Page History

...

If files are created without appropriate permissions, an attacker may read or write to the files, possibly resulting in compromised system integrity and information disclosure.

Rule	Severity	Likelihood	Detectable	RepairableRemediation Cost	Priority	Level
FIO01-J	Medium	Probable	No	HighNo	P4	L3

Automated Detection

Tool

Version

Checker

Description

CodeSonar

Include Page

	CodeSonar_V
	CodeSonar_V

JAVA.IO.PERM.ACCESS
JAVA.IO.PERM

Accessing file in permissive mode
Permissive file mode

Parasoft Jtest

Include Page

	Parasoft_V
	Parasoft_V

CERT.FIO01.ASNF
CERT.FIO01.CFAP

Avoid implicit file creation when a String is passed as an argument
Create files with appropriate access permissions

PVS-Studio

Include Page

	PVS-Studio_V
	PVS-Studio_V

V5318

Related Guidelines

SEI CERT C++ Coding Standard	VOID FIO06-CPP. Create files with appropriate access permissions
SEI CERT C Coding Standard	FIO06-C. Create files with appropriate access permissions
ISO/IEC TR 24772:2010	Missing or Inconsistent Access Control [XZN]
MITRE CWE	CWE-279, Incorrect Execution-Assigned Permissions CWE-276, Incorrect Default Permissions CWE-732, Incorrect Permission Assignment for Critical Resource

...

Space shortcuts

Page tree

Versions Compared

Old Version 80

New Version Current

Key

Automated Detection

Related Guidelines