From 7d2215b5b4f39a8ea1d8afc15dcee5cb2f906011 Mon Sep 17 00:00:00 2001 From: Jim Ehrismann <40840436+jim-docker@users.noreply.github.com> Date: Fri, 4 Sep 2020 13:28:51 -0400 Subject: [PATCH] Restrict file permissions to only the user for pasted kubeconfigs that are kept in the app dir (#805) Signed-off-by: Jim Ehrismann --- src/common/cluster-store.ts | 2 +- src/common/utils/saveToAppFiles.ts | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/common/cluster-store.ts b/src/common/cluster-store.ts index 7b9de86fef..289c4e1669 100644 --- a/src/common/cluster-store.ts +++ b/src/common/cluster-store.ts @@ -60,7 +60,7 @@ export class ClusterStore extends BaseStore { static embedCustomKubeConfig(clusterId: ClusterId, kubeConfig: KubeConfig | string): string { const filePath = ClusterStore.getCustomKubeConfigPath(clusterId); const fileContents = typeof kubeConfig == "string" ? kubeConfig : dumpConfigYaml(kubeConfig); - saveToAppFiles(filePath, fileContents); + saveToAppFiles(filePath, fileContents, { mode: 0o600}); return filePath; } diff --git a/src/common/utils/saveToAppFiles.ts b/src/common/utils/saveToAppFiles.ts index b0b3ff8d7a..9092767ccf 100644 --- a/src/common/utils/saveToAppFiles.ts +++ b/src/common/utils/saveToAppFiles.ts @@ -1,11 +1,11 @@ // Save file to electron app directory (e.g. "/Users/$USER/Library/Application Support/Lens" for MacOS) import path from "path"; import { app, remote } from "electron"; -import { ensureDirSync, writeFileSync } from "fs-extra"; +import { ensureDirSync, writeFileSync, WriteFileOptions } from "fs-extra"; -export function saveToAppFiles(filePath: string, contents: any): string { +export function saveToAppFiles(filePath: string, contents: any, options?: WriteFileOptions): string { const absPath = path.resolve((app || remote.app).getPath("userData"), filePath); ensureDirSync(path.dirname(absPath)); - writeFileSync(absPath, contents); + writeFileSync(absPath, contents, options); return absPath; }