Discord Username / User ID
interferon0
What does this improvement do?
writeCredentialsAtomic sets POSIX mode 0o600 and ensureRestrictiveMode chmods to 0o600 if over-permissive, but on Windows Node's fs mode only toggles the read-only bit, so the API key at %USERPROFILE%.testsprite\credentials is not owner-only and can be readable by other local accounts on a shared/enterprise host. Worse, ensureRestrictiveMode's check reads a synthesized 0o666, calls chmodSync(0o600), "succeeds", and reports nothing, so operators believe the key is protected when it is not. Tighten the ACL on Windows, or at minimum warn.
Details / implementation notes
src/lib/credentials.ts:182-198. On process.platform === 'win32', replace the POSIX chmod with an ACL tightening via icacls "" /inheritance:r /grant:r "%USERNAME%:F" (spawn with an args array, never a shell string, to avoid path injection), OR at minimum emit a one-line stderr warning at write time that file permissions are not enforced on Windows. Do not leave the current silent "chmod succeeded" path. No new dependency. Tests: on win32 the ACL command runs / the warning is emitted; the POSIX path is unchanged. PR to follow once assigned.
Confirmations
Discord Username / User ID
interferon0
What does this improvement do?
writeCredentialsAtomic sets POSIX mode 0o600 and ensureRestrictiveMode chmods to 0o600 if over-permissive, but on Windows Node's fs mode only toggles the read-only bit, so the API key at %USERPROFILE%.testsprite\credentials is not owner-only and can be readable by other local accounts on a shared/enterprise host. Worse, ensureRestrictiveMode's check reads a synthesized 0o666, calls chmodSync(0o600), "succeeds", and reports nothing, so operators believe the key is protected when it is not. Tighten the ACL on Windows, or at minimum warn.
Details / implementation notes
src/lib/credentials.ts:182-198. On process.platform === 'win32', replace the POSIX chmod with an ACL tightening via icacls "" /inheritance:r /grant:r "%USERNAME%:F" (spawn with an args array, never a shell string, to avoid path injection), OR at minimum emit a one-line stderr warning at write time that file permissions are not enforced on Windows. Do not leave the current silent "chmod succeeded" path. No new dependency. Tests: on win32 the ACL command runs / the warning is emitted; the POSIX path is unchanged. PR to follow once assigned.
Confirmations