github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-09 02:38:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): create session transcript files with 0o600 permissions (#18066)

Browse Source 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 962f497d24
Co-authored-by: brandonwise <21148772+brandonwise@users.noreply.github.com>
Co-authored-by: sebslight <19554889+sebslight@users.noreply.github.com>
Reviewed-by: @sebslight
This commit is contained in:
brandonwise
2026-02-16 08:33:40 -05:00
committed by GitHub
parent 6931f0fb50
commit 095d522099
6 changed files with 32 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/security/fix.ts
View File

@@ -366,6 +366,21 @@ async function chmodCredentialsAndAgentState(params: {
const storePath = path.join(sessionsDir, "sessions.json");
// eslint-disable-next-line no-await-in-loop
params.actions.push(await params.applyPerms({ path: storePath, mode: 0o600, require: "file" }));
// Fix permissions on session transcript files (*.jsonl)
// eslint-disable-next-line no-await-in-loop
const sessionEntries = await fs.readdir(sessionsDir, { withFileTypes: true }).catch(() => []);
for (const entry of sessionEntries) {
if (!entry.isFile()) {
continue;
}
if (!entry.name.endsWith(".jsonl")) {
continue;
}
const p = path.join(sessionsDir, entry.name);
// eslint-disable-next-line no-await-in-loop
params.actions.push(await params.applyPerms({ path: p, mode: 0o600, require: "file" }));
}
}
}