fluxcd
/
source-controller
mirror of https://github.com/fluxcd/source-controller.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #818 from pjbgf/fs-perms 

Decrease fs perms to 0o700
This commit is contained in:
Paulo Gomes 2022-07-07 10:42:20 +01:00 committed by GitHub
parent 0219905036 60e46d139c
commit 22c9e2e85f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
controllers/storage.go
View File

@ -112,7 +112,7 @@ func (s Storage) SetHostname(URL string) string {
// MkdirAll calls os.MkdirAll for the given v1beta1.Artifact base dir.
func (s *Storage) MkdirAll(artifact sourcev1.Artifact) error {
dir := filepath.Dir(s.LocalPath(artifact))
return os.MkdirAll(dir, 0o770)
return os.MkdirAll(dir, 0o700)
}
// RemoveAll calls os.RemoveAll for the given v1beta1.Artifact base dir.
@ -432,7 +432,7 @@ func (s *Storage) Archive(artifact *sourcev1.Artifact, dir string, filter Archiv
return err
}
if err := os.Chmod(tmpName, 0o640); err != nil {
if err := os.Chmod(tmpName, 0o600); err != nil {
return err
}

2
main.go
View File

@ -342,7 +342,7 @@ func mustInitStorage(path string, storageAdvAddr string, artifactRetentionTTL ti
if path == "" {
p, _ := os.Getwd()
path = filepath.Join(p, "bin")
os.MkdirAll(path, 0o770)
os.MkdirAll(path, 0o700)
}
storage, err := controllers.NewStorage(path, storageAdvAddr, artifactRetentionTTL, artifactRetentionRecords)

6
tests/fuzz/gitrepository_fuzzer.go
View File

@ -120,7 +120,7 @@ func ensureDependencies() error {
// Output all embedded testdata files
embedDirs := []string{"testdata/crd", "testdata/certs"}
for _, dir := range embedDirs {
err := os.MkdirAll(dir, 0o750)
err := os.MkdirAll(dir, 0o700)
if err != nil {
return fmt.Errorf("mkdir %s: %v", dir, err)
}
@ -139,7 +139,7 @@ func ensureDependencies() error {
return fmt.Errorf("reading embedded file %s: %v", fileName, err)
}
os.WriteFile(fileName, data, 0o640)
os.WriteFile(fileName, data, 0o600)
if err != nil {
return fmt.Errorf("writing %s: %v", fileName, err)
}
@ -494,7 +494,7 @@ func createRandomFiles(f *fuzz.ConsumeFuzzer, fs billy.Filesystem, wt *git.Workt
return errors.New("Dir contains '..'")
}
err = fs.MkdirAll(dirPath, 0o770)
err = fs.MkdirAll(dirPath, 0o700)
if err != nil {
return errors.New("Could not create the subDir")
}