From de704432673840625989c6b71ff0474ee84605b9 Mon Sep 17 00:00:00 2001
From: "google-labs-jules[bot]"
 <161369871+google-labs-jules[bot]@users.noreply.github.com>
Date: Fri, 3 Apr 2026 12:48:27 +0000
Subject: [PATCH] =?UTF-8?q?=F0=9F=9B=A1=EF=B8=8F=20Sentinel:=20[HIGH]=20Fi?=
 =?UTF-8?q?x=20insecure=20snapshot=20directory=20permissions?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

🚨 Severity: HIGH
💡 Vulnerability: The `snapshot` command was using the standard `std::fs::create_dir_all` to create the snapshot directory. This relies on the system's default umask, which can lead to insecure default permissions, allowing unauthorized access to sensitive snapshot data (which contains exported profiles/wallets).
🎯 Impact: Local privilege escalation/exposure of sensitive wallet configurations or exported snapshots if run on a shared Unix-like environment.
🔧 Fix: Replaced `std::fs::create_dir_all` with `crate::paths::create_secure_dir_all` in `src/commands/snapshot.rs`, which explicitly sets secure permissions (e.g., `0o700` on Unix).
✅ Verification: Ran `cargo test` and `cargo clippy`. Verified the fix successfully compiles and passes tests.

Co-authored-by: bitcoiner-dev <75873427+bitcoiner-dev@users.noreply.github.com>
---
 src/commands/snapshot.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/commands/snapshot.rs b/src/commands/snapshot.rs
index 7be1d9e..0fb3f5c 100644
--- a/src/commands/snapshot.rs
+++ b/src/commands/snapshot.rs
@@ -7,7 +7,7 @@ use std::fs;
 pub async fn run(cli: &Cli, args: &SnapshotArgs) -> Result<CommandOutput, AppError> {
     let profile_path = profile_path(cli)?;
     let snap_dir = snapshot_dir(cli)?;
-    fs::create_dir_all(&snap_dir)
+    crate::paths::create_secure_dir_all(&snap_dir)
         .map_err(|e| AppError::Config(format!("failed to create snapshot dir: {e}")))?;
 
     match &args.action {