fix: use 0600 permissions on config.yaml

uinstinct · uinstinct · commit 413c0bb26c1a · 2025-10-15T13:29:49.000+05:30
diff --git a/core/util/paths.ts b/core/util/paths.ts
@@ -113,9 +113,9 @@ export function getConfigYamlPath(ideType?: IdeType): string {
       // https://github.com/continuedev/continue/pull/7224
       // This was here because we had different context provider support between jetbrains and vs code
       // Leaving so we could differentiate later but for now configs are the same between IDEs
-      fs.writeFileSync(p, YAML.stringify(defaultConfig));
+      fs.writeFileSync(p, YAML.stringify(defaultConfig), { mode: 0o600 });
     } else {
-      fs.writeFileSync(p, YAML.stringify(defaultConfig));
+      fs.writeFileSync(p, YAML.stringify(defaultConfig), { mode: 0o600 });
     }
   }
   return p;
@@ -255,12 +255,13 @@ function editConfigJson(
 }
 
 function editConfigYaml(callback: (config: ConfigYaml) => ConfigYaml): void {
-  const config = fs.readFileSync(getConfigYamlPath(), "utf8");
+  const configPath = getConfigYamlPath();
+  const config = fs.readFileSync(configPath, "utf8");
   let configYaml = YAML.parse(config);
   // Check if it's an object
   if (typeof configYaml === "object" && configYaml !== null) {
     configYaml = callback(configYaml as any) as any;
-    fs.writeFileSync(getConfigYamlPath(), YAML.stringify(configYaml));
+    fs.writeFileSync(configPath, YAML.stringify(configYaml), { mode: 0o600 });
   } else {
     console.warn("config.yaml is not a valid object");
   }
diff --git a/extensions/cli/src/freeTrialTransition.ts b/extensions/cli/src/freeTrialTransition.ts
@@ -31,7 +31,7 @@ async function createOrUpdateConfig(apiKey: string): Promise<void> {
     : "";
 
   const updatedContent = updateAnthropicModelInYaml(existingContent, apiKey);
-  fs.writeFileSync(CONFIG_PATH, updatedContent);
+  fs.writeFileSync(CONFIG_PATH, updatedContent, { mode: 0o600 });
 }
 
 /**
diff --git a/extensions/cli/src/onboarding.ts b/extensions/cli/src/onboarding.ts
@@ -43,7 +43,7 @@ export async function createOrUpdateConfig(apiKey: string): Promise<void> {
     : "";
 
   const updatedContent = updateAnthropicModelInYaml(existingContent, apiKey);
-  fs.writeFileSync(CONFIG_PATH, updatedContent);
+  fs.writeFileSync(CONFIG_PATH, updatedContent, { mode: 0o600 });
 }
 
 export async function runOnboardingFlow(
diff --git a/extensions/vscode/src/commands.ts b/extensions/vscode/src/commands.ts
@@ -715,7 +715,9 @@ const getCommandsMap: (
       const configYaml = convertJsonToYamlConfig(parsed);
 
       const configYamlPath = getConfigYamlPath();
-      fs.writeFileSync(configYamlPath, YAML.stringify(configYaml));
+      fs.writeFileSync(configYamlPath, YAML.stringify(configYaml), {
+        mode: 0o600,
+      });
 
       // Open config.yaml
       await openEditorAndRevealRange(

Original file line number	Diff line number	Diff line change
`@@ -31,7 +31,7 @@ async function createOrUpdateConfig(apiKey: string): Promise<void> {`
`31`	`31`	`: "";`
`32`	`32`
`33`	`33`	`const updatedContent = updateAnthropicModelInYaml(existingContent, apiKey);`
`34`		`- fs.writeFileSync(CONFIG_PATH, updatedContent);`
	`34`	`+ fs.writeFileSync(CONFIG_PATH, updatedContent, { mode: 0o600 });`
`35`	`35`	`}`
`36`	`36`
`37`	`37`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -43,7 +43,7 @@ export async function createOrUpdateConfig(apiKey: string): Promise<void> {`
`43`	`43`	`: "";`
`44`	`44`
`45`	`45`	`const updatedContent = updateAnthropicModelInYaml(existingContent, apiKey);`
`46`		`- fs.writeFileSync(CONFIG_PATH, updatedContent);`
	`46`	`+ fs.writeFileSync(CONFIG_PATH, updatedContent, { mode: 0o600 });`
`47`	`47`	`}`
`48`	`48`
`49`	`49`	`export async function runOnboardingFlow(`