Fix code scanning alert no. 58: Overly permissive file permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
NASA-PDS · Nov 14, 2024 · a728e79 · a728e79
1 parent be7ca10
commit a728e79
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/src/pds_doi_service/core/db/transaction_on_disk.py b/src/pds_doi_service/core/db/transaction_on_disk.py
@@ -170,7 +170,7 @@ def write(self, transaction_dir, input_ref=None, output_content=None, output_con
                     r.close()
 
                 # Set up permissions for copied input
-                os.chmod(full_input_name, 0o0664)
+                os.chmod(full_input_name, 0o0600)
 
         # Write output file with provided content
         # The extension of the file is determined by the provided content type
@@ -181,7 +181,7 @@ def write(self, transaction_dir, input_ref=None, output_content=None, output_con
                 outfile.write(output_content)
 
             # Set up permissions for copied output
-            os.chmod(full_output_name, 0o0664)
+            os.chmod(full_output_name, 0o0600)
 
         logger.info(f"Transaction files saved to {transaction_dir}")