core/cli
8
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions 1

fix(bugseti): update config file permissions to 0600

Browse source 
This commit updates the file permissions for the BugSETI configuration file from 0644 to 0600, ensuring owner-only access. This addresses the security concern where the GitHub token stored in the config file was world-readable.

Fixes #53
This commit is contained in:
Claude (M3 Studio) 2026-02-10 11:15:52 +00:00 committed by Snider
parent 69b236e5c7
commit 903fd79454
2 changed files with 38 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
internal/bugseti/config.go
View file

@ -149,7 +149,7 @@ func (c *ConfigService) saveUnsafe() error {
if err != nil { if err != nil {
return err return err
} }
return os.WriteFile(c.path, data, 0644) return os.WriteFile(c.path, data, 0600)
} }
// mergeDefaults fills in default values for any unset fields. // mergeDefaults fills in default values for any unset fields.

37
internal/bugseti/config_test.go Normal file
View file

@ -0,0 +1,37 @@
package bugseti
import (
"os"
"testing"
)
func TestConfigPermissions(t *testing.T) {
// Get a temporary file path
f, err := os.CreateTemp("", "bugseti-config-*.json")
if err != nil {
t.Fatal(err)
}
name := f.Name()
f.Close()
os.Remove(name) // Ensure it doesn't exist
defer os.Remove(name)
c := &ConfigService{
path: name,
config: &Config{},
}
if err := c.Save(); err != nil {
t.Fatalf("Save failed: %v", err)
}
info, err := os.Stat(name)
if err != nil {
t.Fatal(err)
}
mode := info.Mode().Perm()
if mode != 0600 {
t.Errorf("expected file permissions 0600, got %04o", mode)
}
}