From 1d6e6b5706f630167a0a22cc048da87d828532f5 Mon Sep 17 00:00:00 2001
From: Fabian Seidl <fabian.seidl@h-da.de>
Date: Fri, 1 Dec 2023 15:51:06 +0000
Subject: [PATCH] Resolve "Check permissions for directoy and file creations
 from within our code"

See merge request danet/gosdn!636
---
 applications/venv-manager/venv-manager/venv-manager.go | 4 ++--
 cli/cmd/root.go                                        | 4 ++--
 cli/config/gosdnc.toml.example                         | 1 -
 controller/cmd/root.go                                 | 4 ++--
 controller/nucleus/pluginService.go                    | 2 +-
 controller/store/utils.go                              | 2 +-
 6 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/applications/venv-manager/venv-manager/venv-manager.go b/applications/venv-manager/venv-manager/venv-manager.go
index 15de1ede0..5c4416f06 100644
--- a/applications/venv-manager/venv-manager/venv-manager.go
+++ b/applications/venv-manager/venv-manager/venv-manager.go
@@ -166,7 +166,7 @@ func (v *VenvManager) getSDNConfigData() (*string, error) {
 
 // writeSDNConfigFile writes the SDN configuration in a string to a file.
 func (v *VenvManager) writeSDNConfigFile(sdnConfigToWrite string) error {
-	err := os.WriteFile(v.sdnConfigFilepath, []byte(sdnConfigToWrite), 0644)
+	err := os.WriteFile(v.sdnConfigFilepath, []byte(sdnConfigToWrite), 0600)
 	if err != nil {
 		return err
 	}
@@ -389,7 +389,7 @@ func (v *VenvManager) writeTopologyToYamlFile(containerlabStruct *containerlab.Y
 		return err
 	}
 
-	err = os.WriteFile(v.topologyFilepath, yaml, 0644)
+	err = os.WriteFile(v.topologyFilepath, yaml, 0600)
 	if err != nil {
 		return err
 	}
diff --git a/cli/cmd/root.go b/cli/cmd/root.go
index 75ea03139..589908438 100644
--- a/cli/cmd/root.go
+++ b/cli/cmd/root.go
@@ -110,12 +110,12 @@ func initConfig() {
 	if err := viper.ReadInConfig(); err != nil {
 		if ok := errors.As(err, &viper.ConfigFileNotFoundError{}); ok {
 			// create folder if it does not exist
-			if err := os.MkdirAll(defaultPath, 0777); err != nil {
+			if err := os.MkdirAll(defaultPath, 0600); err != nil {
 				log.Error("Config directory not found and was unable to create, error: ", err)
 			}
 			// Config file not found
 			// Try to create empty config file
-			if _, err = os.Create(fmt.Sprintf("%s%s", defaultPath, configFileName)); err != nil {
+			if err = os.WriteFile(fmt.Sprintf("%s%s", defaultPath, configFileName), []byte(""), 0600); err != nil {
 				log.Error("Config file not found and was unable to create, error: ", err)
 			}
 		} else {
diff --git a/cli/config/gosdnc.toml.example b/cli/config/gosdnc.toml.example
index 1f79dc009..c2a2997a9 100644
--- a/cli/config/gosdnc.toml.example
+++ b/cli/config/gosdnc.toml.example
@@ -1,4 +1,3 @@
 cli_pnd = '5f20f34b-cbd0-4511-9ddc-c50cf6a3b49d'
-cli_sbi = 'ca29311a-3b17-4385-96f8-515b602a97ac'
 controllerapiendpoint = 'localhost:55055'
 user_token = ''
diff --git a/controller/cmd/root.go b/controller/cmd/root.go
index 2fc51cfa2..293183319 100644
--- a/controller/cmd/root.go
+++ b/controller/cmd/root.go
@@ -152,11 +152,11 @@ func initConfig() {
 func ensureFileSystemPathExists(pathToFile string) error {
 	emptyString := []byte("")
 	// create folder if it does not exist
-	if err := os.MkdirAll(configHome, 0777); err != nil {
+	if err := os.MkdirAll(configHome, 0600); err != nil {
 		return err
 	}
 	// create file if it does not exist
-	if err := os.WriteFile(pathToFile, emptyString, 0666); err != nil {
+	if err := os.WriteFile(pathToFile, emptyString, 0600); err != nil {
 		log.Println(err)
 		return err
 	}
diff --git a/controller/nucleus/pluginService.go b/controller/nucleus/pluginService.go
index 3a1319efd..f3d4191a3 100644
--- a/controller/nucleus/pluginService.go
+++ b/controller/nucleus/pluginService.go
@@ -195,7 +195,7 @@ func saveStreamToFile(sc StreamClient, filename string, id uuid.UUID) (err error
 	}
 
 	// create the directory hierarchy based on the path
-	if err := os.MkdirAll(filepath.Dir(path), 0770); err != nil {
+	if err := os.MkdirAll(filepath.Dir(path), 0600); err != nil {
 		return err
 	}
 	// create the gostructs.go file at path
diff --git a/controller/store/utils.go b/controller/store/utils.go
index be2a8c5c6..9d8ebc838 100644
--- a/controller/store/utils.go
+++ b/controller/store/utils.go
@@ -58,7 +58,7 @@ func ensureFileSystemStoreExists(pathToStore string) error {
 func ensureDirExists(fileName string) error {
 	dirName := filepath.Dir(fileName)
 	if _, serr := os.Stat(dirName); serr != nil {
-		merr := os.MkdirAll(dirName, os.ModePerm)
+		merr := os.MkdirAll(dirName, 0600)
 		if merr != nil {
 			return merr
 		}
-- 
GitLab