fix: log warning when Windows key file permissions fail to set
Replace silently discarded icacls result with proper error handling that logs a tracing::warn! on failure. Previously, if icacls failed (binary not found, permission denied), the key file would remain world-readable on Windows with no indication of the problem. Closes #56 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
fettpl
parent
365692853c
commit
2942e5607d
2 changed files with 16 additions and 3 deletions
|
|
@ -191,14 +191,26 @@ impl SecretStore {
|
|||
#[cfg(windows)]
|
||||
{
|
||||
// On Windows, use icacls to restrict permissions to current user only
|
||||
let _ = std::process::Command::new("icacls")
|
||||
match std::process::Command::new("icacls")
|
||||
.arg(&self.key_path)
|
||||
.args(["/inheritance:r", "/grant:r"])
|
||||
.arg(format!(
|
||||
"{}:F",
|
||||
std::env::var("USERNAME").unwrap_or_default()
|
||||
))
|
||||
.output();
|
||||
.output()
|
||||
{
|
||||
Ok(o) if !o.status.success() => {
|
||||
tracing::warn!(
|
||||
"Failed to set key file permissions via icacls (exit code {:?})",
|
||||
o.status.code()
|
||||
);
|
||||
}
|
||||
Err(e) => {
|
||||
tracing::warn!("Could not set key file permissions: {e}");
|
||||
}
|
||||
_ => {}
|
||||
}
|
||||
}
|
||||
|
||||
Ok(key)
|
||||
|
|
@ -241,7 +253,7 @@ fn hex_encode(data: &[u8]) -> String {
|
|||
|
||||
/// Hex-decode a hex string to bytes.
|
||||
fn hex_decode(hex: &str) -> Result<Vec<u8>> {
|
||||
if hex.len() % 2 != 0 {
|
||||
if !hex.len().is_multiple_of(2) {
|
||||
anyhow::bail!("Hex string has odd length");
|
||||
}
|
||||
(0..hex.len())
|
||||
|
|
|
|||
|
|
@ -366,6 +366,7 @@ impl BrowserTool {
|
|||
}
|
||||
|
||||
#[async_trait]
|
||||
#[allow(clippy::too_many_lines)]
|
||||
impl Tool for BrowserTool {
|
||||
fn name(&self) -> &str {
|
||||
"browser"
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue