Skip to content

Commit

Permalink
make tokenfile readable to user only
Browse files Browse the repository at this point in the history 
Signed-off-by: Matthias Büchse <[email protected]>
  • Loading branch information
@mbuechse
mbuechse committed Nov 26, 2024
1 parent 560fba3 commit ff8568d
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions Tests/add_subject.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,7 @@ def main(argv, cwd):
token = base64.b64encode(f"{subject}:{password}".encode('utf-8'))
hash_ = CRYPTCTX.hash(password)
with open(tokenfile_path, "wb") as fileobj:
os.fchmod(fileobj.fileno(), 0o600)
fileobj.write(token)

Check failure

Code scanning / CodeQL

Clear-text storage of sensitive information High

This expression stores
sensitive data (password)
Loading
as clear text.
print("Creating key file using `ssh-keygen`...")
subprocess.check_call([SSH_KEYGEN, '-t', 'ed25519', '-C', sanitized_subject, '-f', keyfile_path, '-N', '', '-q'])
Expand Down

0 comments on commit ff8568d

Please sign in to comment.