Skip to content

Security (Low): harden local credential storage#5

Merged
cdamken merged 1 commit into
mainfrom
security/harden-credentials
Jul 8, 2026
Merged

Security (Low): harden local credential storage#5
cdamken merged 1 commit into
mainfrom
security/harden-credentials

Conversation

@cdamken

@cdamken cdamken commented Jul 7, 2026

Copy link
Copy Markdown
Owner

Closes #4

Local-file hardening for credential/cookie storage. No behavior change to the auth flow.

L5 — atomic 0600 credential/cookie writes (cookies.py)

save_to_file() previously ran jar.save() then path.chmod(0o600), leaving a umask-race window where session cookies were briefly world-readable. Now it writes to a sibling .tmp, os.chmod(tmp, 0o600), then os.replace(tmp, path) — the final file is 0600 from the moment it exists. Matches the atomic pattern gbm-mx-api uses.

L6 — 0700 profile dir (profiles.py)

_ensure_dirs() now creates ~/.tr-api and profiles/ with mode=0o700, and create() makes each per-profile dir with mode=0o700. Cookie file names are no longer listable by other local users.

L7 — redact raw response bodies (auth.py)

Added _redact_body() (collapses whitespace, hard-truncates to ~120 chars). All error strings that embedded r.text[:200/300] now route through it, so raw upstream 4xx/5xx bodies are no longer attached to user-facing exceptions. Status codes are still included for debugging.

Verified: python3 -m py_compile passes on all three files.

🤖 Generated with Claude Code

L5: save_to_file() now writes cookies to a sibling .tmp, chmods it 0600,
then os.replace()s it into place — no umask race where the file is briefly
world-readable.

L6: _ensure_dirs() and create() make ~/.tr-api, profiles/, and per-profile
dirs with mode=0o700 so cookie file names aren't listable by other users.

L7: error strings no longer embed raw upstream response bodies. A new
_redact_body() collapses whitespace and hard-truncates to a short snippet;
callers still include the status code for debugging.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@cdamken cdamken merged commit a36dfe0 into main Jul 8, 2026
1 check passed
@cdamken cdamken deleted the security/harden-credentials branch July 8, 2026 09:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Security (Low): harden local credential storage (atomic 0600 write, 0700 profile dir, redact error bodies)

1 participant