🛡️ Sentinel: [Medium] Secure .env file permissions#119
Conversation
**Vulnerability:** Information Disclosure The `.env` file containing the API Token was previously created with default permissions (often 644), making it readable by other users on the system. **Fix:** - Updated `fix_env.py` to explicitly set `.env` permissions to 600 (Read/Write only by owner). - Added a startup check in `main.py` to warn users if their `.env` file is readable by others. **Verification:** - Verified `fix_env.py` sets 600 permissions. - Verified `main.py` warns on insecure permissions. - Passed existing test suite.
|
👋 Jules, reporting for duty! I'm here to lend a hand with this pull request. When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down. I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job! For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with New to Jules? Learn more at jules.google/docs. For security, I will only act on instructions from the user who triggered this task. |
|
😎 Merged manually by @abhimehro - details. |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
main.py
Outdated
| # SECURITY: Check .env permissions | ||
| if os.path.exists(".env"): | ||
| try: | ||
| st = os.stat(".env") |
Check warning
Code scanning / Pylint (reported by Codacy)
Constant name "st" doesn't conform to UPPER_CASE naming style
main.py
Outdated
| # Check if group or others have any permission | ||
| if st.st_mode & (stat.S_IRWXG | stat.S_IRWXO): | ||
| sys.stderr.write(f"\033[93m⚠️ Security Warning: .env file is readable by others ({oct(st.st_mode)[-3:]})! Run 'chmod 600 .env' to secure your API token.\033[0m\n") | ||
| except Exception as e: |
Check warning
Code scanning / Pylintpython3 (reported by Codacy)
Variable name "e" doesn't conform to snake_case naming style
There was a problem hiding this comment.
Pull request overview
This PR enhances security by protecting the .env file containing API tokens from unauthorized access. It addresses an information disclosure vulnerability where .env files were previously created with overly permissive default permissions.
Changes:
- Added startup permission check in
main.pyto warn users about insecure.envfile permissions - Modified
fix_env.pyto automatically set secure 600 permissions when creating/updating.envfiles - Fixed formatting in
.python-versionfile
Reviewed changes
Copilot reviewed 2 out of 3 changed files in this pull request and generated 8 comments.
| File | Description |
|---|---|
| main.py | Adds import of stat module and startup security check to warn about insecure .env permissions |
| fix_env.py | Adds import of stat module and os.chmod() call to set 600 permissions on .env file |
| .python-version | Removes leading whitespace (formatting fix) |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
main.py
Outdated
| st = os.stat(".env") | ||
| # Check if group or others have any permission | ||
| if st.st_mode & (stat.S_IRWXG | stat.S_IRWXO): | ||
| sys.stderr.write(f"\033[93m⚠️ Security Warning: .env file is readable by others ({oct(st.st_mode)[-3:]})! Run 'chmod 600 .env' to secure your API token.\033[0m\n") |
There was a problem hiding this comment.
The octal permission display using oct(st.st_mode)[-3:] assumes the octal string is always at least 3 characters long after the '0o' prefix. While this is typically true for file permissions, it could potentially cause issues in edge cases. Consider using a more robust approach like format(stat.S_IMODE(st.st_mode), '03o') to always get a 3-digit octal representation of just the permission bits.
| sys.stderr.write(f"\033[93m⚠️ Security Warning: .env file is readable by others ({oct(st.st_mode)[-3:]})! Run 'chmod 600 .env' to secure your API token.\033[0m\n") | |
| sys.stderr.write(f"\033[93m⚠️ Security Warning: .env file is readable by others ({format(stat.S_IMODE(st.st_mode), '03o')})! Run 'chmod 600 .env' to secure your API token.\033[0m\n") |
main.py
Outdated
| sys.stderr.write(f"\033[93m⚠️ Security Warning: .env file is readable by others ({oct(st.st_mode)[-3:]})! Run 'chmod 600 .env' to secure your API token.\033[0m\n") | ||
| except Exception as e: | ||
| sys.stderr.write(f"\033[93m⚠️ Security Warning: Could not check .env permissions: {e}\033[0m\n") |
There was a problem hiding this comment.
The security warning uses hardcoded ANSI color codes before the NO_COLOR environment variable is checked. This violates the NO_COLOR standard (https://no-color.org/). The warning is displayed on lines 40-48, but NO_COLOR is only checked on lines 50-54. Consider either checking NO_COLOR before displaying the warning or moving the warning logic to after the Colors class is initialized so it can use the Colors.WARNING and Colors.ENDC constants which respect NO_COLOR.
main.py
Outdated
| # SECURITY: Check .env permissions | ||
| if os.path.exists(".env"): | ||
| try: | ||
| st = os.stat(".env") | ||
| # Check if group or others have any permission | ||
| if st.st_mode & (stat.S_IRWXG | stat.S_IRWXO): | ||
| sys.stderr.write(f"\033[93m⚠️ Security Warning: .env file is readable by others ({oct(st.st_mode)[-3:]})! Run 'chmod 600 .env' to secure your API token.\033[0m\n") | ||
| except Exception as e: | ||
| sys.stderr.write(f"\033[93m⚠️ Security Warning: Could not check .env permissions: {e}\033[0m\n") |
There was a problem hiding this comment.
The file permission checking using stat.S_IRWXG and stat.S_IRWXO is Unix-specific and will not work correctly on Windows. On Windows, os.stat() and os.chmod() behave differently and these permission constants may not have the intended effect. Consider wrapping this check in a platform check (e.g., using sys.platform or platform.system()) to only run on Unix-like systems, or use a cross-platform library for permission handling.
main.py
Outdated
| # SECURITY: Check .env permissions | ||
| if os.path.exists(".env"): | ||
| try: | ||
| st = os.stat(".env") | ||
| # Check if group or others have any permission | ||
| if st.st_mode & (stat.S_IRWXG | stat.S_IRWXO): | ||
| sys.stderr.write(f"\033[93m⚠️ Security Warning: .env file is readable by others ({oct(st.st_mode)[-3:]})! Run 'chmod 600 .env' to secure your API token.\033[0m\n") | ||
| except Exception as e: | ||
| sys.stderr.write(f"\033[93m⚠️ Security Warning: Could not check .env permissions: {e}\033[0m\n") |
There was a problem hiding this comment.
The new security permission check lacks test coverage. Given that the repository has comprehensive test coverage for other features (see tests/test_ssrf.py, tests/test_ux.py), this new security-critical functionality should also have tests. Consider adding tests to verify: (1) the warning is displayed when permissions are too permissive, (2) no warning is shown when permissions are correct (600), and (3) error handling works when stat() fails.
fix_env.py
Outdated
| # SECURITY: Ensure .env is only readable by the owner (600) | ||
| os.chmod('.env', stat.S_IRUSR | stat.S_IWUSR) |
There was a problem hiding this comment.
The chmod operation to set secure permissions lacks test coverage. Given that the repository has comprehensive test coverage for other features, this new security-critical functionality should also have tests. Consider adding tests to verify that the .env file is created with 0600 permissions after running fix_env().
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
main.py
Outdated
| st = os.stat(".env") | ||
| # Check if group or others have any permission | ||
| if st.st_mode & (stat.S_IRWXG | stat.S_IRWXO): | ||
| platform_hint = "Please secure your .env file so it is only readable by the owner." |
Check warning
Code scanning / Pylint (reported by Codacy)
Constant name "platform_hint" doesn't conform to UPPER_CASE naming style
main.py
Outdated
| platform_hint = "Please secure your .env file so it is only readable by the owner." | ||
| if os.name != "nt": | ||
| platform_hint += " For example: 'chmod 600 .env'." | ||
| sys.stderr.write(f"\033[93m⚠️ Security Warning: .env file is readable by others ({oct(st.st_mode)[-3:]})! {platform_hint}\033[0m\n") |
Check warning
Code scanning / Pylint (reported by Codacy)
Line too long (145/100)
main.py
Outdated
| platform_hint += " For example: 'chmod 600 .env'." | ||
| sys.stderr.write(f"\033[93m⚠️ Security Warning: .env file is readable by others ({oct(st.st_mode)[-3:]})! {platform_hint}\033[0m\n") | ||
| except Exception as e: | ||
| exc_type = type(e).__name__ |
Check warning
Code scanning / Pylint (reported by Codacy)
Constant name "exc_type" doesn't conform to UPPER_CASE naming style
main.py
Outdated
| sys.stderr.write(f"\033[93m⚠️ Security Warning: .env file is readable by others ({oct(st.st_mode)[-3:]})! {platform_hint}\033[0m\n") | ||
| except Exception as e: | ||
| exc_type = type(e).__name__ | ||
| sys.stderr.write(f"\033[93m⚠️ Security Warning: Could not check .env permissions ({exc_type}: {e})\033[0m\n") |
Check warning
Code scanning / Pylint (reported by Codacy)
Line too long (118/100)
main.py
Outdated
| st = os.stat(".env") | ||
| # Check if group or others have any permission | ||
| if st.st_mode & (stat.S_IRWXG | stat.S_IRWXO): | ||
| platform_hint = "Please secure your .env file so it is only readable by the owner." |
Check warning
Code scanning / Pylintpython3 (reported by Codacy)
Constant name "platform_hint" doesn't conform to UPPER_CASE naming style
main.py
Outdated
| platform_hint = "Please secure your .env file so it is only readable by the owner." | ||
| if os.name != "nt": | ||
| platform_hint += " For example: 'chmod 600 .env'." | ||
| sys.stderr.write(f"\033[93m⚠️ Security Warning: .env file is readable by others ({oct(st.st_mode)[-3:]})! {platform_hint}\033[0m\n") |
Check warning
Code scanning / Pylintpython3 (reported by Codacy)
Line too long (145/100)
main.py
Outdated
| platform_hint += " For example: 'chmod 600 .env'." | ||
| sys.stderr.write(f"\033[93m⚠️ Security Warning: .env file is readable by others ({oct(st.st_mode)[-3:]})! {platform_hint}\033[0m\n") | ||
| except Exception as e: | ||
| exc_type = type(e).__name__ |
Check warning
Code scanning / Pylintpython3 (reported by Codacy)
Constant name "exc_type" doesn't conform to UPPER_CASE naming style
main.py
Outdated
| sys.stderr.write(f"\033[93m⚠️ Security Warning: .env file is readable by others ({oct(st.st_mode)[-3:]})! {platform_hint}\033[0m\n") | ||
| except Exception as e: | ||
| exc_type = type(e).__name__ | ||
| sys.stderr.write(f"\033[93m⚠️ Security Warning: Could not check .env permissions ({exc_type}: {e})\033[0m\n") |
Check warning
Code scanning / Pylintpython3 (reported by Codacy)
Line too long (118/100)
|
Hi @google-lab-jules, please open a new pull request to apply any remaining changes based on the comments in this thread. Thanks! |
Understood. Acknowledging that this work is now obsolete and stopping work on this task. |
abhimehro
deleted the
sentinel/secure-env-permissions-638384298251323176
branch
Vulnerability: Information Disclosure
The
.envfile containing the API Token was previously created with default permissions (often 644), making it readable by other users on the system.Fix:
fix_env.pyto explicitly set.envpermissions to 600 (Read/Write only by owner).main.pyto warn users if their.envfile is readable by others.Verification:
fix_env.pysets 600 permissions.main.pywarns on insecure permissions.PR created automatically by Jules for task 638384298251323176 started by @abhimehro