In Unix file system permissions, the "others" category refers to all users except the owner of the file system resource and the
members of the group assigned to this resource.
Granting permissions to this category can lead to unintended access to files or directories that could allow attackers to obtain sensitive information, disrupt services or elevate privileges.
-There is a risk if you answered yes to any of those questions.
-The most restrictive possible permissions should be assigned to files and directories.
-When file or directory permissions grant access to all users on a system (often represented as "others" or "everyone" in permission models), +attackers who gain access to any user account can read sensitive files containing credentials, configuration data, API keys, database passwords, +personal information, or proprietary business data. This exposure can lead to data breaches, identity theft, compliance violations, and competitive +disadvantage.
+Granting write permissions to broad user categories allows any user on the system to modify or delete critical files and directories. Attackers or +compromised low-privileged accounts can corrupt application data, modify configuration files to alter system behavior or disrupt services, or delete +important resources, leading to service outages, system instability, data loss, and denial of service.
+When executable files or scripts have overly permissive permissions, especially when combined with special permission bits that allow programs to +execute with the permissions of the file owner or group rather than the executing user, attackers can replace legitimate executables with malicious +code. When these modified files are executed by privileged users or processes, the attacker’s code runs with elevated privileges, potentially enabling +them to escalate from a low-privileged account to root or administrator access, install backdoors, or pivot to other systems in the network.
+Remove permissions for the "others" category by not adding OTHERS_READ, OTHERS_WRITE, or OTHERS_EXECUTE permissions to the permission set. If these
+permissions were previously added, explicitly remove them using the remove() method.
public void setPermissions(String filePath) throws IOException {
Set<PosixFilePermission> perms = new HashSet<PosixFilePermission>();
@@ -22,20 +34,14 @@ Sensitive Code Example
perms.add(PosixFilePermission.GROUP_READ);
perms.add(PosixFilePermission.GROUP_EXECUTE);
// others permissions
- perms.add(PosixFilePermission.OTHERS_READ); // Sensitive
- perms.add(PosixFilePermission.OTHERS_WRITE); // Sensitive
- perms.add(PosixFilePermission.OTHERS_EXECUTE); // Sensitive
+ perms.add(PosixFilePermission.OTHERS_READ); // Noncompliant
+ perms.add(PosixFilePermission.OTHERS_WRITE); // Noncompliant
+ perms.add(PosixFilePermission.OTHERS_EXECUTE); // Noncompliant
Files.setPosixFilePermissions(Paths.get(filePath), perms);
}
-
- public void setOthersPermissionsHardCoded(String filePath ) {
- Files.setPosixFilePermissions(Paths.get(filePath), PosixFilePermissions.fromString("rwxrwxrwx")); // Sensitive
- }
-
-On operating systems that implement POSIX standard. This will throw a UnsupportedOperationException on Windows.
public void setPermissions(String filePath) throws IOException {
Set<PosixFilePermission> perms = new HashSet<PosixFilePermission>();
@@ -54,26 +60,23 @@ Compliant Solution
Files.setPosixFilePermissions(Paths.get(filePath), perms);
}
-
- public void setOthersPermissionsHardCoded(String filePath ) {
- Files.setPosixFilePermissions(Paths.get(filePath), PosixFilePermissions.fromString("rwxrwx---"));
- }
-
-Many existing switch statements are essentially simulations of switch expressions, where each arm either assigns to a common target variable or returns a value. Expressing this as a statement is roundabout, repetitive, and error-prone.
Java 14 added support for switch expressions, which provide more succinct and less error-prone version of switch.
-
-void day_of_week(DoW day) {
- int numLetters;
- switch (day) { // Noncompliant
- case MONDAY:
- case FRIDAY:
- case SUNDAY:
- numLetters = 6;
- break;
- case TUESDAY:
- numLetters = 7;
- break;
- case THURSDAY:
- case SATURDAY:
- numLetters = 8;
- break;
- case WEDNESDAY:
- numLetters = 9;
- break;
- default:
- throw new IllegalStateException("Wat: " + day);
- }
+Noncompliant code examples
+
+void countLetters(String day) {
+ int numLetters;
+ switch (day) {
+ case "Monday", "Friday", "Sunday":
+ numLetters = 6;
+ break;
+ case "Tuesday":
+ numLetters = 7;
+ break;
+ case "Thursday", "Saturday":
+ numLetters = 8;
+ break;
+ case "Wednesday":
+ numLetters = 9;
+ break;
+ default:
+ throw new IllegalArgumentException("Invalid day: " + day);
+ }
+ System.out.println(numLetters);
}
-
-int return_switch(int x) {
- switch (x) { // Noncompliant
- case 1:
- return 1;
- case 2:
- return 2;
- default:
- throw new IllegalStateException();
- }
+
+
+Day dayOfWeek(String text) {
+ switch (text) {
+ case "Monday":
+ return Day.MONDAY;
+ case "Tuesday":
+ return Day.TUESDAY;
+ case "Wednesday":
+ return Day.WEDNESDAY;
+ case "Thursday":
+ return Day.THURSDAY;
+ case "Friday":
+ return Day.FRIDAY;
+ case "Saturday":
+ return Day.SATURDAY;
+ case "Sunday":
+ return Day.SUNDAY;
+ default:
+ throw new IllegalArgumentException("Invalid day: " + text);
+ }
+}
+
+Compliant solutions
+
+void countLetters(String day) {
+ int numLetters = switch (day) {
+ case "Monday", "Friday", "Sunday" -> 6;
+ case "Tuesday" -> 7;
+ case "Thursday", "Saturday" -> 8;
+ case "Wednesday" -> 9;
+ default -> throw new IllegalArgumentException("Invalid day: " + day);
+ };
+ System.out.println(numLetters);
}
-Compliant solution
-
-int numLetters = switch (day) {
- case MONDAY, FRIDAY, SUNDAY -> 6;
- case TUESDAY -> 7;
- case THURSDAY, SATURDAY -> 8;
- case WEDNESDAY -> 9;
-};
+
+Day dayOfWeek(String text) {
+ return switch (text) {
+ case "Monday" -> Day.MONDAY;
+ case "Tuesday" -> Day.TUESDAY;
+ case "Wednesday" -> Day.WEDNESDAY;
+ case "Thursday" -> Day.THURSDAY;
+ case "Friday" -> Day.FRIDAY;
+ case "Saturday" -> Day.SATURDAY;
+ case "Sunday" -> Day.SUNDAY;
+ default -> throw new IllegalArgumentException("Invalid day: " + text);
+ };
+ }
diff --git a/sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S5838.json b/sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S5838.json
index cfb63bee27..a9b5fbc265 100644
--- a/sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S5838.json
+++ b/sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S5838.json
@@ -1,5 +1,5 @@
{
- "title": "Chained AssertJ assertions should be simplified to the corresponding dedicated assertion",
+ "title": "AssertJ assertions should be simplified to the corresponding dedicated assertion",
"type": "CODE_SMELL",
"code": {
"impacts": {
diff --git a/sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S7466.json b/sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S7466.json
index 449dea80e6..ba038c971b 100644
--- a/sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S7466.json
+++ b/sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S7466.json
@@ -13,7 +13,7 @@
"ruleSpecification": "RSPEC-7466",
"sqKey": "S7466",
"scope": "All",
- "quickfix": "targeted",
+ "quickfix": "covered",
"code": {
"impacts": {
"MAINTAINABILITY": "LOW"
diff --git a/sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S7467.json b/sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S7467.json
index c39749e444..fdc30b28e5 100644
--- a/sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S7467.json
+++ b/sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S7467.json
@@ -13,7 +13,7 @@
"ruleSpecification": "RSPEC-7467",
"sqKey": "S7467",
"scope": "All",
- "quickfix": "targeted",
+ "quickfix": "covered",
"code": {
"impacts": {
"MAINTAINABILITY": "LOW"
diff --git a/sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S7475.json b/sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S7475.json
index d7657540a5..7caabaf5ba 100644
--- a/sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S7475.json
+++ b/sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S7475.json
@@ -14,7 +14,7 @@
"ruleSpecification": "RSPEC-7475",
"sqKey": "S7475",
"scope": "All",
- "quickfix": "targeted",
+ "quickfix": "covered",
"code": {
"impacts": {
"MAINTAINABILITY": "INFO"
diff --git a/sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S7477.json b/sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S7477.json
index 9ae4a8d810..0f90dcf241 100644
--- a/sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S7477.json
+++ b/sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S7477.json
@@ -13,7 +13,7 @@
"ruleSpecification": "RSPEC-7477",
"sqKey": "S7477",
"scope": "All",
- "quickfix": "targeted",
+ "quickfix": "covered",
"code": {
"impacts": {
"MAINTAINABILITY": "LOW"
diff --git a/sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S7629.json b/sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S7629.json
index c393c62c9f..d5e42e1a27 100644
--- a/sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S7629.json
+++ b/sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S7629.json
@@ -13,7 +13,7 @@
"ruleSpecification": "RSPEC-7629",
"sqKey": "S7629",
"scope": "All",
- "quickfix": "unknown",
+ "quickfix": "covered",
"code": {
"impacts": {
"MAINTAINABILITY": "LOW"
diff --git a/sonarpedia.json b/sonarpedia.json
index 25454a0501..2046b338a4 100644
--- a/sonarpedia.json
+++ b/sonarpedia.json
@@ -3,7 +3,7 @@
"languages": [
"JAVA"
],
- "latest-update": "2026-02-27T13:15:37.935044048Z",
+ "latest-update": "2026-03-12T13:07:16.598544876Z",
"options": {
"no-language-in-filenames": true,
"preserve-filenames": false