CWE-732: Insecure Directory Permissions

[omordyk]

Description

CWE-732: Insecure Directory Permissions
A sensitive sink functions were discovered. It causes a High severity Insecure Directory Permissions vulnerability.

The permission mode is passed as an integer to the os.MkdirAll function, which can lead to unintended permissions. The issue stems from how the permissions are specified in Go. The resulting permissions may be interpreted incorrectly.
To prevent unintended permissions, you should specify the mode in octal format.

Fixes # (issue)

Type of change

Please delete options that are not relevant.

• Bug fix (non-breaking change which fixes an issue)

How Has This Been Tested?

Run Mend SAST and check that vulnerabilities were fixed.

Checklist:

• My code follows the style guidelines of this project
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes
• Any dependent changes have been merged and published in downstream modules
• I have checked my code and corrected any misspellings
• I have tagged the reviewers in a comment below incase my pull request is ready for a review
• I have signed the commit message to agree to Developer Certificate of Origin (DCO) (to certify that you wrote or otherwise have the right to submit your contribution to the project.) by adding "--signoff" to my git commit command.