usebruno/bruno

Consider using stronger ACL on Environment files

Open

#2,016 创建于 2024年4月4日

在 GitHub 查看
 (1 评论) (1 反应) (0 负责人)JavaScript (2,403 fork)batch import
good first issuehelp wantedmodule-environmentsmodule-filesystemmodule-security

仓库指标

Star
 (43,787 star)
PR 合并指标
 (平均合并 6天 21小时) (30 天内合并 96 个 PR)

描述

Issue

When an Environment file is created, it is typically stored in the environments directory. On 'nix/BSD environments, those files are stored with world-readable perms (644 to be exact). While there is already some protection for sensitive data by using the "Secrets" checkbox, I could see people who accidentally/mistakenly still store sensitive creds and keys which could expose them.

I'd recommend you set an ACL for the Environment files to 600 by default. I can confirm that Bruno will continue to read and write to them just fine with those permissions set.

贡献者指南