From edc2f92ac571f8d8817e013d5c04d69e34065e6b Mon Sep 17 00:00:00 2001
From: Manuel Kieweg <manuel.kieweg@h-da.de>
Date: Thu, 15 Apr 2021 12:46:44 +0200
Subject: [PATCH] fix security issues

---
 forks/goarista/gnmi/client.go | 4 +++-
 nucleus/util/proto/message.go | 2 +-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/forks/goarista/gnmi/client.go b/forks/goarista/gnmi/client.go
index f9ed05b53..fc041336e 100644
--- a/forks/goarista/gnmi/client.go
+++ b/forks/goarista/gnmi/client.go
@@ -117,7 +117,9 @@ func DialContext(ctx context.Context, cfg *Config) (pb.GNMIClient, error) {
 	}
 
 	if cfg.TLS || cfg.CAFile != "" || cfg.CertFile != "" || cfg.Token != "" {
-		tlsConfig := &tls.Config{}
+		tlsConfig := &tls.Config{
+			MinVersion:                  tls.VersionTLS12,
+		}
 		if cfg.CAFile != "" {
 			b, err := ioutil.ReadFile(cfg.CAFile)
 			if err != nil {
diff --git a/nucleus/util/proto/message.go b/nucleus/util/proto/message.go
index 673be2f9d..816c728e1 100644
--- a/nucleus/util/proto/message.go
+++ b/nucleus/util/proto/message.go
@@ -17,7 +17,7 @@ func Write(message proto.Message, filename string) error {
 		return fmt.Errorf("cannot marshal proto message to binary: %w", err)
 	}
 
-	err = ioutil.WriteFile(filename, data, 0644)
+	err = ioutil.WriteFile(filename, data, 0600)
 	if err != nil {
 		return fmt.Errorf("cannot write binary data to file: %w", err)
 	}
-- 
GitLab