I just noticed (stumbled upon by pure chance) that in the folder:
the permissions are set to 755. (Not visible on the github site.)
This is unlike in all the other subfolders of the parent folder where the corresponding files are set to 644.
This doesn’t look correct to me.
Or at least suspicious. Who wants executable files where they are not needed?
Looks like someone did it by mistake. 99% of py files in Frappe codebase are not executable. Executing them will just result in a random failure OR they’ll do nothing.
This is harmless afaik.
Anyway, this isn’t a security concern because usually you can just do python $filename to execute. So, these permissions don’t mean much in this context.
I took a course where we keenly looked for (ideally: world) writable executables owned by a certain agricultural product. This is lower than that, so I tend to agree with you.
I don’t know enough of the other security measures to know for sure, so that’s more like your call.