This rule helps you prevent unauthorized access to your files. Granting too many permissions can expose your files to malicious activities such as unauthorized modifications, data theft, or even deletion.
The PHP chmod() function is used to change the permissions of a file. It takes two arguments: the file name and the permissions. Permissions are represented as octal numbers, where each digit represents different permissions for the owner, group, and others.
To adhere to this rule, avoid setting permissions higher than 0750. This means the owner can read, write, and execute the file, the group can read and execute, and others have no permissions. For example, chmod("test", 0750);. Be sure to only grant write permissions when necessary and restrict access for others as much as possible to ensure the security of your files.
Non-Compliant Code Examples
<?phpchmod("test",0770);
Compliant Code Examples
<?phpchmod("test",0750);
Seamless integrations. Try Datadog Code Analysis
Datadog Code Analysis
Try this rule and analyze your code with Datadog Code Analysis
How to use this rule
1
2
rulesets:- php-security # Rules to enforce PHP security.
Create a static-analysis.datadog.yml with the content above at the root of your repository
Use our free IDE Plugins or add Code Analysis scans to your CI pipelines