ShatilKhan
commented
1 year ago Hi @jagpreetsinghsasan can I work on this? I'd need some additional info about the changes to be made
Open jagpreetsinghsasan opened 1 year ago
ShatilKhan
commented
1 year ago Hi @jagpreetsinghsasan can I work on this? I'd need some additional info about the changes to be made
petermetz
commented
1 year ago @ShatilKhan All yours. I'd use this as guidance on what to set the permissions to for credential files: https://unix.stackexchange.com/a/257648
solo-daemon
commented
6 months ago Hi @petermetz , this issue looks stale for some time, if @ShatilKhan is not working on this could you please assign this issue to me.
petermetz
commented
6 months ago @solo-daemon Agreed, it's been quite a while. Re-assigning!
Description
Static source code assessment has picked up a potential vulnerability regarding incorrect permission assignment. The probable remediation is to create the folders with minimum possible permissions.
The report from which the above information was summarized
Risk Rating: Low Category: Security Misconfiguration
Description
A file or directory is created with dangerous permissions, either by setting these permissions explicitly or relying on unsafe default permissions.
Impact
Files with implicit or dangerous permissions may allow attackers to retrieve sensitive data from the contents of these files, tamper their contents or potentially execute them.
Remediation Recommendation
Always create files with permissions being set explicitly. Never set dangerous permissions on files. Always consider the principle of least privilege when determining who may read, write or execute a file, if these permissions are to be granted at all.
Affected files (path - line number)
weaver/sdks/corda/src/main/kotlin/org/hyperledger/cacti/weaver/sdk/corda/CredentialsExtractor.java - 151, 201
Snapshot of the sourcecode at the time of scan
Source:
APP PE Hyperledger Cacti v2.0.0 - Static Application Assessment Report.odtcc: @takeutak @izuru0 @outSH @petermetz