Page MenuHomePhabricator

Pywikibot creates pywikibot.lwp with 644 mode by default and permits everyone to read it
Closed, ResolvedPublic

Description

Pywikibot creates pywikibot.lwp with 644 mode by default. Checks that were implemented eariler automatically changes the mode on next run of any script which triggers the run (I believe login is the only one action).

This should be changed, so the checks will trigger only if user manually changes the mode (then a warning will be more than appropriate).

See this, which was executed right after I freshly clonned PWB and generated user files.

testovaci@notebook:~$ python ~/pywikibot/pwb.py login -family:species -lang:species
WARNING: /home/testovaci/pywikibot/pywikibot/tools/__init__.py:2015: UserWarning: File /home/testovaci/pywikibot/user-password.py had 600 mode; converted to 700 mode.
  warn(warn_str.format(filename, st_mode - stat.S_IFREG, mode))

Logging in to species:species as UrbanecmBot@BotTest
WARNING: /home/testovaci/pywikibot/pywikibot/tools/__init__.py:2015: UserWarning: File /home/testovaci/pywikibot/pywikibot.lwp had 664 mode; converted to 600 mode.
  warn(warn_str.format(filename, st_mode - stat.S_IFREG, mode))

Logged in on species:species as UrbanecmBot.

Event Timeline

Restricted Application added subscribers: pywikibot-bugs-list, Aklapper. · View Herald Transcript
This comment was removed by Dvorapa.

The issue is inside the Python library itself (http.cookiejar): https://phabricator.wikimedia.org/diffusion/PWBC/browse/master/pywikibot/comms/http.py$97 -> https://github.com/python/cpython/blob/3.7/Lib/http/cookiejar.py#L1872. The library nicely creates (saves) file in 644 mode.

The library doesn't have any parameter for permissions change, therefore we can a) fill in a Python issue (all versions in 2.x and 3.x are incorrect) or b) change base umask permissions for the time file is created (https://stackoverflow.com/questions/5624359/write-file-with-specific-permissions-in-python).

Change 464950 had a related patch set uploaded (by Dvorapa; owner: Dvorapa):
[pywikibot/core@master] [bugfix] Set pywikibot.lwp mode to 600 immediately upon creation

https://gerrit.wikimedia.org/r/464950

Change 465021 had a related patch set uploaded (by Dalba; owner: dalba):
[pywikibot/core@master] http.py: Make sure the cookie file is created with the right permissions

https://gerrit.wikimedia.org/r/465021

Change 465021 merged by jenkins-bot:
[pywikibot/core@master] http.py: Make sure the cookie file is created with the right permissions

https://gerrit.wikimedia.org/r/465021

Xqt claimed this task.
Xqt triaged this task as Medium priority.

Change 464950 abandoned by Xqt:
[bugfix] Set pywikibot.lwp mode to 600 immediately upon creation

Reason:
Committed the other patch

https://gerrit.wikimedia.org/r/464950