This repository has been archived by the owner on Aug 2, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Update config file access permission
Default folder should have 700 and file have 600. Make sure config file path is 600 before accepting.
- Loading branch information
Showing
5 changed files
with
166 additions
and
31 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,67 @@ | ||
// +build !windows | ||
|
||
/* | ||
* Copyright 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"). | ||
* You may not use this file except in compliance with the License. | ||
* A copy of the License is located at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* or in the "license" file accompanying this file. This file is distributed | ||
* on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either | ||
* express or implied. See the License for the specific language governing | ||
* permissions and limitations under the License. | ||
*/ | ||
|
||
package commands | ||
|
||
import ( | ||
"fmt" | ||
"os" | ||
"path/filepath" | ||
) | ||
|
||
const ( | ||
FolderPermission = 0700 // only owner can read, write and execute | ||
FilePermission = 0600 // only owner can read and write | ||
) | ||
|
||
// createDefaultConfigFolderIfNotExists creates default config file along with folder if | ||
// it doesn't exists | ||
func createDefaultConfigFileIfNotExists() error { | ||
defaultFilePath := GetDefaultConfigFilePath() | ||
if isExists(defaultFilePath) { | ||
return nil | ||
} | ||
folderPath := filepath.Dir(defaultFilePath) | ||
if !isExists(folderPath) { | ||
err := os.Mkdir(folderPath, FolderPermission) | ||
if err != nil { | ||
return err | ||
} | ||
} | ||
f, err := os.Create(defaultFilePath) | ||
if err != nil { | ||
return err | ||
} | ||
if err = f.Chmod(FilePermission); err != nil { | ||
return err | ||
} | ||
return f.Close() | ||
} | ||
|
||
func checkConfigFilePermission(configFilePath string) error { | ||
//check for config file permission | ||
info, err := os.Stat(configFilePath) | ||
if err != nil { | ||
return fmt.Errorf("failed to get config file info due to: %w", err) | ||
} | ||
mode := info.Mode().Perm() | ||
|
||
if mode != FilePermission { | ||
return fmt.Errorf("permissions %o for '%s' are too open. It is required that your config file is NOT accessible by others", mode, configFilePath) | ||
} | ||
return nil | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
// +build windows | ||
|
||
/* | ||
* Copyright 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"). | ||
* You may not use this file except in compliance with the License. | ||
* A copy of the License is located at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* or in the "license" file accompanying this file. This file is distributed | ||
* on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either | ||
* express or implied. See the License for the specific language governing | ||
* permissions and limitations under the License. | ||
*/ | ||
|
||
package commands | ||
|
||
import "fmt" | ||
|
||
func createDefaultConfigFileIfNotExists() error { | ||
return fmt.Errorf("creating default config file is not supported for windows. Please create manually") | ||
} | ||
|
||
func checkConfigFilePermission(configFilePath string) error { | ||
// since windows doesn't support create default config file, no validation is required | ||
return nil | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters