Add security tests for WriteFile permissions in doctor command

Resolves bd-ee1: Add security tests for WriteFile permissions in doctor command

Added comprehensive security tests for the FixGitignore function to verify:
- Files are created with 0600 permissions (secure, owner-only read/write)
- Existing files with insecure permissions are fixed
- Read-only files can be updated (permissions fixed first)
- File ownership is correct
- Permissions are enforced even on systems that respect umask

Also improved FixGitignore implementation to:
- Handle read-only files by fixing permissions before writing
- Explicitly set permissions after write to ensure 0600 regardless of umask
- Maintain secure permissions throughout the operation

Tests verify the gosec G306 security concern is properly addressed.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

This commit is contained in:

Steve Yegge

2025-11-23 21:15:17 -08:00

parent 4f15e66599

commit ae5a4ac6ea

3 changed files with 1044 additions and 684 deletions

1368

.beads/beads.jsonl

View File

File diff suppressed because one or more lines are too long

Add security tests for WriteFile permissions in doctor command

1368 .beads/beads.jsonl View File

1368

.beads/beads.jsonl

View File