From 60e46d139c31752dea4e4766f0a9f9a6f836512a Mon Sep 17 00:00:00 2001 From: Paulo Gomes Date: Wed, 6 Jul 2022 18:31:21 +0100 Subject: [PATCH] Decrease fs perms to 0o700 Signed-off-by: Paulo Gomes --- controllers/storage.go | 4 ++-- main.go | 2 +- tests/fuzz/gitrepository_fuzzer.go | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/controllers/storage.go b/controllers/storage.go index fc90cb9d2..c5fd586f0 100644 --- a/controllers/storage.go +++ b/controllers/storage.go @@ -112,7 +112,7 @@ func (s Storage) SetHostname(URL string) string { // MkdirAll calls os.MkdirAll for the given v1beta1.Artifact base dir. func (s *Storage) MkdirAll(artifact sourcev1.Artifact) error { dir := filepath.Dir(s.LocalPath(artifact)) - return os.MkdirAll(dir, 0o770) + return os.MkdirAll(dir, 0o700) } // RemoveAll calls os.RemoveAll for the given v1beta1.Artifact base dir. @@ -432,7 +432,7 @@ func (s *Storage) Archive(artifact *sourcev1.Artifact, dir string, filter Archiv return err } - if err := os.Chmod(tmpName, 0o640); err != nil { + if err := os.Chmod(tmpName, 0o600); err != nil { return err } diff --git a/main.go b/main.go index 75dd6d34f..e19f1ddb8 100644 --- a/main.go +++ b/main.go @@ -342,7 +342,7 @@ func mustInitStorage(path string, storageAdvAddr string, artifactRetentionTTL ti if path == "" { p, _ := os.Getwd() path = filepath.Join(p, "bin") - os.MkdirAll(path, 0o770) + os.MkdirAll(path, 0o700) } storage, err := controllers.NewStorage(path, storageAdvAddr, artifactRetentionTTL, artifactRetentionRecords) diff --git a/tests/fuzz/gitrepository_fuzzer.go b/tests/fuzz/gitrepository_fuzzer.go index 20b0e3a45..0c495930a 100644 --- a/tests/fuzz/gitrepository_fuzzer.go +++ b/tests/fuzz/gitrepository_fuzzer.go @@ -120,7 +120,7 @@ func ensureDependencies() error { // Output all embedded testdata files embedDirs := []string{"testdata/crd", "testdata/certs"} for _, dir := range embedDirs { - err := os.MkdirAll(dir, 0o750) + err := os.MkdirAll(dir, 0o700) if err != nil { return fmt.Errorf("mkdir %s: %v", dir, err) } @@ -139,7 +139,7 @@ func ensureDependencies() error { return fmt.Errorf("reading embedded file %s: %v", fileName, err) } - os.WriteFile(fileName, data, 0o640) + os.WriteFile(fileName, data, 0o600) if err != nil { return fmt.Errorf("writing %s: %v", fileName, err) } @@ -494,7 +494,7 @@ func createRandomFiles(f *fuzz.ConsumeFuzzer, fs billy.Filesystem, wt *git.Workt return errors.New("Dir contains '..'") } - err = fs.MkdirAll(dirPath, 0o770) + err = fs.MkdirAll(dirPath, 0o700) if err != nil { return errors.New("Could not create the subDir") }