This is an automated email from the ASF dual-hosted git repository.
sbp pushed a commit to branch sbp
in repository https://gitbox.apache.org/repos/asf/tooling-trusted-releases.git
The following commit(s) were added to refs/heads/sbp by this push:
new e71802b4 Ignore spurious CodeQL warnings about file permissions
e71802b4 is described below
commit e71802b4d1b272407a42b65777ae3933874591ba
Author: Sean B. Palmer <[email protected]>
AuthorDate: Fri Feb 13 19:42:32 2026 +0000
Ignore spurious CodeQL warnings about file permissions
---
atr/merge.py | 1 +
atr/server.py | 1 +
atr/util.py | 1 +
tests/unit/test_util.py | 4 ++++
4 files changed, 7 insertions(+)
diff --git a/atr/merge.py b/atr/merge.py
index 5ea0fe69..75e18620 100644
--- a/atr/merge.py
+++ b/atr/merge.py
@@ -159,6 +159,7 @@ def _makedirs_with_permissions(target_parent: pathlib.Path,
root: pathlib.Path)
os.makedirs(target_parent, exist_ok=True)
current = target_parent
while current != root:
+ # codeql[py/overly-permissive-file]
os.chmod(current, util.DIRECTORY_PERMISSIONS)
current = current.parent
diff --git a/atr/server.py b/atr/server.py
index c09357cf..b5d28b9b 100644
--- a/atr/server.py
+++ b/atr/server.py
@@ -912,6 +912,7 @@ def _set_file_permissions_to_read_only() -> None:
continue
mode = stat.S_IMODE(file_path.stat().st_mode)
if mode != 0o444:
+ # codeql[py/overly-permissive-file]
os.chmod(file_path, 0o444)
fixed_count += 1
if fixed_count > 0:
diff --git a/atr/util.py b/atr/util.py
index 22d25447..7ddb9788 100644
--- a/atr/util.py
+++ b/atr/util.py
@@ -220,6 +220,7 @@ def chmod_files(path: pathlib.Path, permissions: int) ->
None:
"""Set permissions on all files in a directory tree."""
for file_path in path.rglob("*"):
if file_path.is_file():
+ # codeql[py/overly-permissive-file]
os.chmod(file_path, permissions)
diff --git a/tests/unit/test_util.py b/tests/unit/test_util.py
index 3253aa04..704f402d 100644
--- a/tests/unit/test_util.py
+++ b/tests/unit/test_util.py
@@ -43,6 +43,7 @@ def test_chmod_files_handles_multiple_files(tmp_path:
pathlib.Path):
files = [tmp_path / f"file{i}.txt" for i in range(5)]
for f in files:
f.write_text("content")
+ # codeql[py/overly-permissive-file]
os.chmod(f, 0o644)
util.chmod_files(tmp_path, 0o400)
@@ -60,6 +61,7 @@ def test_chmod_files_handles_nested_directories(tmp_path:
pathlib.Path):
file3 = nested_dir / "deep.txt"
for f in [file1, file2, file3]:
f.write_text("content")
+ # codeql[py/overly-permissive-file]
os.chmod(f, 0o644)
util.chmod_files(tmp_path, 0o444)
@@ -72,6 +74,7 @@ def test_chmod_files_handles_nested_directories(tmp_path:
pathlib.Path):
def test_chmod_files_sets_custom_permissions(tmp_path: pathlib.Path):
test_file = tmp_path / "test.txt"
test_file.write_text("content")
+ # codeql[py/overly-permissive-file]
os.chmod(test_file, 0o644)
util.chmod_files(tmp_path, 0o400)
@@ -83,6 +86,7 @@ def test_chmod_files_sets_custom_permissions(tmp_path:
pathlib.Path):
def test_chmod_files_sets_default_permissions(tmp_path: pathlib.Path):
test_file = tmp_path / "test.txt"
test_file.write_text("content")
+ # codeql[py/overly-permissive-file]
os.chmod(test_file, 0o644)
util.chmod_files(tmp_path, 0o444)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
