Skip to content

Tighten file permissions when writing credentials in CodeArtifac…#10191

Merged
AndrewAsseily merged 1 commit intoaws:developfrom
FiveSlashNine:develop
Apr 8, 2026
Merged

Tighten file permissions when writing credentials in CodeArtifac…#10191
AndrewAsseily merged 1 commit intoaws:developfrom
FiveSlashNine:develop

Conversation

@FiveSlashNine
Copy link
Copy Markdown
Contributor

@FiveSlashNine FiveSlashNine commented Apr 7, 2026

Description of changes:
This change updates the CodeArtifact login credential file operations to use secure file permissions (0o600) by replacing standard open() calls with os.open() and os.fdopen(). This prevents credentials in .netrc and .pypirc files from being created with default permissions that could expose them to unauthorized users on the system.

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

@AndrewAsseily AndrewAsseily changed the title Fix insecure file permissions when writing credentials in CodeArtifac… Tighten file permissions when writing credentials in CodeArtifac… Apr 7, 2026
@codecov-commenter
Copy link
Copy Markdown

codecov-commenter commented Apr 7, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 93.42%. Comparing base (c4681b5) to head (43c68a7).
⚠️ Report is 251 commits behind head on develop.

Additional details and impacted files 
@@             Coverage Diff             @@
##           develop   #10191      +/-   ##
===========================================
+ Coverage    93.39%   93.42%   +0.03%     
===========================================
  Files          210      210              
  Lines        17052    17227     +175     
===========================================
+ Hits         15925    16095     +170     
- Misses        1127     1132       +5

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

AndrewAsseily
AndrewAsseily approved these changes Apr 8, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@AndrewAsseily AndrewAsseily left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@AndrewAsseily AndrewAsseily merged commit e0799fd into aws:develop Apr 8, 2026
49 checks passed
@AndrewAsseily AndrewAsseily mentioned this pull request Apr 8, 2026
Closed
aws-sdk-python-automation added a commit that referenced this pull request Apr 9, 2026
@aws-sdk-python-automation
Merge branch 'release-1.44.76'
82c8a85 
* release-1.44.76:
  Bumping version to 1.44.76
  Update changelog based on model updates
  Allow SSEC bucket decryption in s3 integ tests (#10203)
  Tighten file permissions for virtual MFA bootstrap output (#10194)
  Tighten file permissions when writing credentials in CodeArtifact login.py (#10191)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@AndrewAsseily AndrewAsseily AndrewAsseily approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@FiveSlashNine @codecov-commenter @AndrewAsseily