Prevent Usage of Stdlib File/Dir Writing With Static Analysis (#7685)

* write file and mkdirall analyzers * include analyzer in build bazel * comments to the single entrypoint and fix validator references * enforce 600 for files, 700 for dirs * pass validator tests * add to nogo * remove references * beaconfuzz * docker img * fix up kv issue * mkdir if not exists * radek comments * final comments * Try to fix file problem Co-authored-by: Ivan Martinez <ivanthegreatdev@gmail.com>
2026-01-08 23:18:15 -05:00 · 2020-11-09 14:27:03 -06:00
parent 15706a36cb
commit d4c954648c
47 changed files with 432 additions and 68 deletions
--- a/tools/keystores/BUILD.bazel
+++ b/tools/keystores/BUILD.bazel
@@ -9,7 +9,6 @@ go_library(
    deps = [
        "//shared/bls:go_default_library",
        "//shared/fileutil:go_default_library",
-        "//shared/params:go_default_library",
        "//shared/promptutil:go_default_library",
        "//validator/keymanager:go_default_library",
        "@com_github_google_uuid//:go_default_library",
--- a/tools/keystores/main.go
+++ b/tools/keystores/main.go
@@ -19,7 +19,6 @@ import (
 	"github.com/pkg/errors"
 	"github.com/prysmaticlabs/prysm/shared/bls"
 	"github.com/prysmaticlabs/prysm/shared/fileutil"
-	"github.com/prysmaticlabs/prysm/shared/params"
 	"github.com/prysmaticlabs/prysm/shared/promptutil"
 	"github.com/prysmaticlabs/prysm/validator/keymanager"
 	"github.com/urfave/cli/v2"
@@ -209,7 +208,7 @@ func encrypt(cliCtx *cli.Context) error {
 	if err != nil {
 		return errors.Wrap(err, "could not json marshal keystore")
 	}
-	if err := ioutil.WriteFile(fullPath, encodedFile, params.BeaconIoConfig().ReadWritePermissions); err != nil {
+	if err := fileutil.WriteFile(fullPath, encodedFile); err != nil {
 		return errors.Wrapf(err, "could not write file at path: %s", fullPath)
 	}
 	fmt.Printf(