MCPcopy Create free account
hub / github.com/codehamr/codehamr / TestSaveTightensPreexistingLoosePerms

Function TestSaveTightensPreexistingLoosePerms

internal/config/config_test.go:755–783  ·  view source on GitHub ↗

TestSaveTightensPreexistingLoosePerms covers the upgrade path fresh-bootstrap misses: a config.yaml from an older world-readable codehamr (or a hand-edit) starts at 0o644, and os.WriteFile preserves an existing file's mode, so Save would rewrite the bytes (including a fresh hamrpass token) while lea

(t *testing.T)

Source from the content-addressed store, hash-verified

753// would rewrite the bytes (including a fresh hamrpass token) while leaving it
754// world-readable. Save must tighten a pre-existing loose file to 0o600.
755func TestSaveTightensPreexistingLoosePerms(t *testing.T) {
756 dir := t.TempDir()
757 cdir := filepath.Join(dir, DirName)
758 if err := os.MkdirAll(cdir, 0o700); err != nil {
759 t.Fatal(err)
760 }
761 cfgPath := filepath.Join(cdir, "config.yaml")
762 // World-readable file an older codehamr would have written.
763 loose := []byte("active: local\nmodels:\n local:\n llm: m\n url: http://x\n key: \"\"\n context_size: 1\n")
764 if err := os.WriteFile(cfgPath, loose, 0o644); err != nil {
765 t.Fatal(err)
766 }
767 cfg, _, err := Bootstrap(dir)
768 if err != nil {
769 t.Fatal(err)
770 }
771 // A /hamrpass write lands the bearer token in this very file.
772 cfg.EnsureHamrpass().Key = "hp-secret-1234567890abcdef"
773 if err := cfg.Save(); err != nil {
774 t.Fatal(err)
775 }
776 st, err := os.Stat(cfgPath)
777 if err != nil {
778 t.Fatal(err)
779 }
780 if got := st.Mode().Perm(); got != 0o600 {
781 t.Fatalf("Save() must tighten a pre-existing 0o644 config.yaml to 0o600, got %v - hamrpass key stays world-readable across an upgrade", got)
782 }
783}

Callers

nothing calls this directly

Calls 3

BootstrapFunction · 0.85
EnsureHamrpassMethod · 0.80
SaveMethod · 0.80

Tested by

no test coverage detected