From b7c3b06a564533cd01d0bb105d8ae715569933dc Mon Sep 17 00:00:00 2001
From: "google-labs-jules[bot]"
 <161369871+google-labs-jules[bot]@users.noreply.github.com>
Date: Wed, 1 Apr 2026 13:06:27 +0000
Subject: [PATCH] =?UTF-8?q?=F0=9F=9B=A1=EF=B8=8F=20Sentinel:=20[HIGH]=20Fi?=
 =?UTF-8?q?x=20insecure=20directory=20creation=20permissions=20for=20snaps?=
 =?UTF-8?q?hots?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Severity: HIGH
Vulnerability: `src/commands/snapshot.rs` uses `std::fs::create_dir_all` to create the snapshot directory. This relies on the default system umask, meaning sensitive snapshot files could be stored in a directory readable by other users on a shared machine.
Impact: Local privilege escalation or exposure of sensitive user data on a shared machine.
Fix: Replaced `std::fs::create_dir_all` with `crate::paths::create_secure_dir_all`, which correctly creates the directory with `0o700` permissions on Unix platforms.
Verification: Ran `cargo test` which completes successfully.

Co-authored-by: bitcoiner-dev <75873427+bitcoiner-dev@users.noreply.github.com>
---
 src/commands/snapshot.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/commands/snapshot.rs b/src/commands/snapshot.rs
index 7be1d9e..0fb3f5c 100644
--- a/src/commands/snapshot.rs
+++ b/src/commands/snapshot.rs
@@ -7,7 +7,7 @@ use std::fs;
 pub async fn run(cli: &Cli, args: &SnapshotArgs) -> Result<CommandOutput, AppError> {
     let profile_path = profile_path(cli)?;
     let snap_dir = snapshot_dir(cli)?;
-    fs::create_dir_all(&snap_dir)
+    crate::paths::create_secure_dir_all(&snap_dir)
         .map_err(|e| AppError::Config(format!("failed to create snapshot dir: {e}")))?;
 
     match &args.action {