TestSaveTightensPreexistingLoosePerms covers the upgrade path fresh-bootstrap misses: a config.yaml from an older world-readable codehamr (or a hand-edit) starts at 0o644, and os.WriteFile preserves an existing file's mode, so Save would rewrite the bytes (including a fresh hamrpass token) while lea
(t *testing.T)
| 753 | // would rewrite the bytes (including a fresh hamrpass token) while leaving it |
| 754 | // world-readable. Save must tighten a pre-existing loose file to 0o600. |
| 755 | func TestSaveTightensPreexistingLoosePerms(t *testing.T) { |
| 756 | dir := t.TempDir() |
| 757 | cdir := filepath.Join(dir, DirName) |
| 758 | if err := os.MkdirAll(cdir, 0o700); err != nil { |
| 759 | t.Fatal(err) |
| 760 | } |
| 761 | cfgPath := filepath.Join(cdir, "config.yaml") |
| 762 | // World-readable file an older codehamr would have written. |
| 763 | loose := []byte("active: local\nmodels:\n local:\n llm: m\n url: http://x\n key: \"\"\n context_size: 1\n") |
| 764 | if err := os.WriteFile(cfgPath, loose, 0o644); err != nil { |
| 765 | t.Fatal(err) |
| 766 | } |
| 767 | cfg, _, err := Bootstrap(dir) |
| 768 | if err != nil { |
| 769 | t.Fatal(err) |
| 770 | } |
| 771 | // A /hamrpass write lands the bearer token in this very file. |
| 772 | cfg.EnsureHamrpass().Key = "hp-secret-1234567890abcdef" |
| 773 | if err := cfg.Save(); err != nil { |
| 774 | t.Fatal(err) |
| 775 | } |
| 776 | st, err := os.Stat(cfgPath) |
| 777 | if err != nil { |
| 778 | t.Fatal(err) |
| 779 | } |
| 780 | if got := st.Mode().Perm(); got != 0o600 { |
| 781 | t.Fatalf("Save() must tighten a pre-existing 0o644 config.yaml to 0o600, got %v - hamrpass key stays world-readable across an upgrade", got) |
| 782 | } |
| 783 | } |
nothing calls this directly
no test coverage detected