IJHack / QtPass / 25738959730
55%

DEFAULT BRANCH: main
Ran
Jobs 1
Files 72
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 28.571% (+0.2%) from 28.416%
25738959730

push

github

web-flow 
fix(security): chmod 0600 on .gpg-id after write (#1465)

* fix(security): chmod 0600 on .gpg-id after write

The .gpg-id file lists the GPG key IDs (often full fingerprints) that a
password store / sub-tree is encrypted to. Default-umask creation leaves
it world-readable (0644 with the typical 0022 umask).

While the standard ~/.password-store is itself 0700 and protects the
file in practice, users who relocate the store onto an NFS share, an
SMB mount, a USB stick, or any FS where the parent directory's mode is
more permissive lose that protection. The .gpg-id leaks both who can
decrypt the store and (for full fingerprints) the long-term identity of
the recipients.

Lock the file to owner-only access (0600 on Unix; best-effort no-op on
Windows) immediately after close. Applied to both write sites:

- ImitatePass::writeGpgIdFile (used when the recipient list is edited
  through the Users dialog)
- MainWindow::addFolder (used when "Add a .gpg-id when creating a new
  folder" is enabled in settings)

Tests:
- tst_util::writeGpgIdFileSetsOwnerOnlyPerms — forces umask 0022, calls
  the production writeGpgIdFile path, asserts QFile::permissions is
  ReadOwner|WriteOwner only. Unix-only (Qt's permission bits don't
  round-trip on Windows).

Build clean, 114/114 util tests pass, doxygen zero warnings.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* fix: apply CodeRabbit auto-fixes

Fixed 1 file(s) based on 1 unresolved review comment.

Co-authored-by: CodeRabbit <noreply@coderabbit.ai>

* fix: apply CodeRabbit auto-fixes

Fixed 1 file(s) based on 1 unresolved review comment.

Co-authored-by: CodeRabbit <noreply@coderabbit.ai>

* test: also assert execute bits unset on .gpg-id

Defense-in-depth — the production writeGpgIdFile uses ReadOwner|WriteOwner
exclusively, so the execute bits are always unset by construction; assert
that explicitly so a future change to the permission mask can't silently
leave the file executable.

Reviewer n... (continued)

1 of 2 new or added lines in 2 files covered. (50.0%)

1 existing line in 1 file now uncovered.

1920 of 6720 relevant lines covered (28.57%)

27.01 hits per line

Uncovered Changes

Lines Coverage File
1
0.0
 0.0% src/mainwindow.cpp

Coverage Regressions

Lines Coverage File
1
0.0
 0.0% src/mainwindow.cpp
Jobs
ID Job ID Ran Files Coverage
1 25738959730.1 72
28.57
 GitHub Action Run
Source Files on build 25738959730