-
Notifications
You must be signed in to change notification settings - Fork 1
feat(security): restrict backup file permissions to owner-only #40
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: main
Are you sure you want to change the base?
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,4 @@ | ||
| ## 2026-02-24 - Insecure Backup Permissions | ||
|
Check failure on line 1 in .jules/sentinel.md
|
||
| **Vulnerability:** Backup archives created by `tools/backup-projects.sh` were readable by all users on the system (0644 default permissions). These archives contain sensitive project files and potentially secrets. | ||
|
Check failure on line 2 in .jules/sentinel.md
|
||
| **Learning:** Shell scripts using `zip` or `tar` often inherit default umask settings, which are typically permissive. Creating backups in shared environments (even multi-user home machines) requires explicit permission handling. | ||
|
Check failure on line 3 in .jules/sentinel.md
|
||
| **Prevention:** Enforce `umask 0077` (or strict `chmod`) when creating sensitive files or archives in shell scripts. Always assume the default environment is insecure. | ||
|
Check failure on line 4 in .jules/sentinel.md
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fix markdownlint failures to unblock the CI pipeline.
Five
markdownlintrules are violated, causing the Lint Documentation check to fail:#), not H2 (##)📝 Proposed fix
📝 Committable suggestion
🧰 Tools
🪛 GitHub Check: Lint Documentation
[failure] 4-4: Line length
.jules/sentinel.md:4:81 MD013/line-length Line length [Expected: 80; Actual: 167] https://github.com/DavidAnson/markdownlint/blob/v0.34.0/doc/md013.md
[failure] 3-3: Line length
.jules/sentinel.md:3:81 MD013/line-length Line length [Expected: 80; Actual: 229] https://github.com/DavidAnson/markdownlint/blob/v0.34.0/doc/md013.md
[failure] 2-2: Line length
.jules/sentinel.md:2:81 MD013/line-length Line length [Expected: 80; Actual: 213] https://github.com/DavidAnson/markdownlint/blob/v0.34.0/doc/md013.md
[failure] 1-1: First line in a file should be a top-level heading
.jules/sentinel.md:1 MD041/first-line-heading/first-line-h1 First line in a file should be a top-level heading [Context: "## 2026-02-24 - Insecure Backu..."] https://github.com/DavidAnson/markdownlint/blob/v0.34.0/doc/md041.md
[failure] 1-1: Headings should be surrounded by blank lines
.jules/sentinel.md:1 MD022/blanks-around-headings Headings should be surrounded by blank lines [Expected: 1; Actual: 0; Below] [Context: "## 2026-02-24 - Insecure Backup Permissions"] https://github.com/DavidAnson/markdownlint/blob/v0.34.0/doc/md022.md
🤖 Prompt for AI Agents