AlexanderAshitkin commented on code in PR #392:
URL:
https://github.com/apache/maven-build-cache-extension/pull/392#discussion_r2423065337
##########
src/main/java/org/apache/maven/buildcache/CacheUtils.java:
##########
@@ -217,4 +253,83 @@ public static <T> void debugPrintCollection(
}
}
}
+
+ /**
+ * Convert POSIX file permissions to Unix mode integer.
+ *
+ * @param permissions POSIX file permissions
+ * @return Unix mode as integer (e.g., {@code 0100755} for regular file
with {@code rwxr-xr-x})
+ */
+ private static int permissionsToMode(Set<PosixFilePermission> permissions)
{
+ // Start with regular file type (0100000 in octal)
+ int mode = 0100000;
+
+ if (permissions.contains(PosixFilePermission.OWNER_READ)) {
+ mode |= 0400;
+ }
+ if (permissions.contains(PosixFilePermission.OWNER_WRITE)) {
+ mode |= 0200;
+ }
+ if (permissions.contains(PosixFilePermission.OWNER_EXECUTE)) {
+ mode |= 0100;
+ }
+ if (permissions.contains(PosixFilePermission.GROUP_READ)) {
Review Comment:
Is there any reason for restoring `group` and `others` permissions? It feels
like adding security concerns - what if malicious executable file is packed to
repo, and the checkout directory has +x for others or groups? Or if parent
directory access changes and now everything is suddenly executable because this
is how the cache was saved?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
