From 72c408ea9d8b4e4fab63ae06f558c778007bb4f1 Mon Sep 17 00:00:00 2001
From: dubiousjim <dubiousjim@gmail.com>
Date: Wed, 11 Mar 2020 15:05:42 -0400
Subject: Stricter permissions for Deno.makeTemp* (#4318)

---
 cli/js/tests/make_temp_test.ts | 44 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)

(limited to 'cli/js')

diff --git a/cli/js/tests/make_temp_test.ts b/cli/js/tests/make_temp_test.ts
index 9804a7043..70ba01084 100644
--- a/cli/js/tests/make_temp_test.ts
+++ b/cli/js/tests/make_temp_test.ts
@@ -26,6 +26,17 @@ unitTest({ perms: { write: true } }, function makeTempDirSyncSuccess(): void {
   assert(err instanceof Deno.errors.NotFound);
 });
 
+unitTest(
+  { perms: { read: true, write: true } },
+  function makeTempDirSyncMode(): void {
+    const path = Deno.makeTempDirSync();
+    const pathInfo = Deno.statSync(path);
+    if (Deno.build.os !== "win") {
+      assertEquals(pathInfo.mode! & 0o777, 0o700 & ~Deno.umask());
+    }
+  }
+);
+
 unitTest(function makeTempDirSyncPerm(): void {
   // makeTempDirSync should require write permissions (for now).
   let err;
@@ -66,6 +77,17 @@ unitTest(
   }
 );
 
+unitTest(
+  { perms: { read: true, write: true } },
+  async function makeTempDirMode(): Promise<void> {
+    const path = await Deno.makeTempDir();
+    const pathInfo = Deno.statSync(path);
+    if (Deno.build.os !== "win") {
+      assertEquals(pathInfo.mode! & 0o777, 0o700 & ~Deno.umask());
+    }
+  }
+);
+
 unitTest({ perms: { write: true } }, function makeTempFileSyncSuccess(): void {
   const file1 = Deno.makeTempFileSync({ prefix: "hello", suffix: "world" });
   const file2 = Deno.makeTempFileSync({ prefix: "hello", suffix: "world" });
@@ -92,6 +114,17 @@ unitTest({ perms: { write: true } }, function makeTempFileSyncSuccess(): void {
   assert(err instanceof Deno.errors.NotFound);
 });
 
+unitTest(
+  { perms: { read: true, write: true } },
+  function makeTempFileSyncMode(): void {
+    const path = Deno.makeTempFileSync();
+    const pathInfo = Deno.statSync(path);
+    if (Deno.build.os !== "win") {
+      assertEquals(pathInfo.mode! & 0o777, 0o600 & ~Deno.umask());
+    }
+  }
+);
+
 unitTest(function makeTempFileSyncPerm(): void {
   // makeTempFileSync should require write permissions (for now).
   let err;
@@ -132,3 +165,14 @@ unitTest(
     assert(err instanceof Deno.errors.NotFound);
   }
 );
+
+unitTest(
+  { perms: { read: true, write: true } },
+  async function makeTempFileMode(): Promise<void> {
+    const path = await Deno.makeTempFile();
+    const pathInfo = Deno.statSync(path);
+    if (Deno.build.os !== "win") {
+      assertEquals(pathInfo.mode! & 0o777, 0o600 & ~Deno.umask());
+    }
+  }
+);
-- 
cgit v1.2.3