Merge pull request #9 from zaidfadhil/fix/config-file-permissions

fix: config file permissions
zaidfadhil · Nov 8, 2024 · 1c06b83 · 1c06b83
2 parents 2ff7db4 + 6be698b
commit 1c06b83
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 10 deletions.
diff --git a/.github/workflows/sec.yaml b/.github/workflows/sec.yaml
@@ -0,0 +1,28 @@
+name: security
+
+# runs every at 00:00 on Sunday UTC time.
+on:
+  push:
+  pull_request:
+  schedule:
+    - cron: '0 0 * * 0'
+
+jobs:
+  gosec:
+    name: gosec
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write
+    env:
+      GO111MODULE: on
+    steps:
+      - name: checkout source
+        uses: actions/checkout@v4
+      - name: run gosec security scanner
+        uses: securego/gosec@master
+        with:
+          args: '-no-fail -fmt sarif -out results.sarif ./...'
+      - name: upload SARIF file
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: results.sarif
diff --git a/cli/cli.go b/cli/cli.go
@@ -8,7 +8,7 @@ import (
 )
 
 var (
-	unknownCLICommandError = errors.New("unknown cli command")
+	ErrUnknownCLICommand = errors.New("unknown cli command")
 )
 
 type Command struct {
@@ -61,7 +61,7 @@ func (cli *CLI) Execute() error {
 			cli.PrintHelp()
 			return nil
 		} else {
-			return unknownCLICommandError
+			return ErrUnknownCLICommand
 		}
 	}
 

diff --git a/config/config.go b/config/config.go
@@ -20,8 +20,8 @@ type Config struct {
 }
 
 var (
-	ollamaMissingDataError   = errors.New("missing config. ollama_model or ollama_host")
-	unsupportedProviderError = errors.New("unsupported provider")
+	ErrMissingOllamaData   = errors.New("missing config. ollama_model or ollama_host")
+	ErrUnsupportedProvider = errors.New("unsupported provider")
 )
 
 func (cfg *Config) Load() error {
@@ -30,7 +30,7 @@ func (cfg *Config) Load() error {
 		return err
 	}
 
-	file, err := os.ReadFile(configPath)
+	file, err := os.ReadFile(filepath.Clean(configPath))
 	if err == nil {
 		err := json.Unmarshal(file, &cfg)
 		if err != nil {
@@ -67,7 +67,7 @@ func (cfg *Config) Save() error {
 		return err
 	}
 
-	file, err := os.OpenFile(configPath, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0644)
+	file, err := os.OpenFile(filepath.Clean(configPath), os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0600)
 	if err != nil {
 		return err
 	}
@@ -90,10 +90,10 @@ func (cfg *Config) Validate() error {
 	switch strings.ToLower(cfg.Provider) {
 	case "ollama":
 		if cfg.OllamaHost == "" || cfg.OllamaModel == "" {
-			return ollamaMissingDataError
+			return ErrMissingOllamaData
 		}
 	default:
-		return unsupportedProviderError
+		return ErrUnsupportedProvider
 	}
 
 	return nil
@@ -109,12 +109,12 @@ func getConfigFilePath() (string, error) {
 
 	_, err = os.Stat(configPath)
 	if err != nil {
-		err = os.MkdirAll(filepath.Dir(configPath), 0755)
+		err = os.MkdirAll(filepath.Dir(configPath), 0750)
 		if err != nil {
 			return "", err
 		}
 
-		file, err := os.Create(configPath)
+		file, err := os.OpenFile(filepath.Clean(configPath), os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0600)
 		if err != nil {
 			return "", err
 		}