restrict read/write of cached auth secrets to user

This commit is contained in:
Raymond Hill 2018-05-01 08:25:20 -04:00
parent d6c1ab868c
commit 5c82bf6eba
No known key found for this signature in database
GPG key ID: 25E1490B761470C2
2 changed files with 6 additions and 0 deletions

View file

@ -64,8 +64,11 @@ def input_secret(prompt, token):
value = ubo_secrets[token] value = ubo_secrets[token]
elif token not in ubo_secrets or value != ubo_secrets[token]: elif token not in ubo_secrets or value != ubo_secrets[token]:
ubo_secrets[token] = value ubo_secrets[token] = value
exists = os.path.isfile(ubo_secrets_filename)
with open(ubo_secrets_filename, 'w') as f: with open(ubo_secrets_filename, 'w') as f:
json.dump(ubo_secrets, f, indent=2) json.dump(ubo_secrets, f, indent=2)
if not exists:
os.chmod(ubo_secrets_filename, 0o600)
return value return value

View file

@ -82,8 +82,11 @@ def input_secret(prompt, token):
value = ubo_secrets[token] value = ubo_secrets[token]
elif token not in ubo_secrets or value != ubo_secrets[token]: elif token not in ubo_secrets or value != ubo_secrets[token]:
ubo_secrets[token] = value ubo_secrets[token] = value
exists = os.path.isfile(ubo_secrets_filename)
with open(ubo_secrets_filename, 'w') as f: with open(ubo_secrets_filename, 'w') as f:
json.dump(ubo_secrets, f, indent=2) json.dump(ubo_secrets, f, indent=2)
if not exists:
os.chmod(ubo_secrets_filename, 0o600)
return value return value
# GitHub API token # GitHub API token