usebruno/bruno

Consider using stronger ACL on Environment files

Open

#2,016 opened on 2024年4月4日

GitHub で見る
 (1 comment) (1 reaction) (0 assignees)JavaScript (2,403 forks)batch import
good first issuehelp wantedmodule-environmentsmodule-filesystemmodule-security

Repository metrics

Stars
 (43,787 stars)
PR merge metrics
 (平均マージ 6d 21h) (30d で 96 merged PRs)

説明

Issue

When an Environment file is created, it is typically stored in the environments directory. On 'nix/BSD environments, those files are stored with world-readable perms (644 to be exact). While there is already some protection for sensitive data by using the "Secrets" checkbox, I could see people who accidentally/mistakenly still store sensitive creds and keys which could expose them.

I'd recommend you set an ACL for the Environment files to 600 by default. I can confirm that Bruno will continue to read and write to them just fine with those permissions set.

コントリビューターガイド