This is an automated email from the ASF dual-hosted git repository. sbp pushed a commit to branch sbp in repository https://gitbox.apache.org/repos/asf/tooling-trusted-releases.git
commit 5e288b2d28dcb7bfc50cce15c3c785902e7d4da5 Author: Sean B. Palmer <[email protected]> AuthorDate: Mon Feb 23 14:37:57 2026 +0000 Set CodeQL to ignore permissions because ATR release data is public --- atr/merge.py | 1 - atr/server.py | 1 - atr/util.py | 3 --- codeql-config.yml | 4 ++++ tests/unit/test_util.py | 4 ---- 5 files changed, 4 insertions(+), 9 deletions(-) diff --git a/atr/merge.py b/atr/merge.py index 9e341b43..68793eb1 100644 --- a/atr/merge.py +++ b/atr/merge.py @@ -160,7 +160,6 @@ def _makedirs_with_permissions(target_parent: pathlib.Path, root: pathlib.Path) os.makedirs(target_parent, exist_ok=True) current = target_parent while current != root: - # codeql[py/overly-permissive-file] os.chmod(current, util.DIRECTORY_PERMISSIONS) current = current.parent diff --git a/atr/server.py b/atr/server.py index 06ddabaf..e30fc5fb 100644 --- a/atr/server.py +++ b/atr/server.py @@ -936,7 +936,6 @@ def _set_file_permissions_to_read_only() -> None: continue mode = stat.S_IMODE(file_path.stat().st_mode) if mode != 0o444: - # codeql[py/overly-permissive-file] os.chmod(file_path, 0o444) fixed_count += 1 if fixed_count > 0: diff --git a/atr/util.py b/atr/util.py index 71019e40..bec78bf0 100644 --- a/atr/util.py +++ b/atr/util.py @@ -234,11 +234,9 @@ async def atomic_write_file(file_path: pathlib.Path, content: str, encoding: str def chmod_directories(path: pathlib.Path, permissions: int = DIRECTORY_PERMISSIONS) -> None: - # codeql[py/overly-permissive-file] os.chmod(path, permissions) for dir_path in path.rglob("*"): if dir_path.is_dir(): - # codeql[py/overly-permissive-file] os.chmod(dir_path, permissions) @@ -246,7 +244,6 @@ def chmod_files(path: pathlib.Path, permissions: int) -> None: """Set permissions on all files in a directory tree.""" for file_path in path.rglob("*"): if file_path.is_file(): - # codeql[py/overly-permissive-file] os.chmod(file_path, permissions) diff --git a/codeql-config.yml b/codeql-config.yml index a0cf9fee..eed1ee47 100644 --- a/codeql-config.yml +++ b/codeql-config.yml @@ -3,3 +3,7 @@ paths-ignore: - '**/node_modules' - dev - state + +query-filters: + - exclude: + id: py/overly-permissive-file diff --git a/tests/unit/test_util.py b/tests/unit/test_util.py index 454350c9..20ff6505 100644 --- a/tests/unit/test_util.py +++ b/tests/unit/test_util.py @@ -44,7 +44,6 @@ def test_chmod_files_handles_multiple_files(tmp_path: pathlib.Path): files = [tmp_path / f"file{i}.txt" for i in range(5)] for f in files: f.write_text("content") - # codeql[py/overly-permissive-file] os.chmod(f, 0o644) util.chmod_files(tmp_path, 0o400) @@ -62,7 +61,6 @@ def test_chmod_files_handles_nested_directories(tmp_path: pathlib.Path): file3 = nested_dir / "deep.txt" for f in [file1, file2, file3]: f.write_text("content") - # codeql[py/overly-permissive-file] os.chmod(f, 0o644) util.chmod_files(tmp_path, 0o444) @@ -75,7 +73,6 @@ def test_chmod_files_handles_nested_directories(tmp_path: pathlib.Path): def test_chmod_files_sets_custom_permissions(tmp_path: pathlib.Path): test_file = tmp_path / "test.txt" test_file.write_text("content") - # codeql[py/overly-permissive-file] os.chmod(test_file, 0o644) util.chmod_files(tmp_path, 0o400) @@ -87,7 +84,6 @@ def test_chmod_files_sets_custom_permissions(tmp_path: pathlib.Path): def test_chmod_files_sets_default_permissions(tmp_path: pathlib.Path): test_file = tmp_path / "test.txt" test_file.write_text("content") - # codeql[py/overly-permissive-file] os.chmod(test_file, 0o644) util.chmod_files(tmp_path, 0o444) --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
