bruno icon indicating copy to clipboard operation
bruno copied to clipboard

Published 20 hours ago verified publisher icon usebruno

Consider using stronger ACL on Environment files

Open DanaEpp opened this issue 10 months ago • 1 comments

Issue

When an Environment file is created, it is typically stored in the environments directory. On 'nix/BSD environments, those files are stored with world-readable perms (644 to be exact). While there is already some protection for sensitive data by using the "Secrets" checkbox, I could see people who accidentally/mistakenly still store sensitive creds and keys which could expose them.

I'd recommend you set an ACL for the Environment files to 600 by default. I can confirm that Bruno will continue to read and write to them just fine with those permissions set.

DanaEpp avatar Apr 04 '24 21:04 DanaEpp

Interesting !

It looks like we can add a mode param in the writeFile method here !

As fs won't change the permission when writing to the file this mode 600 is only required to be set in the create environment renderer:create-environment here.

I made these changes to verify this (works on my machine 😄)

If these changes look good i can raise a PR for this !

image

  • My Machine

image

PushpenderSaini0 avatar Apr 07 '24 00:04 PushpenderSaini0