Skills
skills/developerscoffee/java-cwe-security-skills/cwe-732-improper-file-permissions

cwe-732-improper-file-permissions

SKILL.md

CWE-732 Improper File Permissions

Description

Improper File Permissions

Reference: https://cwe.mitre.org/data/definitions/732.html

OWASP Category: A01:2021 – Broken Access Control

Vulnerable Pattern

❌ Example 1: Vulnerable Pattern

// VULNERABLE: World-readable/writable permissions
File configFile = new File("/app/config/secrets.conf");
configFile.setReadable(true, false);   // World readable!
configFile.setWritable(true, false);   // World writable!
configFile.setExecutable(true, false); // World executable!

// VULNERABLE: 777 permissions
Set<PosixFilePermission> perms = PosixFilePermissions.fromString("rwxrwxrwx");
Files.setPosixFilePermissions(path, perms);

Why it's vulnerable: This pattern is vulnerable to Improper File Permissions

Deterministic Fix

✅ Secure Implementation: Secure Implementation

// SECURE: Owner-only permissions (600 for files, 700 for directories)
Path secretFile = Paths.get("/app/config/secrets.conf");

// Set 600 (owner read/write only)
Set<PosixFilePermission> ownerOnly = EnumSet.of(
    PosixFilePermission.OWNER_READ,
    PosixFilePermission.OWNER_WRITE
);
Files.setPosixFilePermissions(secretFile, ownerOnly);

// For directories: 700 (owner rwx only)
Set<PosixFilePermission> dirPerms = EnumSet.of(
    PosixFilePermission.OWNER_READ,
    PosixFilePermission.OWNER_WRITE,
    PosixFilePermission.OWNER_EXECUTE
);
Files.setPosixFilePermissions(Paths.get("/app/config"), dirPerms);

// Create file with restricted permissions atomically
FileAttribute<Set<PosixFilePermission>> attr =
    PosixFilePermissions.asFileAttribute(ownerOnly);
Files.createFile(secretFile, attr);

Why it's secure: Implements proper protection against Improper File Permissions

Detection Pattern

Look for these patterns in your codebase:

# Find permissive file operations
grep -rn "setReadable.*false\\|setWritable.*false\\|rwxrwxrwx" --include="*.java"

Remediation Steps

  1. Use 600 permissions for sensitive files

  2. Use 700 permissions for sensitive directories

  3. Avoid setReadable/setWritable with 'false' second param

  4. Create files with restricted permissions atomically

Key Imports


import java.nio.file.attribute.PosixFilePermission;

import java.nio.file.attribute.PosixFilePermissions;

import java.nio.file.Files;

Verification

After remediation:

  • Run SAST scanner to confirm vulnerability is resolved

  • Review all instances of the vulnerable pattern

  • Add unit tests that verify the secure implementation

  • Check for similar patterns in related code

Trigger Examples

Fix CWE-732 vulnerability
Resolve Improper File Permissions issue
Secure this Java code against improper file permissions
SAST reports CWE-732

Common Vulnerable Locations

Layer Files Patterns

| Controller | *Controller.java | User input handling |

| Service | *Service.java | Business logic |

| Repository | *Repository.java | Data access |

References

Source: Generated by Java CWE Security Skills Generator Last Updated: 2026-03-07

Weekly Installs
1
Repository
developerscoffe…y-skills
First Seen
11 days ago
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass
Installed on
mcpjam1
claude-code1
replit1
junie1
windsurf1
zencoder1