fluxcd
/
source-controller
mirror of https://github.com/fluxcd/source-controller.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Decrease fs perms to 0o700 

Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
This commit is contained in:
Paulo Gomes 2022-07-06 18:31:21 +01:00
parent 0219905036
commit 60e46d139c
No known key found for this signature in database
GPG Key ID: 9995233870E99BEE
3 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
controllers/storage.go
View File

@ -112,7 +112,7 @@ func (s Storage) SetHostname(URL string) string {
// MkdirAll calls os.MkdirAll for the given v1beta1.Artifact base dir. // MkdirAll calls os.MkdirAll for the given v1beta1.Artifact base dir.
func (s *Storage) MkdirAll(artifact sourcev1.Artifact) error { func (s *Storage) MkdirAll(artifact sourcev1.Artifact) error {
dir := filepath.Dir(s.LocalPath(artifact)) dir := filepath.Dir(s.LocalPath(artifact))
return os.MkdirAll(dir, 0o770) return os.MkdirAll(dir, 0o700)
} }
// RemoveAll calls os.RemoveAll for the given v1beta1.Artifact base dir. // RemoveAll calls os.RemoveAll for the given v1beta1.Artifact base dir.
@ -432,7 +432,7 @@ func (s *Storage) Archive(artifact *sourcev1.Artifact, dir string, filter Archiv
return err return err
} }
if err := os.Chmod(tmpName, 0o640); err != nil { if err := os.Chmod(tmpName, 0o600); err != nil {
return err return err
} }

2
main.go
View File

@ -342,7 +342,7 @@ func mustInitStorage(path string, storageAdvAddr string, artifactRetentionTTL ti
if path == "" { if path == "" {
p, _ := os.Getwd() p, _ := os.Getwd()
path = filepath.Join(p, "bin") path = filepath.Join(p, "bin")
os.MkdirAll(path, 0o770) os.MkdirAll(path, 0o700)
} }
storage, err := controllers.NewStorage(path, storageAdvAddr, artifactRetentionTTL, artifactRetentionRecords) storage, err := controllers.NewStorage(path, storageAdvAddr, artifactRetentionTTL, artifactRetentionRecords)

6
tests/fuzz/gitrepository_fuzzer.go
View File

@ -120,7 +120,7 @@ func ensureDependencies() error {
// Output all embedded testdata files // Output all embedded testdata files
embedDirs := []string{"testdata/crd", "testdata/certs"} embedDirs := []string{"testdata/crd", "testdata/certs"}
for _, dir := range embedDirs { for _, dir := range embedDirs {
err := os.MkdirAll(dir, 0o750) err := os.MkdirAll(dir, 0o700)
if err != nil { if err != nil {
return fmt.Errorf("mkdir %s: %v", dir, err) return fmt.Errorf("mkdir %s: %v", dir, err)
} }
@ -139,7 +139,7 @@ func ensureDependencies() error {
return fmt.Errorf("reading embedded file %s: %v", fileName, err) return fmt.Errorf("reading embedded file %s: %v", fileName, err)
} }
os.WriteFile(fileName, data, 0o640) os.WriteFile(fileName, data, 0o600)
if err != nil { if err != nil {
return fmt.Errorf("writing %s: %v", fileName, err) return fmt.Errorf("writing %s: %v", fileName, err)
} }
@ -494,7 +494,7 @@ func createRandomFiles(f *fuzz.ConsumeFuzzer, fs billy.Filesystem, wt *git.Workt
return errors.New("Dir contains '..'") return errors.New("Dir contains '..'")
} }
err = fs.MkdirAll(dirPath, 0o770) err = fs.MkdirAll(dirPath, 0o700)
if err != nil { if err != nil {
return errors.New("Could not create the subDir") return errors.New("Could not create the subDir")
} }