Restrict config file permissions to owner-only

jai-deepsource · jai-deepsource · commit 1237059bd39a · 2026-02-26T19:01:00.000-08:00
- Change WriteFile mode from 0644 to 0600
- Config may contain auth tokens, so it should not be world-readable
diff --git a/config/manager.go b/config/manager.go
@@ -120,7 +120,7 @@ func (m *Manager) Write(cfg *CLIConfig) error {
 		return err
 	}
 
-	return m.fs.WriteFile(path, data, 0o644)
+	return m.fs.WriteFile(path, data, 0o600)
 }
 
 // Delete removes the CLI config file if it exists.

Original file line number	Diff line number	Diff line change
`@@ -120,7 +120,7 @@ func (m Manager) Write(cfg CLIConfig) error {`
`120`	`120`	`return err`
`121`	`121`	`}`
`122`	`122`
`123`		`- return m.fs.WriteFile(path, data, 0o644)`
	`123`	`+ return m.fs.WriteFile(path, data, 0o600)`
`124`	`124`	`}`
`125`	`125`
`126`	`126`	`// Delete removes the CLI config file if it exists.`