From 2942e5607d1270c0b862d32e8b10a4e1784e1a5e Mon Sep 17 00:00:00 2001 From: fettpl <38704082+fettpl@users.noreply.github.com> Date: Sat, 14 Feb 2026 23:59:36 +0100 Subject: [PATCH] fix: log warning when Windows key file permissions fail to set Replace silently discarded icacls result with proper error handling that logs a tracing::warn! on failure. Previously, if icacls failed (binary not found, permission denied), the key file would remain world-readable on Windows with no indication of the problem. Closes #56 Co-Authored-By: Claude Opus 4.6 --- src/security/secrets.rs | 18 +++++++++++++++--- src/tools/browser.rs | 1 + 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/src/security/secrets.rs b/src/security/secrets.rs index bafad38..c845bd9 100644 --- a/src/security/secrets.rs +++ b/src/security/secrets.rs @@ -191,14 +191,26 @@ impl SecretStore { #[cfg(windows)] { // On Windows, use icacls to restrict permissions to current user only - let _ = std::process::Command::new("icacls") + match std::process::Command::new("icacls") .arg(&self.key_path) .args(["/inheritance:r", "/grant:r"]) .arg(format!( "{}:F", std::env::var("USERNAME").unwrap_or_default() )) - .output(); + .output() + { + Ok(o) if !o.status.success() => { + tracing::warn!( + "Failed to set key file permissions via icacls (exit code {:?})", + o.status.code() + ); + } + Err(e) => { + tracing::warn!("Could not set key file permissions: {e}"); + } + _ => {} + } } Ok(key) @@ -241,7 +253,7 @@ fn hex_encode(data: &[u8]) -> String { /// Hex-decode a hex string to bytes. fn hex_decode(hex: &str) -> Result> { - if hex.len() % 2 != 0 { + if !hex.len().is_multiple_of(2) { anyhow::bail!("Hex string has odd length"); } (0..hex.len()) diff --git a/src/tools/browser.rs b/src/tools/browser.rs index 5ee9505..25be13c 100644 --- a/src/tools/browser.rs +++ b/src/tools/browser.rs @@ -366,6 +366,7 @@ impl BrowserTool { } #[async_trait] +#[allow(clippy::too_many_lines)] impl Tool for BrowserTool { fn name(&self) -> &str { "browser"