Merge pull request #11455 from ksankeerth/dev-11451

Strict file permissions for repository.yaml
2 years ago · d7805e68ae
parent 27cd772913 33121a80ff
commit d7805e68ae
4 changed files with 5 additions and 5 deletions
--- a/cmd/helm/repo_add.go
+++ b/cmd/helm/repo_add.go
@ -212,7 +212,7 @@ func (o *repoAddOptions) run(out io.Writer) error {
 	f.Update(&c)
-	if err := f.WriteFile(o.repoFile, 0644); err != nil {
+	if err := f.WriteFile(o.repoFile, 0600); err != nil {
 		return err
 	}
 	fmt.Fprintf(out, "%q has been added to your repositories\n", o.name)
--- a/cmd/helm/repo_remove.go
+++ b/cmd/helm/repo_remove.go
@ -67,7 +67,7 @@ func (o *repoRemoveOptions) run(out io.Writer) error {
 		if !r.Remove(name) {
 			return errors.Errorf("no repo named %q found", name)
 		}
-		if err := r.WriteFile(o.repoFile, 0644); err != nil {
+		if err := r.WriteFile(o.repoFile, 0600); err != nil {
 			return err
 		}
--- a/pkg/repo/repo_test.go
+++ b/pkg/repo/repo_test.go
@ -202,7 +202,7 @@ func TestWriteFile(t *testing.T) {
 		t.Errorf("failed to create test-file (%v)", err)
 	}
 	defer os.Remove(file.Name())
-	if err := sampleRepository.WriteFile(file.Name(), 0644); err != nil {
+	if err := sampleRepository.WriteFile(file.Name(), 0600); err != nil {
 		t.Errorf("failed to write file (%v)", err)
 	}
--- a/pkg/repo/repotest/server.go
+++ b/pkg/repo/repotest/server.go
@ -385,7 +385,7 @@ func (s *Server) StartTLS() {
 		CAFile: filepath.Join("../../testdata", "rootca.crt"),
 	})
-	if err := r.WriteFile(repoConfig, 0644); err != nil {
+	if err := r.WriteFile(repoConfig, 0600); err != nil {
 		panic(err)
 	}
 }
@ -422,5 +422,5 @@ func setTestingRepository(url, fname string) error {
 		Name: "test",
 		URL:  url,
 	})
-	return r.WriteFile(fname, 0644)
+	return r.WriteFile(fname, 0640)
 }