fix: use 0600 perms for tmp files for post analyzers (aquasecurity#6386)

DmitriyLewen · web-flow · commit 9d7f5c948e30 · 2024-03-27T05:32:22.000Z
diff --git a/pkg/fanal/analyzer/fs.go b/pkg/fanal/analyzer/fs.go
@@ -55,7 +55,8 @@ func (c *CompositeFS) CopyFileToTemp(opener Opener, info os.FileInfo) (string, e
 		return "", xerrors.Errorf("copy error: %w", err)
 	}
 
-	if err = os.Chmod(f.Name(), info.Mode()); err != nil {
+	// Use 0600 instead of file permissions to avoid errors when a file uses incorrect permissions (e.g. 0044).
+	if err = os.Chmod(f.Name(), 0600); err != nil {
 		return "", xerrors.Errorf("chmod error: %w", err)
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -55,7 +55,8 @@ func (c *CompositeFS) CopyFileToTemp(opener Opener, info os.FileInfo) (string, e`
`55`	`55`	`return "", xerrors.Errorf("copy error: %w", err)`
`56`	`56`	`}`
`57`	`57`
`58`		`- if err = os.Chmod(f.Name(), info.Mode()); err != nil {`
	`58`	`+ // Use 0600 instead of file permissions to avoid errors when a file uses incorrect permissions (e.g. 0044).`
	`59`	`+ if err = os.Chmod(f.Name(), 0600); err != nil {`
`59`	`60`	`return "", xerrors.Errorf("chmod error: %w", err)`
`60`	`61`	`}`
`61`	`62`