Skip to content

TA-4732: restrict file permissions created by content-cli#335

Open
Jing Sun (kuvia) wants to merge 9 commits intomainfrom
TA-4732-Add-file-permission-writing-context-in-Content-CLI
Open

TA-4732: restrict file permissions created by content-cli#335
Jing Sun (kuvia) wants to merge 9 commits intomainfrom
TA-4732-Add-file-permission-writing-context-in-Content-CLI

Conversation

@kuvia
Copy link
Copy Markdown
Contributor

@kuvia Jing Sun (kuvia) commented Apr 13, 2026
edited
Loading

Description

Prevent world writeable/readable files created by content-cli. Directories are created with user rwx permissions and files are created with user rw permissions only.

Note: Downloaded package zips that are not created by content-cli itself but that come from the API have more lenient permissions so when unpacked manually they will still have group/world permissions.

Relevant links

https://celonis.atlassian.net/browse/TA-4732

Checklist

  • I have self-reviewed this PR
  • I have tested the change and proved that it works in different scenarios
  • I have updated docs if needed

@kuvia Jing Sun (kuvia) requested review from a team as code owners April 13, 2026 09:56
promeris
Meris Nici (promeris) reviewed Apr 15, 2026
View reviewed changes
Comment thread src/commands/action-flows/action-flow/action-flow.service.ts Outdated
promeris
Meris Nici (promeris) reviewed Apr 15, 2026
View reviewed changes
Comment thread src/core/git-profile/git/git.service.ts Outdated
@kuvia Jing Sun (kuvia) force-pushed the TA-4732-Add-file-permission-writing-context-in-Content-CLI branch from 0faa9c7 to 20bf3c5 Compare April 17, 2026 07:57
vullnet-kurti
Vullnet Kurti (vullnet-kurti) previously approved these changes Apr 17, 2026
View reviewed changes
Copy link
Copy Markdown

@vullnet-kurti Vullnet Kurti (vullnet-kurti) left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

haven't reviewed the code; approving to unblock the merge which requires approval from process-automation

@kuvia Jing Sun (kuvia) force-pushed the TA-4732-Add-file-permission-writing-context-in-Content-CLI branch from 20bf3c5 to 6272bd5 Compare April 20, 2026 07:15
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud bot commented Apr 20, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
83.3% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ZgjimHaziri Zgjim Haziri (ZgjimHaziri) ZgjimHaziri left review comments

@promeris Meris Nici (promeris) promeris left review comments

@vullnet-kurti Vullnet Kurti (vullnet-kurti) vullnet-kurti left review comments

@LaberionAjvazi Laberion Ajvazi (LaberionAjvazi) LaberionAjvazi left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@kuvia @ZgjimHaziri @promeris @vullnet-kurti @LaberionAjvazi