fix: Set stricter permissions on created directories

* Changed directory creation permissions from 0755 to 0750.
* Restricted read and execute access for users other than the owner and group.
* Applied the permission change in sample pipeline generation, globbing tests,
and SCM utility functions.
* Improved the default security posture for created directories.

Signed-off-by: Chmouel Boudjnah <[email protected]>

Author: chmouel

pkg/cmd/tknpac/generate/generate.go

@@ -195,7 +195,7 @@ func (o *Opts) samplePipeline(recreateTemplate bool) error {
 	}
 
 	if _, err := os.Stat(dirPath); os.IsNotExist(err) {
-		if err := os.MkdirAll(dirPath, 0o755); err != nil {
+		if err := os.MkdirAll(dirPath, 0o750); err != nil {
 			return err
 		}
 		fmt.Fprintf(o.IOStreams.Out, "%s Directory %s has been created.\n",
@@ -226,8 +226,7 @@ func (o *Opts) samplePipeline(recreateTemplate bool) error {
 		return err
 	}
 
-	//nolint: gosec
-	err = os.WriteFile(fpath, tmpl.Bytes(), 0o644)
+	err = os.WriteFile(fpath, tmpl.Bytes(), 0o600)
 	if err != nil {
 		return fmt.Errorf("cannot write template to %s: %w", fpath, err)
 	}

pkg/cmd/tknpac/info/globbing_test.go

@@ -67,7 +67,7 @@ func TestGlobbing(t *testing.T) {
 			tmpdir := fs.NewDir(t, t.Name())
 			defer tmpdir.Remove()
 			for _, file := range tt.files {
-				assert.NilError(t, os.MkdirAll(filepath.Dir(filepath.Join(tmpdir.Path(), file)), 0o755))
+				assert.NilError(t, os.MkdirAll(filepath.Dir(filepath.Join(tmpdir.Path(), file)), 0o750))
 				f, err := os.Create(filepath.Join(tmpdir.Path(), file))
 				assert.NilError(t, err)
 				_, _ = f.WriteString("")

test/pkg/scm/scm.go

@@ -106,7 +106,7 @@ func PushFilesToRefGit(t *testing.T, opts *Opts, entries map[string]string) stri
 	assert.NilError(t, err)
 
 	for filename, content := range entries {
-		assert.NilError(t, os.MkdirAll(filepath.Dir(filename), 0o755))
+		assert.NilError(t, os.MkdirAll(filepath.Dir(filename), 0o750))
 		// write content to filename
 		assert.NilError(t, os.WriteFile(filename, []byte(content), 0o600))
 	}