Findings

High

CVSS v3

None

Description

Scanner: Semgrep
It is generally not recommended to call out to the operating system to execute commands.
When the application is executing file system based commands, user input should never be used
in
constructing commands or command arguments. If possible, determine if a library can be used
instead to provide the same functionality. Otherwise, consider hard coding both the command
and arguments to be used, or at the very least restricting which arguments can be passed
to the command execution function.

For more information please see:
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?pageId=87152177

Mitigation

Impact

None

References

Identifier type: semgrep_id
Name: flawfinder.system-1
Value: flawfinder.system-1

Identifier type: owasp
Name: A03:2021 - Injection
Value: A03:2021

Identifier type: owasp
Name: A1:2017 - Injection
Value: A1:2017

Identifier type: flawfinder_func_name
Name: Flawfinder - system
Value: system

CVSS v3

None

Description

Scanner: Semgrep
It is generally not recommended to call out to the operating system to execute commands.
When the application is executing file system based commands, user input should never be used
in
constructing commands or command arguments. If possible, determine if a library can be used
instead to provide the same functionality. Otherwise, consider hard coding both the command
and arguments to be used, or at the very least restricting which arguments can be passed
to the command execution function.

For more information please see:
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?pageId=87152177

Mitigation

Impact

None

References

Identifier type: semgrep_id
Name: flawfinder.system-1
Value: flawfinder.system-1

Identifier type: owasp
Name: A03:2021 - Injection
Value: A03:2021

Identifier type: owasp
Name: A1:2017 - Injection
Value: A1:2017

Identifier type: flawfinder_func_name
Name: Flawfinder - system
Value: system

CVSS v3

None

Description

Scanner: Semgrep
It is generally not recommended to call out to the operating system to execute commands.
When the application is executing file system based commands, user input should never be used
in
constructing commands or command arguments. If possible, determine if a library can be used
instead to provide the same functionality. Otherwise, consider hard coding both the command
and arguments to be used, or at the very least restricting which arguments can be passed
to the command execution function.

For more information please see:
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?pageId=87152177

Mitigation

Impact

None

References

Identifier type: semgrep_id
Name: flawfinder.system-1
Value: flawfinder.system-1

Identifier type: owasp
Name: A03:2021 - Injection
Value: A03:2021

Identifier type: owasp
Name: A1:2017 - Injection
Value: A1:2017

Identifier type: flawfinder_func_name
Name: Flawfinder - system
Value: system

CVSS v3

None

Description

Scanner: Semgrep
It is generally not recommended to call out to the operating system to execute commands.
When the application is executing file system based commands, user input should never be used
in
constructing commands or command arguments. If possible, determine if a library can be used
instead to provide the same functionality. Otherwise, consider hard coding both the command
and arguments to be used, or at the very least restricting which arguments can be passed
to the command execution function.

For more information please see:
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?pageId=87152177

Mitigation

Impact

None

References

Identifier type: semgrep_id
Name: flawfinder.system-1
Value: flawfinder.system-1

Identifier type: owasp
Name: A03:2021 - Injection
Value: A03:2021

Identifier type: owasp
Name: A1:2017 - Injection
Value: A1:2017

Identifier type: flawfinder_func_name
Name: Flawfinder - system
Value: system

CVSS v3

None

Description

Scanner: Semgrep
It is generally not recommended to call out to the operating system to execute commands.
When the application is executing file system based commands, user input should never be used
in
constructing commands or command arguments. If possible, determine if a library can be used
instead to provide the same functionality. Otherwise, consider hard coding both the command
and arguments to be used, or at the very least restricting which arguments can be passed
to the command execution function.

For more information please see:
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?pageId=87152177

Mitigation

Impact

None

References

Identifier type: semgrep_id
Name: flawfinder.system-1
Value: flawfinder.system-1

Identifier type: owasp
Name: A03:2021 - Injection
Value: A03:2021

Identifier type: owasp
Name: A1:2017 - Injection
Value: A1:2017

Identifier type: flawfinder_func_name
Name: Flawfinder - system
Value: system

CVSS v3

None

Description

Scanner: Semgrep
It is generally not recommended to call out to the operating system to execute commands.
When the application is executing file system based commands, user input should never be used
in
constructing commands or command arguments. If possible, determine if a library can be used
instead to provide the same functionality. Otherwise, consider hard coding both the command
and arguments to be used, or at the very least restricting which arguments can be passed
to the command execution function.

For more information please see:
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?pageId=87152177

Mitigation

Impact

None

References

Identifier type: semgrep_id
Name: flawfinder.system-1
Value: flawfinder.system-1

Identifier type: owasp
Name: A03:2021 - Injection
Value: A03:2021

Identifier type: owasp
Name: A1:2017 - Injection
Value: A1:2017

Identifier type: flawfinder_func_name
Name: Flawfinder - system
Value: system

Medium

CVSS v3

None

Description

Scanner: Semgrep
The application was found setting directory permissions to overly permissive values. Consider
using the following values if the application user is the only process to access
files in the directory specified:
- 0700 - read/write access to the files in the directory

Another common value is `0750` which allows the application user read/write access and group
users to read the files contained in the directory.

Example creating a directory with read/write permissions for only the application user:
```
err := os.Mkdir("directory", 0700)
if err != nil {
  log.Fatal(err)
}
```

For all other values please see:
https://en.wikipedia.org/wiki/File-system_permissions#Numeric_notation

Mitigation

Impact

None

References

Identifier type: semgrep_id
Name: gosec.G301-1
Value: gosec.G301-1

Identifier type: owasp
Name: A01:2021 - Broken Access Control
Value: A01:2021

Identifier type: owasp
Name: A5:2017 - Broken Access Control
Value: A5:2017

Identifier type: gosec_rule_id
Name: Gosec Rule ID G301
Value: G301

CVSS v3

None

Description

Scanner: Semgrep
The application dynamically constructs file or path information. If the path
information comes from user input, it could be abused to read sensitive files,
access other users data or aid in exploitation to gain further system access.

User input should never be used in constructing paths or files for interacting
with the filesystem. This includes filenames supplied by user uploads or downloads.
If possible, consider hashing user input or replacing it with unique values.
Additionally, use `filepath.Base` to only use the filename and not path information.
Always validate the full path prior to opening or writing to any file.

Example using `filepath.Base`, generating a unique filename without using
user input to construct filepath information:
```
type userData struct {
    id           string
    userFilename string
}

func newUserData(userFilename string) userData {
    return userData{
        id:           randomFileID(), // random id as the filename
        userFilename: userFilename,
    }
}

// randomFileID generates a random id, to be used as a filename
func randomFileID() string {
    id := make([]byte, 16)
    if _, err := io.ReadFull(rand.Reader, id); err != nil {
        log.Fatal(err)
    }
    return hex.EncodeToString(id)
}

func main() {

    // user input, saved only as a reference
    data := newUserData("../../possibly/malicious")

    // restrict all file access to this path
    const basePath = "/tmp/"

    // resolve the full path, but only use our random generated id
    resolvedPath, err := filepath.Join(basePath, filepath.Base(data.id))
    if err != nil {
        log.Fatal(err)
    }

    // verify the path is prefixed with our basePath
    if !strings.HasPrefix(resolvedPath, basePath) {
        log.Fatal("path does not start with basePath")
    }
    // process / work with file
}
```

For more information on path traversal issues see OWASP:
https://owasp.org/www-community/attacks/Path_Traversal

Mitigation

Impact

None

References

Identifier type: semgrep_id
Name: gosec.G304-1
Value: gosec.G304-1

Identifier type: owasp
Name: A01:2021 - Broken Access Control
Value: A01:2021

Identifier type: owasp
Name: A5:2017 - Broken Access Control
Value: A5:2017

Identifier type: gosec_rule_id
Name: Gosec Rule ID G304
Value: G304