Update pullRemote.js to set appropriate directory permissions

yadnyeshkolte · web-flow · commit dac735ea4696 · 2024-11-06T10:45:57.000+05:30
This commit modifies the directory creation permissions in the pullRemote function of pullRemote.js. 

Previously, the function was setting directory permissions to 0777 (full read, write, and execute permissions for user, group, and others). This approach is not aligned with best practices for security, particularly in secure environments such as OpenShift, where overly permissive settings can lead to vulnerabilities.

The updated code now sets the permissions to 0755 (read, write, and execute for the user; read and execute for group and others). This change enhances security by restricting write access to the owner only while still allowing necessary read and execute permissions.
diff --git a/src/proxy/processors/push-action/pullRemote.js b/src/proxy/processors/push-action/pullRemote.js
@@ -16,7 +16,7 @@ const exec = async (req, action) => {
     }
 
     if (!fs.existsSync(action.proxyGitPath)) {
-      fs.mkdirSync(action.proxyGitPath, '0777', true);
+      fs.mkdirSync(action.proxyGitPath, '0755', true);
     }
 
     const cmd = `git clone ${action.url} --bare`;

Original file line number	Diff line number	Diff line change
`@@ -16,7 +16,7 @@ const exec = async (req, action) => {`
`16`	`16`	`}`
`17`	`17`
`18`	`18`	`if (!fs.existsSync(action.proxyGitPath)) {`
`19`		`- fs.mkdirSync(action.proxyGitPath, '0777', true);`
	`19`	`+ fs.mkdirSync(action.proxyGitPath, '0755', true);`
`20`	`20`	`}`
`21`	`21`
`22`	`22`	const cmd = `git clone ${action.url} --bare`;