You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by as...@apache.org on 2021/11/24 12:52:52 UTC
[camel-k] 04/19: fix(gosec): Expect WriteFile permissions to be 0600 or less (G306)
This is an automated email from the ASF dual-hosted git repository.
astefanutti pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel-k.git
commit 14bb820850cd9cd8c8a0f7a8f21d5e9e169e7e27
Author: Luca Burgazzoli <lb...@gmail.com>
AuthorDate: Mon Nov 22 12:26:19 2021 +0100
fix(gosec): Expect WriteFile permissions to be 0600 or less (G306)
---
cmd/util/json-schema-gen/main.go | 2 +-
cmd/util/vfs-gen/main.go | 2 +-
pkg/builder/image.go | 4 +--
pkg/cmd/builder/builder.go | 1 +
pkg/cmd/modeline_test.go | 72 +++++++++++++++++++--------------------
pkg/cmd/run_help_test.go | 4 +--
pkg/cmd/run_test.go | 4 +--
pkg/cmd/util_config.go | 4 +--
pkg/cmd/util_content_test.go | 8 ++---
pkg/cmd/util_dependencies.go | 2 +-
pkg/cmd/util_dependencies_test.go | 4 +--
pkg/trait/openapi.go | 2 +-
pkg/util/sync/file_test.go | 2 +-
pkg/util/util.go | 2 +-
14 files changed, 57 insertions(+), 56 deletions(-)
diff --git a/cmd/util/json-schema-gen/main.go b/cmd/util/json-schema-gen/main.go
index db48078..8d03510 100644
--- a/cmd/util/json-schema-gen/main.go
+++ b/cmd/util/json-schema-gen/main.go
@@ -97,7 +97,7 @@ func generate(crdFilename, dslFilename, path string, isArray bool, destination s
if err != nil {
return err
}
- return ioutil.WriteFile(destination, result, 0o666)
+ return ioutil.WriteFile(destination, result, 0o600)
}
func remapRef(ref string) string {
diff --git a/cmd/util/vfs-gen/main.go b/cmd/util/vfs-gen/main.go
index a3734f3..3a01401 100644
--- a/cmd/util/vfs-gen/main.go
+++ b/cmd/util/vfs-gen/main.go
@@ -146,7 +146,7 @@ limitations under the License.
var finalContent []byte
finalContent = append(finalContent, []byte(header)...)
finalContent = append(finalContent, content...)
- if err := ioutil.WriteFile(resourceFile, finalContent, 0o777); err != nil {
+ if err := ioutil.WriteFile(resourceFile, finalContent, 0o600); err != nil {
log.Fatalln(err)
}
}
diff --git a/pkg/builder/image.go b/pkg/builder/image.go
index 68ee0eb..35c7139 100644
--- a/pkg/builder/image.go
+++ b/pkg/builder/image.go
@@ -87,7 +87,7 @@ func executableDockerfile(ctx *builderContext) error {
USER nonroot
`)
- err := ioutil.WriteFile(path.Join(ctx.Path, ContextDir, "Dockerfile"), dockerfile, 0o777)
+ err := ioutil.WriteFile(path.Join(ctx.Path, ContextDir, "Dockerfile"), dockerfile, 0o400)
if err != nil {
return err
}
@@ -111,7 +111,7 @@ func jvmDockerfile(ctx *builderContext) error {
USER 1000
`)
- err := ioutil.WriteFile(path.Join(ctx.Path, ContextDir, "Dockerfile"), dockerfile, 0o777)
+ err := ioutil.WriteFile(path.Join(ctx.Path, ContextDir, "Dockerfile"), dockerfile, 0o400)
if err != nil {
return err
}
diff --git a/pkg/cmd/builder/builder.go b/pkg/cmd/builder/builder.go
index 5b23e2d..73447c4 100644
--- a/pkg/cmd/builder/builder.go
+++ b/pkg/cmd/builder/builder.go
@@ -107,6 +107,7 @@ func exitOnError(err error, msg string) {
}
func writeTerminationMessage(message string) {
+ // #nosec G306
err := ioutil.WriteFile(terminationMessagePath, []byte(message), 0o644)
if err != nil {
log.Error(err, "cannot write termination message")
diff --git a/pkg/cmd/modeline_test.go b/pkg/cmd/modeline_test.go
index cc18d29..966a737 100644
--- a/pkg/cmd/modeline_test.go
+++ b/pkg/cmd/modeline_test.go
@@ -37,7 +37,7 @@ func TestModelineRunSimple(t *testing.T) {
// camel-k: dependency=mvn:org.my:lib:1.0
`
fileName := path.Join(dir, "simple.groovy")
- err = ioutil.WriteFile(fileName, []byte(file), 0o777)
+ err = ioutil.WriteFile(fileName, []byte(file), 0o400)
assert.NoError(t, err)
cmd, flags, err := NewKamelWithModelineCommand(context.TODO(), []string{"kamel", "run", fileName})
@@ -68,7 +68,7 @@ func TestModelineRunChain(t *testing.T) {
// camel-k: dependency=mvn:org.my:lib:2.0
`
fileName := path.Join(dir, "simple.groovy")
- err = ioutil.WriteFile(fileName, []byte(file), 0o777)
+ err = ioutil.WriteFile(fileName, []byte(file), 0o400)
assert.NoError(t, err)
cmd, flags, err := NewKamelWithModelineCommand(context.TODO(), []string{"kamel", "run", "-d", "mvn:org.my:lib2:1.0", fileName})
@@ -86,14 +86,14 @@ func TestModelineRunMultipleFiles(t *testing.T) {
// camel-k: dependency=mvn:org.my:lib1:3.0
`
fileName := path.Join(dir, "simple.groovy")
- err = ioutil.WriteFile(fileName, []byte(file), 0o777)
+ err = ioutil.WriteFile(fileName, []byte(file), 0o400)
assert.NoError(t, err)
file2 := `
// camel-k: dependency=mvn:org.my:lib2:3.0
`
fileName2 := path.Join(dir, "ext.groovy")
- err = ioutil.WriteFile(fileName2, []byte(file2), 0o777)
+ err = ioutil.WriteFile(fileName2, []byte(file2), 0o400)
assert.NoError(t, err)
cmd, flags, err := NewKamelWithModelineCommand(context.TODO(), []string{"kamel", "run", fileName, fileName2})
@@ -108,14 +108,14 @@ func TestModelineRunProperty(t *testing.T) {
defer os.RemoveAll(dir)
subDir := path.Join(dir, "sub")
- err = os.Mkdir(subDir, 0o777)
+ err = os.Mkdir(subDir, 0o700)
assert.NoError(t, err)
file := `
// camel-k: property=my-prop=my-val
`
fileName := path.Join(subDir, "simple.groovy")
- err = ioutil.WriteFile(fileName, []byte(file), 0o777)
+ err = ioutil.WriteFile(fileName, []byte(file), 0o400)
assert.NoError(t, err)
cmd, flags, err := NewKamelWithModelineCommand(context.TODO(), []string{"kamel", "run", fileName})
@@ -130,7 +130,7 @@ func TestModelineRunDuplicatedProperties(t *testing.T) {
defer os.RemoveAll(dir)
subDir := path.Join(dir, "sub")
- err = os.Mkdir(subDir, 0o777)
+ err = os.Mkdir(subDir, 0o700)
assert.NoError(t, err)
file := `
@@ -139,7 +139,7 @@ func TestModelineRunDuplicatedProperties(t *testing.T) {
// camel-k: property=foo=bar
`
fileName := path.Join(subDir, "simple.groovy")
- err = ioutil.WriteFile(fileName, []byte(file), 0o777)
+ err = ioutil.WriteFile(fileName, []byte(file), 0o400)
assert.NoError(t, err)
cmd, flags, err := NewKamelWithModelineCommand(context.TODO(), []string{"kamel", "run", fileName, "-p", "prop1=true", "--property", "prop2=true"})
@@ -154,7 +154,7 @@ func TestModelineRunDuplicatedBuildProperties(t *testing.T) {
defer os.RemoveAll(dir)
subDir := path.Join(dir, "sub")
- err = os.Mkdir(subDir, 0o777)
+ err = os.Mkdir(subDir, 0o700)
assert.NoError(t, err)
file := `
@@ -163,7 +163,7 @@ func TestModelineRunDuplicatedBuildProperties(t *testing.T) {
// camel-k: build-property=foo=bar
`
fileName := path.Join(subDir, "simple.groovy")
- err = ioutil.WriteFile(fileName, []byte(file), 0o777)
+ err = ioutil.WriteFile(fileName, []byte(file), 0o400)
assert.NoError(t, err)
cmd, flags, err := NewKamelWithModelineCommand(context.TODO(), []string{
@@ -184,21 +184,21 @@ func TestModelineRunPropertyFiles(t *testing.T) {
defer os.RemoveAll(dir)
subDir := path.Join(dir, "sub")
- err = os.Mkdir(subDir, 0o777)
+ err = os.Mkdir(subDir, 0o700)
assert.NoError(t, err)
file := `
// camel-k: property=file:application.properties
`
fileName := path.Join(subDir, "simple.groovy")
- err = ioutil.WriteFile(fileName, []byte(file), 0o777)
+ err = ioutil.WriteFile(fileName, []byte(file), 0o400)
assert.NoError(t, err)
propFile := `
a=b
`
propFileName := path.Join(subDir, "application.properties")
- err = ioutil.WriteFile(propFileName, []byte(propFile), 0o777)
+ err = ioutil.WriteFile(propFileName, []byte(propFile), 0o400)
assert.NoError(t, err)
cmd, flags, err := NewKamelWithModelineCommand(context.TODO(), []string{"kamel", "run", fileName})
@@ -213,14 +213,14 @@ func TestModelineRunBuildProperty(t *testing.T) {
defer os.RemoveAll(dir)
subDir := path.Join(dir, "sub")
- err = os.Mkdir(subDir, 0o777)
+ err = os.Mkdir(subDir, 0o700)
assert.NoError(t, err)
file := `
// camel-k: build-property=my-build-prop=my-val
`
fileName := path.Join(subDir, "simple.groovy")
- err = ioutil.WriteFile(fileName, []byte(file), 0o777)
+ err = ioutil.WriteFile(fileName, []byte(file), 0o400)
assert.NoError(t, err)
cmd, flags, err := NewKamelWithModelineCommand(context.TODO(), []string{"kamel", "run", fileName})
@@ -235,21 +235,21 @@ func TestModelineRunBuildPropertyFiles(t *testing.T) {
defer os.RemoveAll(dir)
subDir := path.Join(dir, "sub")
- err = os.Mkdir(subDir, 0o777)
+ err = os.Mkdir(subDir, 0o700)
assert.NoError(t, err)
file := `
// camel-k: build-property=file:application.properties
`
fileName := path.Join(subDir, "simple.groovy")
- err = ioutil.WriteFile(fileName, []byte(file), 0o777)
+ err = ioutil.WriteFile(fileName, []byte(file), 0o400)
assert.NoError(t, err)
propFile := `
a=b
`
propFileName := path.Join(subDir, "application.properties")
- err = ioutil.WriteFile(propFileName, []byte(propFile), 0o777)
+ err = ioutil.WriteFile(propFileName, []byte(propFile), 0o400)
assert.NoError(t, err)
cmd, flags, err := NewKamelWithModelineCommand(context.TODO(), []string{"kamel", "run", fileName})
@@ -264,7 +264,7 @@ func TestModelineRunDuplicateTraits(t *testing.T) {
defer os.RemoveAll(dir)
subDir := path.Join(dir, "sub")
- err = os.Mkdir(subDir, 0o777)
+ err = os.Mkdir(subDir, 0o700)
assert.NoError(t, err)
file := `
@@ -273,7 +273,7 @@ func TestModelineRunDuplicateTraits(t *testing.T) {
// camel-k: trait=foo=bar
`
fileName := path.Join(subDir, "simple.groovy")
- err = ioutil.WriteFile(fileName, []byte(file), 0o777)
+ err = ioutil.WriteFile(fileName, []byte(file), 0o400)
assert.NoError(t, err)
cmd, flags, err := NewKamelWithModelineCommand(context.TODO(), []string{"kamel", "run", fileName, "-t", "trait1=true", "--trait", "trait2=true"})
@@ -288,14 +288,14 @@ func TestModelineRunConfigConfigmap(t *testing.T) {
defer os.RemoveAll(dir)
subDir := path.Join(dir, "sub")
- err = os.Mkdir(subDir, 0o777)
+ err = os.Mkdir(subDir, 0o700)
assert.NoError(t, err)
file := `
// camel-k: config=configmap:my-cm
`
fileName := path.Join(subDir, "simple.groovy")
- err = ioutil.WriteFile(fileName, []byte(file), 0o777)
+ err = ioutil.WriteFile(fileName, []byte(file), 0o400)
assert.NoError(t, err)
cmd, flags, err := NewKamelWithModelineCommand(context.TODO(), []string{"kamel", "run", fileName})
@@ -310,14 +310,14 @@ func TestModelineRunConfigSecret(t *testing.T) {
defer os.RemoveAll(dir)
subDir := path.Join(dir, "sub")
- err = os.Mkdir(subDir, 0o777)
+ err = os.Mkdir(subDir, 0o700)
assert.NoError(t, err)
file := `
// camel-k: config=secret:my-secret
`
fileName := path.Join(subDir, "simple.groovy")
- err = ioutil.WriteFile(fileName, []byte(file), 0o777)
+ err = ioutil.WriteFile(fileName, []byte(file), 0o400)
assert.NoError(t, err)
cmd, flags, err := NewKamelWithModelineCommand(context.TODO(), []string{"kamel", "run", fileName})
@@ -332,21 +332,21 @@ func TestModelineRunConfigFile(t *testing.T) {
defer os.RemoveAll(dir)
subDir := path.Join(dir, "sub")
- err = os.Mkdir(subDir, 0o777)
+ err = os.Mkdir(subDir, 0o700)
assert.NoError(t, err)
file := `
// camel-k: config=file:application.properties
`
fileName := path.Join(subDir, "simple.groovy")
- err = ioutil.WriteFile(fileName, []byte(file), 0o777)
+ err = ioutil.WriteFile(fileName, []byte(file), 0o400)
assert.NoError(t, err)
propFile := `
a=b
`
propFileName := path.Join(subDir, "application.properties")
- err = ioutil.WriteFile(propFileName, []byte(propFile), 0o777)
+ err = ioutil.WriteFile(propFileName, []byte(propFile), 0o400)
assert.NoError(t, err)
cmd, flags, err := NewKamelWithModelineCommand(context.TODO(), []string{"kamel", "run", fileName})
@@ -361,14 +361,14 @@ func TestModelineRunResourceConfigmap(t *testing.T) {
defer os.RemoveAll(dir)
subDir := path.Join(dir, "sub")
- err = os.Mkdir(subDir, 0o777)
+ err = os.Mkdir(subDir, 0o700)
assert.NoError(t, err)
file := `
// camel-k: resource=configmap:my-cm
`
fileName := path.Join(subDir, "simple.groovy")
- err = ioutil.WriteFile(fileName, []byte(file), 0o777)
+ err = ioutil.WriteFile(fileName, []byte(file), 0o400)
assert.NoError(t, err)
cmd, flags, err := NewKamelWithModelineCommand(context.TODO(), []string{"kamel", "run", fileName})
@@ -383,14 +383,14 @@ func TestModelineRunResourceSecret(t *testing.T) {
defer os.RemoveAll(dir)
subDir := path.Join(dir, "sub")
- err = os.Mkdir(subDir, 0o777)
+ err = os.Mkdir(subDir, 0o700)
assert.NoError(t, err)
file := `
// camel-k: resource=secret:my-secret
`
fileName := path.Join(subDir, "simple.groovy")
- err = ioutil.WriteFile(fileName, []byte(file), 0o777)
+ err = ioutil.WriteFile(fileName, []byte(file), 0o400)
assert.NoError(t, err)
cmd, flags, err := NewKamelWithModelineCommand(context.TODO(), []string{"kamel", "run", fileName})
@@ -405,21 +405,21 @@ func TestModelineRunResourceFile(t *testing.T) {
defer os.RemoveAll(dir)
subDir := path.Join(dir, "sub")
- err = os.Mkdir(subDir, 0o777)
+ err = os.Mkdir(subDir, 0o700)
assert.NoError(t, err)
file := `
// camel-k: resource=file:application.properties
`
fileName := path.Join(subDir, "simple.groovy")
- err = ioutil.WriteFile(fileName, []byte(file), 0o777)
+ err = ioutil.WriteFile(fileName, []byte(file), 0o400)
assert.NoError(t, err)
propFile := `
a=b
`
propFileName := path.Join(subDir, "application.properties")
- err = ioutil.WriteFile(propFileName, []byte(propFile), 0o777)
+ err = ioutil.WriteFile(propFileName, []byte(propFile), 0o400)
assert.NoError(t, err)
cmd, flags, err := NewKamelWithModelineCommand(context.TODO(), []string{"kamel", "run", fileName})
@@ -437,7 +437,7 @@ func TestModelineInspectSimple(t *testing.T) {
// camel-k: dependency=mvn:org.my:lib:1.0
`
fileName := path.Join(dir, "simple.groovy")
- err = ioutil.WriteFile(fileName, []byte(file), 0o777)
+ err = ioutil.WriteFile(fileName, []byte(file), 0o400)
assert.NoError(t, err)
cmd, flags, err := NewKamelWithModelineCommand(context.TODO(), []string{"kamel", "local", "inspect", fileName})
@@ -456,7 +456,7 @@ func TestModelineInspectMultipleDeps(t *testing.T) {
// camel-k: dependency=camel-k:camel-dep
`
fileName := path.Join(dir, "simple.groovy")
- err = ioutil.WriteFile(fileName, []byte(file), 0o777)
+ err = ioutil.WriteFile(fileName, []byte(file), 0o400)
assert.NoError(t, err)
cmd, flags, err := NewKamelWithModelineCommand(context.TODO(), []string{"kamel", "local", "inspect", fileName})
diff --git a/pkg/cmd/run_help_test.go b/pkg/cmd/run_help_test.go
index 11645ff..0763c06 100644
--- a/pkg/cmd/run_help_test.go
+++ b/pkg/cmd/run_help_test.go
@@ -199,7 +199,7 @@ func TestExtractProperties_FromFile(t *testing.T) {
key=value
#key2=value2
my.key=value
- `), 0o644))
+ `), 0o400))
props, err := extractProperties("file:" + tmpFile1.Name())
assert.Nil(t, err)
@@ -223,7 +223,7 @@ func TestExtractPropertiesFromFileAndSingleValue(t *testing.T) {
key=value
#key2=value2
my.key=value
- `), 0o644))
+ `), 0o400))
properties := []string{"key=override", "file:" + tmpFile1.Name(), "my.key = override"}
props, err := mergePropertiesWithPrecedence(properties)
diff --git a/pkg/cmd/run_test.go b/pkg/cmd/run_test.go
index 0aaec8e..67c0453 100644
--- a/pkg/cmd/run_test.go
+++ b/pkg/cmd/run_test.go
@@ -255,7 +255,7 @@ func TestAddPropertyFile(t *testing.T) {
}
assert.Nil(t, tmpFile.Close())
- assert.Nil(t, ioutil.WriteFile(tmpFile.Name(), []byte(TestPropertyFileContent), 0o644))
+ assert.Nil(t, ioutil.WriteFile(tmpFile.Name(), []byte(TestPropertyFileContent), 0o400))
properties, err := convertToTraitParameter("file:"+tmpFile.Name(), "trait.properties")
assert.Nil(t, err)
@@ -273,7 +273,7 @@ func TestRunPropertyFileFlag(t *testing.T) {
}
assert.Nil(t, tmpFile.Close())
- assert.Nil(t, ioutil.WriteFile(tmpFile.Name(), []byte(TestPropertyFileContent), 0o644))
+ assert.Nil(t, ioutil.WriteFile(tmpFile.Name(), []byte(TestPropertyFileContent), 0o400))
runCmdOptions, rootCmd, _ := initializeRunCmdOptions(t)
_, errExecute := test.ExecuteCommand(rootCmd, cmdRun,
diff --git a/pkg/cmd/util_config.go b/pkg/cmd/util_config.go
index 72a35c2..9c4239e 100644
--- a/pkg/cmd/util_config.go
+++ b/pkg/cmd/util_config.go
@@ -139,7 +139,7 @@ func (cfg *Config) Delete(path string) {
func (cfg *Config) Save() error {
root := filepath.Dir(cfg.location)
if _, err := os.Stat(root); os.IsNotExist(err) {
- if e := os.MkdirAll(root, 0o700); e != nil {
+ if e := os.MkdirAll(root, 0o600); e != nil {
return e
}
}
@@ -148,7 +148,7 @@ func (cfg *Config) Save() error {
if err != nil {
return err
}
- return ioutil.WriteFile(cfg.location, data, 0o644)
+ return ioutil.WriteFile(cfg.location, data, 0o600)
}
func (cfg *Config) navigate(values map[string]interface{}, prefix string, create bool) map[string]interface{} {
diff --git a/pkg/cmd/util_content_test.go b/pkg/cmd/util_content_test.go
index 155fa10..ae34b1d 100644
--- a/pkg/cmd/util_content_test.go
+++ b/pkg/cmd/util_content_test.go
@@ -37,7 +37,7 @@ func TestRawBinaryContentType(t *testing.T) {
t.Error(err)
}
assert.Nil(t, tmpFile.Close())
- assert.Nil(t, ioutil.WriteFile(tmpFile.Name(), []byte{1, 2, 3, 4, 5, 6}, 0o644))
+ assert.Nil(t, ioutil.WriteFile(tmpFile.Name(), []byte{1, 2, 3, 4, 5, 6}, 0o400))
data, contentType, err := loadRawContent(tmpFile.Name())
assert.Nil(t, err)
@@ -52,7 +52,7 @@ func TestRawApplicationContentType(t *testing.T) {
t.Error(err)
}
assert.Nil(t, tmpFile.Close())
- assert.Nil(t, ioutil.WriteFile(tmpFile.Name(), []byte(`{"hello":"world"}`), 0o644))
+ assert.Nil(t, ioutil.WriteFile(tmpFile.Name(), []byte(`{"hello":"world"}`), 0o400))
data, contentType, err := loadRawContent(tmpFile.Name())
assert.Nil(t, err)
@@ -67,7 +67,7 @@ func TestTextContentType(t *testing.T) {
t.Error(err)
}
assert.Nil(t, tmpFile.Close())
- assert.Nil(t, ioutil.WriteFile(tmpFile.Name(), []byte(`{"hello":"world"}`), 0o644))
+ assert.Nil(t, ioutil.WriteFile(tmpFile.Name(), []byte(`{"hello":"world"}`), 0o400))
data, contentType, compressed, err := loadTextContent(tmpFile.Name(), false)
assert.Nil(t, err)
@@ -83,7 +83,7 @@ func TestTextCompressed(t *testing.T) {
t.Error(err)
}
assert.Nil(t, tmpFile.Close())
- assert.Nil(t, ioutil.WriteFile(tmpFile.Name(), []byte(`{"hello":"world"}`), 0o644))
+ assert.Nil(t, ioutil.WriteFile(tmpFile.Name(), []byte(`{"hello":"world"}`), 0o400))
data, contentType, compressed, err := loadTextContent(tmpFile.Name(), true)
assert.Nil(t, err)
diff --git a/pkg/cmd/util_dependencies.go b/pkg/cmd/util_dependencies.go
index 2a54fc9..351091f 100644
--- a/pkg/cmd/util_dependencies.go
+++ b/pkg/cmd/util_dependencies.go
@@ -394,7 +394,7 @@ func updateIntegrationProperties(properties []string, propertyFiles []string, ha
// Output list of properties to property file if any CLI properties were given.
if len(properties) > 0 {
propertyFilePath := path.Join(util.GetLocalPropertiesDir(), "CLI.properties")
- err = ioutil.WriteFile(propertyFilePath, []byte(strings.Join(properties, "\n")), 0o777)
+ err = ioutil.WriteFile(propertyFilePath, []byte(strings.Join(properties, "\n")), 0o600)
if err != nil {
return nil, err
}
diff --git a/pkg/cmd/util_dependencies_test.go b/pkg/cmd/util_dependencies_test.go
index efa4335..2f44490 100644
--- a/pkg/cmd/util_dependencies_test.go
+++ b/pkg/cmd/util_dependencies_test.go
@@ -34,7 +34,7 @@ func TestValidatePropertyFiles_ShouldSucceed(t *testing.T) {
}
assert.Nil(t, tmpFile1.Close())
- assert.Nil(t, ioutil.WriteFile(tmpFile1.Name(), []byte("key=value"), 0o644))
+ assert.Nil(t, ioutil.WriteFile(tmpFile1.Name(), []byte("key=value"), 0o400))
inputValues := []string{tmpFile1.Name()}
err = validatePropertyFiles(inputValues)
@@ -50,7 +50,7 @@ func TestValidatePropertyFiles_ShouldFailNotAPropertiesFile(t *testing.T) {
}
assert.Nil(t, tmpFile1.Close())
- assert.Nil(t, ioutil.WriteFile(tmpFile1.Name(), []byte("key=value"), 0o644))
+ assert.Nil(t, ioutil.WriteFile(tmpFile1.Name(), []byte("key=value"), 0o400))
inputValues := []string{tmpFile1.Name()}
err = validatePropertyFiles(inputValues)
diff --git a/pkg/trait/openapi.go b/pkg/trait/openapi.go
index 36a43e9..1048f30 100644
--- a/pkg/trait/openapi.go
+++ b/pkg/trait/openapi.go
@@ -192,7 +192,7 @@ func (t *openAPITrait) createNewOpenAPIConfigMap(e *Environment, resource v1.Res
in := path.Join(tmpDir, resource.Name)
out := path.Join(tmpDir, "openapi-dsl.xml")
- err = ioutil.WriteFile(in, content, 0o644)
+ err = ioutil.WriteFile(in, content, 0o400)
if err != nil {
return err
}
diff --git a/pkg/util/sync/file_test.go b/pkg/util/sync/file_test.go
index 13cc81c..5c1e2b2 100644
--- a/pkg/util/sync/file_test.go
+++ b/pkg/util/sync/file_test.go
@@ -45,7 +45,7 @@ func TestFile(t *testing.T) {
time.Sleep(100 * time.Millisecond)
expectedNumChanges := 3
for i := 0; i < expectedNumChanges; i++ {
- if err := ioutil.WriteFile(fileName, []byte("data-"+strconv.Itoa(i)), 0o777); err != nil {
+ if err := ioutil.WriteFile(fileName, []byte("data-"+strconv.Itoa(i)), 0o600); err != nil {
t.Error(err)
}
time.Sleep(350 * time.Millisecond)
diff --git a/pkg/util/util.go b/pkg/util/util.go
index 97b93b3..274ef2d 100644
--- a/pkg/util/util.go
+++ b/pkg/util/util.go
@@ -434,7 +434,7 @@ func MapToYAML(src map[string]interface{}) ([]byte, error) {
}
func WriteToFile(filePath string, fileContents string) error {
- err := ioutil.WriteFile(filePath, []byte(fileContents), 0o777)
+ err := ioutil.WriteFile(filePath, []byte(fileContents), 0o400)
if err != nil {
return errors.Errorf("error writing file: %v", filePath)
}