. Please check back later.
Changes being requested
Fixes #1618
Extracting files from a malicious tar archive without validating that the destination file path is within the destination directory can cause files outside the destination directory to be overwritten, due to the possible presence of directory traversal elements (..) in archive paths.
Alert: Overly permissive file permissions
Current Issue: The current file permission is set to 0o755, which allows the owner to read, write, and execute the file, while the group and others can read and execute it.
Recommended Fix: Change the file permission to 0o700, which allows only the owner to read, write, and execute the file, thereby restricting access to others.
Code to change:
Original code
Recommended fix
This change ensures that the file permissions are restricted, enhancing security by preventing unauthorized users from accessing the file.
Additional context & links