3
# Copyright 2014 Hewlett-Packard Development Company, L.P.
5
# Licensed under the Apache License, Version 2.0 (the "License"); you may
6
# not use this file except in compliance with the License. You may obtain
7
# a copy of the License at
9
# http://www.apache.org/licenses/LICENSE-2.0
11
# Unless required by applicable law or agreed to in writing, software
12
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
13
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
14
# License for the specific language governing permissions and limitations
20
from bandit.core.test_properties import *
24
def set_bad_file_permissions(context):
25
if 'chmod' in context.call_function_name:
26
if context.call_args_count == 2:
27
mode = context.get_call_arg_at_position(1)
30
mode is not None and type(mode) == int and
31
(mode & stat.S_IWOTH or mode & stat.S_IXGRP)
33
# world writable is an HIGH, group executable is a MEDIUM
34
if mode & stat.S_IWOTH:
35
sev_level = bandit.HIGH
37
sev_level = bandit.MEDIUM
39
filename = context.get_call_arg_at_position(0)
41
filename = 'NOT PARSED'
44
confidence=bandit.HIGH,
45
text="Chmod setting a permissive mask %s on file (%s)." %
added
removed
bandit/plugins/general_bad_file_permissions.py
