Prevent Usage of Stdlib File/Dir Writing With Static Analysis (#7685)

* write file and mkdirall analyzers * include analyzer in build bazel * comments to the single entrypoint and fix validator references * enforce 600 for files, 700 for dirs * pass validator tests * add to nogo * remove references * beaconfuzz * docker img * fix up kv issue * mkdir if not exists * radek comments * final comments * Try to fix file problem Co-authored-by: Ivan Martinez <ivanthegreatdev@gmail.com>
2026-01-08 21:08:10 -05:00 · 2020-11-09 14:27:03 -06:00
parent 15706a36cb
commit d4c954648c
47 changed files with 432 additions and 68 deletions
--- a/BUILD.bazel
+++ b/BUILD.bazel
@@ -112,6 +112,7 @@ nogo(
        "//tools/analyzers/nop:go_tool_library",
        "//tools/analyzers/slicedirect:go_tool_library",
        "//tools/analyzers/ineffassign:go_tool_library",
+        "//tools/analyzers/properpermissions:go_tool_library",
    ] + select({
        # nogo checks that fail with coverage enabled.
        ":coverage_enabled": [],