Warn when config file is world-readable#16
Merged
Conversation
There was a problem hiding this comment.
Pull request overview
This PR adds a safety warning when the CLI’s config file (which stores API tokens) is readable/writable by group/other users, and routes that warning to stderr to avoid corrupting machine-readable stdout output.
Changes:
- Extend the
printer.Printerinterface withEprintlnand addprinter.Warning(...)to emit non-fatal diagnostics on stderr. - Add
configuration.InsecureConfigPermissions()(skipped on Windows) and use it from the root command to warn on insecure config modes. - Add tests for the new warning output and config permission detection.
Reviewed changes
Copilot reviewed 8 out of 8 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| components/printer/printer.go | Extends printer interface to support stderr output. |
| components/printer/console_printer.go | Implements Eprintln writing to os.Stderr. |
| components/printer/testing_printer.go | Implements Eprintln for test printer. |
| components/printer/common.go | Adds Warning(...) helper that prints to stderr. |
| components/printer/warning_test.go | Adds unit test for warning output format/content. |
| components/configuration/profiles.go | Adds config path helper + permission check API. |
| components/configuration/filemode_test.go | Adds tests for insecure-permissions detection. |
| cmd/root.go | Runs the permission check on commands and emits warning. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
cbliard
approved these changes
Jun 15, 2026
cbliard
left a comment
cbliard
left a comment
Member
There was a problem hiding this comment.
Sounds good 👍
Please consider the two comments from copilot. Adding "" is a good suggestion. Updating the docs to remove absolute is a bit nipicking but is valid, so it should be done.
The config file stores API tokens and is written with mode 0600, but nothing detected a file that had been loosened (e.g. an old 0644 file predating the 0600 write, or one chmod-ed by hand). Add a permission check that runs on every command: when the file is accessible by group or other users, print a warning telling the user to chmod 600 it. The warning goes to stderr via a new printer.Warning so it never corrupts machine-readable output on stdout. Permission bits are not meaningful on Windows, so the check is skipped there.
myabc
force-pushed
the
fix/config-world-readable
branch
from
4b30277 to
eca5a9f
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Note
This PR is based off #15
Ticket
n/a
What are you trying to accomplish?
The config file stores API tokens and is written with mode 0600, but nothing detected a file that had been loosened (e.g. an old 0644 file predating the 0600 write, or one chmod-ed by hand). Add a permission check that runs on every command: when the file is accessible by group or other users, print a warning telling the user to chmod 600 it.
Screenshots
What approach did you choose and why?
The warning goes to stderr via a new printer.Warning so it never corrupts machine-readable output on stdout. Permission bits are not meaningful on Windows, so the check is skipped there.
Merge checklist