fix(memory): restrict OpenViking setup file permissions

2026-06-18 09:51:59 +00:00 · 2026-05-20 13:25:29 +08:00 · 2026-05-20 13:25:29 +08:00 · b0e25c9cb2
commit b0e25c9cb2
parent 2dace37f6b
2 changed files with 33 additions and 0 deletions
--- a/plugins/memory/openviking/init.py
+++ b/plugins/memory/openviking/init.py
@ -30,6 +30,7 @@ import json
 import logging
 import mimetypes
 import os
+import stat
 import tempfile
 import threading
 import uuid
@ -511,6 +512,13 @@ def _env_writes_from_connection_values(values: dict) -> dict:
    return writes


+def _restrict_secret_file_permissions(path: Path) -> None:
+    try:
+        path.chmod(stat.S_IRUSR | stat.S_IWUSR)
+    except OSError:
+        pass
+
+
 def _write_env_vars(env_path: Path, env_writes: dict, remove_keys: tuple[str, ...] = ()) -> None:
    env_path.parent.mkdir(parents=True, exist_ok=True)
    remove_set = set(remove_keys) - set(env_writes)
@ -530,6 +538,7 @@ def _write_env_vars(env_path: Path, env_writes: dict, remove_keys: tuple[str, ..
        if key not in updated_keys:
            new_lines.append(f"{key}={val}")
    env_path.write_text("\n".join(new_lines) + ("\n" if new_lines else ""), encoding="utf-8")
+    _restrict_secret_file_permissions(env_path)


 def _remember_ovcli_path(provider_config: dict, ovcli_path: Path) -> None:
@ -560,6 +569,7 @@ def _ovcli_data_from_connection_values(values: dict) -> dict:
 def _write_ovcli_config(path: Path, values: dict) -> None:
    path.parent.mkdir(parents=True, exist_ok=True)
    path.write_text(json.dumps(_ovcli_data_from_connection_values(values), indent=2) + "\n", encoding="utf-8")
+    _restrict_secret_file_permissions(path)


 # ---------------------------------------------------------------------------
--- a/tests/plugins/memory/test_openviking_provider.py
+++ b/tests/plugins/memory/test_openviking_provider.py
@ -1,4 +1,6 @@
 import json
+import os
+import stat
 import zipfile
 from types import SimpleNamespace
 from unittest.mock import MagicMock
@ -20,6 +22,27 @@ def _clear_openviking_env(monkeypatch):
        monkeypatch.delenv(key, raising=False)


+@pytest.mark.skipif(os.name == "nt", reason="POSIX file modes")
+def test_openviking_env_writer_restricts_file_permissions(tmp_path):
+    env_path = tmp_path / ".env"
+
+    openviking_module._write_env_vars(env_path, {"OPENVIKING_API_KEY": "secret"})
+
+    assert stat.S_IMODE(env_path.stat().st_mode) == 0o600
+
+
+@pytest.mark.skipif(os.name == "nt", reason="POSIX file modes")
+def test_ovcli_config_writer_restricts_file_permissions(tmp_path):
+    config_path = tmp_path / "ovcli.conf"
+
+    openviking_module._write_ovcli_config(
+        config_path,
+        {"endpoint": "http://remote.example", "api_key": "secret"},
+    )
+
+    assert stat.S_IMODE(config_path.stat().st_mode) == 0o600
+
+
 def test_linked_ovcli_config_is_read_at_runtime(tmp_path, monkeypatch):
    _clear_openviking_env(monkeypatch)
    ovcli_path = tmp_path / "ovcli.conf"