negodiy/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

fix(security): create session transcript files with 0o600 permissions (#18066)

Browse Source 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 962f497d242c5affa9b610f38f3dc7844426198d
Co-authored-by: brandonwise <21148772+brandonwise@users.noreply.github.com>
Co-authored-by: sebslight <19554889+sebslight@users.noreply.github.com>
Reviewed-by: @sebslight
This commit is contained in:
brandonwise
2026-02-16 08:33:40 -05:00
committed by GitHub
parent 6931f0fb50
commit 095d522099
6 changed files with 32 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/security/fix.test.ts
View File

@@ -255,6 +255,9 @@ describe("security fix", () => {
const sessionsStorePath = path.join(sessionsDir, "sessions.json");
await fs.writeFile(sessionsStorePath, "{}\n", "utf-8");
await fs.chmod(sessionsStorePath, 0o644);
const transcriptPath = path.join(sessionsDir, "sess-main.jsonl");
await fs.writeFile(transcriptPath, '{"type":"session"}\n', "utf-8");
await fs.chmod(transcriptPath, 0o644);
const env = {
...process.env,
@@ -269,6 +272,7 @@ describe("security fix", () => {
expectPerms((await fs.stat(allowFromPath)).mode & 0o777, 0o600);
expectPerms((await fs.stat(authProfilesPath)).mode & 0o777, 0o600);
expectPerms((await fs.stat(sessionsStorePath)).mode & 0o777, 0o600);
expectPerms((await fs.stat(transcriptPath)).mode & 0o777, 0o600);
expectPerms((await fs.stat(includePath)).mode & 0o777, 0o600);
});
});