Doctor/Security: fix telegram numeric ID + symlink config permission warnings (#19844)

Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: e42bf1e48d Co-authored-by: joshp123 <1497361+joshp123@users.noreply.github.com> Co-authored-by: joshp123 <1497361+joshp123@users.noreply.github.com> Reviewed-by: @joshp123
2026-05-08 15:18:28 +00:00 · 2026-02-18 00:09:51 -08:00
parent 7ea7b7e7af
commit 114736ed1a
8 changed files with 82 additions and 11 deletions
--- a/src/security/audit.ts
+++ b/src/security/audit.ts
@@ -186,6 +186,7 @@ async function collectFilesystemFindings(params: {
    exec: params.execIcacls,
  });
  if (configPerms.ok) {
+    const skipReadablePermWarnings = configPerms.isSymlink;
    if (configPerms.isSymlink) {
      findings.push({
        checkId: "fs.config.symlink",
@@ -208,7 +209,7 @@ async function collectFilesystemFindings(params: {
          env: params.env,
        }),
      });
-    } else if (configPerms.worldReadable) {
+    } else if (!skipReadablePermWarnings && configPerms.worldReadable) {
      findings.push({
        checkId: "fs.config.perms_world_readable",
        severity: "critical",
@@ -222,7 +223,7 @@ async function collectFilesystemFindings(params: {
          env: params.env,
        }),
      });
-    } else if (configPerms.groupReadable) {
+    } else if (!skipReadablePermWarnings && configPerms.groupReadable) {
      findings.push({
        checkId: "fs.config.perms_group_readable",
        severity: "warn",