Store revocation file with 600 permission (#481)

Add ruff exception since it want it propose to use Path.open() which doesn’t implement opener Fixed in Ruff v0.0.292: PTH123 https://github.com/astral-sh/ruff/issues/7620

Store revocation file with 600 permission (#481)
Add ruff exception since it want it propose to use Path.open() which doesn’t implement opener Fixed in Ruff v0.0.292: PTH123 https://github.com/astral-sh/ruff/issues/7620
fb21125f · Moul · 8a029400 · fb21125f · fb21125f
Commit fb21125f authored 1 year ago by Moul
--- a/silkaj/wot/revocation.py
+++ b/silkaj/wot/revocation.py
@@ -13,6 +13,7 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with Silkaj. If not, see <https://www.gnu.org/licenses/>.

+import os
 import sys
 from pathlib import Path
 from typing import Dict
@@ -163,6 +164,10 @@ def create_revocation_doc(_id: Dict, pubkey: str, currency: str) -> Revocation:
    )


+def opener_user_rw(path, flags):
+    return os.open(path, flags, 0o600)
+
+
 def save_doc(rev_path: Path, content: str, pubkey: str) -> None:
    pubkey_cksum = gen_pubkey_checksum(pubkey)
    # Ask confirmation if the file exists
@@ -175,7 +180,8 @@ gene    rated revocation document corresponding to {pubkey_cksum} public key?",
        else:
            click.echo("Ok, goodbye!")
            sys.exit(SUCCESS_EXIT_STATUS)
-    rev_path.write_text(content, encoding="utf-8")
+    with open(rev_path, "w", encoding="utf-8", opener=opener_user_rw) as fh:
+        fh.write(content)
    click.echo(
        f"Revocation document file stored into `{rev_path}` for following public key: {pubkey_cksum}",
    )

--- a/tests/unit/wot/test_revocation.py
+++ b/tests/unit/wot/test_revocation.py
@@ -871,6 +871,10 @@ def test_save_doc(path, rev_1, rev_2, pubkey, capsys, monkeypatch):
        revocation.save_doc(path, rev_1.signed_raw(), pubkey)
        assert path.is_file()
        assert path.read_text(encoding="utf-8") == rev_1.signed_raw()
+
+        # test file has 600 permission
+        assert oct(path.stat().st_mode)[-3:] == "600"
+
        # test file is overwritten if confirm
        monkeypatch.setattr(click, "confirm", value=conf_true)
        revocation.save_doc(path, rev_2.signed_raw(), pubkey)
@@ -878,6 +882,7 @@ def test_save_doc(path, rev_1, rev_2, pubkey, capsys, monkeypatch):
 for following public key: {gen_pubkey_checksum(pubkey)}"
        assert expected_confirm in capsys.readouterr().out
        assert path.read_text(encoding="utf-8") == rev_2.signed_raw()
+
        # test file is not overwritten if not confirm
        monkeypatch.setattr(click, "confirm", value=conf_false)
        with pytest.raises(SystemExit) as pytest_exit: