cli icon indicating copy to clipboard operation
cli copied to clipboard

Published 20 hours ago verified publisher icon heroku

`config:edit` leaves temporary config vars file around after `Ctrl+C`

Open edmorley opened this issue 2 years ago • 1 comments

Do you want to request a feature or report a bug?

Bug

What is the current behavior?

If I use heroku config:edit and change my mind about editing config vars, and Ctrl+C the CLI command rather than first closing the editor with no changes, then the temporary file that holds the env vars/secrets is left on disk in tmp, which is a security risk.

This is using macOS 12.3.1 with Homebrew bash.

What is the expected behavior?

That the temp file containing the env vars is deleted even if I Ctrl+C the command before closing the editor.

It seems this could be fixed by enabling tmp's graceful cleanup option: https://www.npmjs.com/package/tmp#graceful-cleanup https://github.com/jdxcode/edit-string/blob/2105f5ba946d9eb3cf34b23c91a2e73442f63360/src/edit.ts

Called via: https://github.com/heroku/cli/blob/b8292f347101f13c2bb833b1dcf088886c8aa984/packages/config/src/commands/config/edit.ts#L105

edmorley avatar May 04 '22 16:05 edmorley