Merge pull request rubygems#338 from zettabyte/credentials-file-permi…

…ssions Credentials file permissions
alexch · Jun 15, 2012 · 8091e5d · 8091e5d
2 parents 5077a89 + e9960c7
commit 8091e5d
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 1 deletion.
diff --git a/lib/rubygems/config_file.rb b/lib/rubygems/config_file.rb
@@ -235,7 +235,8 @@ def rubygems_api_key=(api_key)
 
     Gem.load_yaml
 
-    File.open(credentials_path, 'w') do |f|
+    permissions = 0600 & (~File.umask)
+    File.open(credentials_path, 'w', permissions) do |f|
       f.write config.to_yaml
     end
 

diff --git a/test/rubygems/test_gem_config_file.rb b/test/rubygems/test_gem_config_file.rb
@@ -309,6 +309,14 @@ def test_load_api_keys_from_config
                   :other => 'a5fdbb6ba150cbb83aad2bb2fede64c'}, @cfg.api_keys)
   end
 
+  def test_save_credentials_file_with_strict_permissions
+    util_config_file
+    FileUtils.mkdir File.dirname(@cfg.credentials_path)
+    @cfg.rubygems_api_key = '701229f217cdf23b1344c7b4b54ca97'
+    mode = 0100600 & (~File.umask)
+    assert_equal mode, File.stat(@cfg.credentials_path).mode unless win_platform?
+  end
+
   def util_config_file(args = @cfg_args)
     @cfg = Gem::ConfigFile.new args
   end