From dee8a99e7a8d071c987709a01f02ee8fecf2d776 Mon Sep 17 00:00:00 2001
From: ThetaDev <thetadev@magenta.de>
Date: Thu, 16 Jan 2025 02:15:20 +0100
Subject: [PATCH] feat: set cache file permissions to 600

---
 src/cache.rs | 21 ++++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

diff --git a/src/cache.rs b/src/cache.rs
index 8015cb9..a1c90c4 100644
--- a/src/cache.rs
+++ b/src/cache.rs
@@ -16,7 +16,8 @@
 //! the cache as a JSON file.
 
 use std::{
-    fs,
+    fs::File,
+    io::Write,
     path::{Path, PathBuf},
 };
 
@@ -68,7 +69,21 @@ impl Default for FileStorage {
 
 impl CacheStorage for FileStorage {
     fn write(&self, data: &str) {
-        fs::write(&self.path, data).unwrap_or_else(|e| {
+        fn _write(path: &Path, data: &str) -> Result<(), std::io::Error> {
+            let mut f = File::create(path)?;
+            // Set cache file permissions to 0600 on Unix-based systems
+            #[cfg(target_family = "unix")]
+            {
+                use std::os::unix::fs::PermissionsExt;
+                let metadata = f.metadata()?;
+                let mut permissions = metadata.permissions();
+                permissions.set_mode(0o600);
+                std::fs::set_permissions(path, permissions)?;
+            }
+            f.write_all(data.as_bytes())
+        }
+
+        _write(&self.path, data).unwrap_or_else(|e| {
             error!(
                 "Could not write cache to file `{}`. Error: {}",
                 self.path.to_string_lossy(),
@@ -82,7 +97,7 @@ impl CacheStorage for FileStorage {
             return None;
         }
 
-        match fs::read_to_string(&self.path) {
+        match std::fs::read_to_string(&self.path) {
             Ok(data) => Some(data),
             Err(e) => {
                 error!(