include::../description.adoc[]

include::../ask-yourself.adoc[]

include::../recommended.adoc[]

== Sensitive Code Example

For https://docs.python.org/3/library/os.html#os.umask[os.umask]:

----
os.umask(0)  # Sensitive
----

For https://docs.python.org/3/library/os.html#os.chmod[os.chmod], https://docs.python.org/3/library/os.html#os.lchmod[os.lchmod], and https://docs.python.org/3/library/os.html#os.fchmod[os.fchmod]:

----
os.chmod("/tmp/fs", stat.S_IRWXO)   # Sensitive
os.lchmod("/tmp/fs", stat.S_IRWXO)  # Sensitive
os.fchmod(fd, stat.S_IRWXO)         # Sensitive
----

== Compliant Solution

For https://docs.python.org/3/library/os.html#os.umask[os.umask]:

----
os.umask(0o777)
----

For https://docs.python.org/3/library/os.html#os.chmod[os.chmod], https://docs.python.org/3/library/os.html#os.lchmod[os.lchmod], and https://docs.python.org/3/library/os.html#os.fchmod[os.fchmod]:

----
os.chmod("/tmp/fs", stat.S_IRWXU)
os.lchmod("/tmp/fs", stat.S_IRWXU)
os.fchmod(fd, stat.S_IRWXU)
----

include::../see.adoc[]