51369b610e
When an include is not surrounded by empty lines, its content is inlined on the same line as the adjacent content. That can lead to broken tags and other display issues. This PR fixes all such includes and introduces a validation step that forbids introducing the same problem again.
93 lines
2.4 KiB
Plaintext
93 lines
2.4 KiB
Plaintext
In Unix, "others" class refers to all users except the owner of the file and the members of the group assigned to this file.
|
|
|
|
|
|
In Windows, "Everyone" group is similar and includes all members of the Authenticated Users group as well as the built-in Guest account, and several other built-in security accounts.
|
|
|
|
|
|
Granting permissions to these groups can lead to unintended access to files.
|
|
|
|
include::../ask-yourself.adoc[]
|
|
|
|
include::../recommended.adoc[]
|
|
|
|
== Sensitive Code Example
|
|
|
|
{empty}.Net Framework:
|
|
|
|
----
|
|
Dim unsafeAccessRule = new FileSystemAccessRule("Everyone", FileSystemRights.FullControl, AccessControlType.Allow)
|
|
|
|
Dim fileSecurity = File.GetAccessControl("path")
|
|
fileSecurity.AddAccessRule(unsafeAccessRule) ' Sensitive
|
|
fileSecurity.SetAccessRule(unsafeAccessRule) ' Sensitive
|
|
File.SetAccessControl("fileName", fileSecurity)
|
|
----
|
|
|
|
{empty}.Net / .Net Core
|
|
|
|
----
|
|
Dim fileInfo = new FileInfo("path")
|
|
Dim fileSecurity = fileInfo.GetAccessControl()
|
|
|
|
fileSecurity.AddAccessRule(new FileSystemAccessRule("Everyone", FileSystemRights.Write, AccessControlType.Allow)) ' Sensitive
|
|
fileInfo.SetAccessControl(fileSecurity)
|
|
----
|
|
|
|
{empty}.Net / .Net Core using Mono.Posix.NETStandard
|
|
|
|
----
|
|
Dim fileSystemEntry = UnixFileSystemInfo.GetFileSystemEntry("path")
|
|
fileSystemEntry.FileAccessPermissions = FileAccessPermissions.OtherReadWriteExecute ' Sensitive
|
|
----
|
|
|
|
== Compliant Solution
|
|
|
|
{empty}.Net Framework
|
|
|
|
[source,vbnet]
|
|
----
|
|
Dim safeAccessRule = new FileSystemAccessRule("Everyone", FileSystemRights.FullControl, AccessControlType.Deny)
|
|
|
|
Dim fileSecurity = File.GetAccessControl("path")
|
|
fileSecurity.AddAccessRule(safeAccessRule)
|
|
File.SetAccessControl("path", fileSecurity)
|
|
----
|
|
|
|
{empty}.Net / .Net Core
|
|
|
|
[source,vbnet]
|
|
----
|
|
Dim safeAccessRule = new FileSystemAccessRule("Everyone", FileSystemRights.FullControl, AccessControlType.Deny)
|
|
|
|
Dim fileInfo = new FileInfo("path")
|
|
Dim fileSecurity = fileInfo.GetAccessControl()
|
|
fileSecurity.SetAccessRule(safeAccessRule)
|
|
fileInfo.SetAccessControl(fileSecurity)
|
|
----
|
|
|
|
{empty}.Net / .Net Core using Mono.Posix.NETStandard
|
|
|
|
[source,vbnet]
|
|
----
|
|
Dim fs = UnixFileSystemInfo.GetFileSystemEntry("path")
|
|
fs.FileAccessPermissions = FileAccessPermissions.UserExecute
|
|
----
|
|
|
|
include::../see.adoc[]
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
include::../message.adoc[]
|
|
|
|
'''
|
|
== Comments And Links
|
|
(visible only on this page)
|
|
|
|
include::../comments-and-links.adoc[]
|
|
|
|
endif::env-github,rspecator-view[]
|