From 521033d28904f86e5e8f9acb1709ef1d07f27d55 Mon Sep 17 00:00:00 2001
From: Pablo Deymonnaz <deymonnaz@gmail.com>
Date: Sat, 5 Oct 2024 21:11:31 -0300
Subject: [PATCH] Reduce permissions for file created according to CWE-276
 (#355)

---
 cmd/egnkey/generate/generate.go | 2 +-
 crypto/bls/attestation.go       | 4 ++--
 crypto/ecdsa/utils.go           | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/cmd/egnkey/generate/generate.go b/cmd/egnkey/generate/generate.go
index e7350144..9f775a2a 100644
--- a/cmd/egnkey/generate/generate.go
+++ b/cmd/egnkey/generate/generate.go
@@ -140,7 +140,7 @@ func createDir(c *cli.Context, prefix string) (fileName string, err error) {
 	// Clean the path
 	cleanFilePath := filepath.Clean(folder + "/" + DefaultKeyFolder)
 
-	err = os.MkdirAll(cleanFilePath, 0755)
+	err = os.MkdirAll(cleanFilePath, 0750)
 	if err != nil {
 		return "", err
 	}
diff --git a/crypto/bls/attestation.go b/crypto/bls/attestation.go
index 83e7207a..4de764d5 100644
--- a/crypto/bls/attestation.go
+++ b/crypto/bls/attestation.go
@@ -192,11 +192,11 @@ func (k *KeyPair) SaveToFile(path string, password string) error {
 	}
 
 	dir := filepath.Dir(path)
-	if err := os.MkdirAll(dir, 0755); err != nil {
+	if err := os.MkdirAll(dir, 0750); err != nil {
 		fmt.Println("Error creating directories:", err)
 		return err
 	}
-	err = os.WriteFile(path, data, 0644)
+	err = os.WriteFile(path, data, 0600)
 	if err != nil {
 		return err
 	}
diff --git a/crypto/ecdsa/utils.go b/crypto/ecdsa/utils.go
index 644149eb..e8107ee6 100644
--- a/crypto/ecdsa/utils.go
+++ b/crypto/ecdsa/utils.go
@@ -55,7 +55,7 @@ func writeBytesToFile(path string, data []byte) error {
 	dir := filepath.Dir(path)
 
 	// create the directory if it doesn't exist. If exists, it does nothing
-	if err := os.MkdirAll(dir, 0755); err != nil {
+	if err := os.MkdirAll(dir, 0750); err != nil {
 		fmt.Println("Error creating directories:", err)
 		return err
 	}