rspec/rules/S2612/vbnet/rule.adoc

In Unix, "others" class refers to all users except the owner of the file and the members of the group assigned to this file. 


In Windows, "Everyone" group is similar and includes all members of the Authenticated Users group as well as the built-in Guest account, and several other built-in security accounts.


Granting permissions to these groups can lead to unintended access to files.

include::../ask-yourself.adoc[]

include::../recommended.adoc[]

== Sensitive Code Example

.Net Framework:

----
Dim unsafeAccessRule = new FileSystemAccessRule("Everyone", FileSystemRights.FullControl, AccessControlType.Allow)

Dim fileSecurity = File.GetAccessControl("path")
fileSecurity.AddAccessRule(unsafeAccessRule) ' Sensitive
fileSecurity.SetAccessRule(unsafeAccessRule) ' Sensitive
File.SetAccessControl("fileName", fileSecurity)
----

.Net / .Net Core

----
Dim fileInfo = new FileInfo("path")
Dim fileSecurity = fileInfo.GetAccessControl()

fileSecurity.AddAccessRule(new FileSystemAccessRule("Everyone", FileSystemRights.Write, AccessControlType.Allow)) ' Sensitive
fileInfo.SetAccessControl(fileSecurity)
----

.Net / .Net Core using Mono.Posix.NETStandard

----
Dim fileSystemEntry = UnixFileSystemInfo.GetFileSystemEntry("path")
fileSystemEntry.FileAccessPermissions = FileAccessPermissions.OtherReadWriteExecute ' Sensitive
----

== Compliant Solution

.Net Framework

----
Dim safeAccessRule = new FileSystemAccessRule("Everyone", FileSystemRights.FullControl, AccessControlType.Deny)

Dim fileSecurity = File.GetAccessControl("path")
fileSecurity.AddAccessRule(safeAccessRule)
File.SetAccessControl("path", fileSecurity)
----

.Net / .Net Core

----
Dim safeAccessRule = new FileSystemAccessRule("Everyone", FileSystemRights.FullControl, AccessControlType.Deny)

Dim fileInfo = new FileInfo("path")
Dim fileSecurity = fileInfo.GetAccessControl()
fileSecurity.SetAccessRule(safeAccessRule)
fileInfo.SetAccessControl(fileSecurity)
----

.Net / .Net Core using Mono.Posix.NETStandard

----
Dim fs = UnixFileSystemInfo.GetFileSystemEntry("path")
fs.FileAccessPermissions = FileAccessPermissions.UserExecute
----

include::../see.adoc[]
fix the links with underscores 2021-02-09 12:11:03 +01:00			`In Unix, "others" class refers to all users except the owner of the file and the members of the group assigned to this file.`


			`In Windows, "Everyone" group is similar and includes all members of the Authenticated Users group as well as the built-in Guest account, and several other built-in security accounts.`


			`Granting permissions to these groups can lead to unintended access to files.`

			`include::../ask-yourself.adoc[]`

			`include::../recommended.adoc[]`

			`== Sensitive Code Example`

			`.Net Framework:`

			`----`
Add APEX into the covered languages for missing rules 2021-02-15 17:20:44 +01:00			`Dim unsafeAccessRule = new FileSystemAccessRule("Everyone", FileSystemRights.FullControl, AccessControlType.Allow)`

			`Dim fileSecurity = File.GetAccessControl("path")`
			`fileSecurity.AddAccessRule(unsafeAccessRule) ' Sensitive`
			`fileSecurity.SetAccessRule(unsafeAccessRule) ' Sensitive`
			`File.SetAccessControl("fileName", fileSecurity)`
fix the links with underscores 2021-02-09 12:11:03 +01:00			`----`

			`.Net / .Net Core`

			`----`
update 2021-02-15 12:31:39 +01:00			`Dim fileInfo = new FileInfo("path")`
			`Dim fileSecurity = fileInfo.GetAccessControl()`

			`fileSecurity.AddAccessRule(new FileSystemAccessRule("Everyone", FileSystemRights.Write, AccessControlType.Allow)) ' Sensitive`
			`fileInfo.SetAccessControl(fileSecurity)`
fix the links with underscores 2021-02-09 12:11:03 +01:00			`----`

			`.Net / .Net Core using Mono.Posix.NETStandard`

			`----`
update 2021-02-15 12:31:39 +01:00			`Dim fileSystemEntry = UnixFileSystemInfo.GetFileSystemEntry("path")`
			`fileSystemEntry.FileAccessPermissions = FileAccessPermissions.OtherReadWriteExecute ' Sensitive`
fix the links with underscores 2021-02-09 12:11:03 +01:00			`----`

			`== Compliant Solution`

			`.Net Framework`

			`----`
Add APEX into the covered languages for missing rules 2021-02-15 17:20:44 +01:00			`Dim safeAccessRule = new FileSystemAccessRule("Everyone", FileSystemRights.FullControl, AccessControlType.Deny)`

			`Dim fileSecurity = File.GetAccessControl("path")`
			`fileSecurity.AddAccessRule(safeAccessRule)`
			`File.SetAccessControl("path", fileSecurity)`
fix the links with underscores 2021-02-09 12:11:03 +01:00			`----`

			`.Net / .Net Core`

			`----`
Add APEX into the covered languages for missing rules 2021-02-15 17:20:44 +01:00			`Dim safeAccessRule = new FileSystemAccessRule("Everyone", FileSystemRights.FullControl, AccessControlType.Deny)`

update 2021-02-15 12:31:39 +01:00			`Dim fileInfo = new FileInfo("path")`
			`Dim fileSecurity = fileInfo.GetAccessControl()`
			`fileSecurity.SetAccessRule(safeAccessRule)`
			`fileInfo.SetAccessControl(fileSecurity)`
fix the links with underscores 2021-02-09 12:11:03 +01:00			`----`

			`.Net / .Net Core using Mono.Posix.NETStandard`

			`----`
update 2021-02-15 12:31:39 +01:00			`Dim fs = UnixFileSystemInfo.GetFileSystemEntry("path")`
			`fs.FileAccessPermissions = FileAccessPermissions.UserExecute`
fix the links with underscores 2021-02-09 12:11:03 +01:00			`----`

			`include::../see.adoc[]`