12
0
Fork 0
mirror of https://github.com/Azure/setup-helm.git synced 2026-07-05 12:39:34 +00:00

fix: use chmod 755 instead of 777 for downloaded helm binary and folder (#278)

World-writable permissions allow other processes on shared runners to replace the helm binary or inject files between download and execution.

Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent)

Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
This commit is contained in:
David Gamero 2026-06-04 19:25:36 -04:00 committed by GitHub
parent 9dad99fe3c
commit 69214f9d74
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 7 additions and 7 deletions

View file

@ -105,7 +105,7 @@ export async function downloadHelm(
)
}
fs.chmodSync(helmDownloadPath, '777')
fs.chmodSync(helmDownloadPath, '755')
const extractedPath =
getPlatform() === 'windows'
? await toolCache.extractZip(helmDownloadPath)
@ -125,12 +125,12 @@ export async function downloadHelm(
)
}
fs.chmodSync(helmpath, '777')
fs.chmodSync(helmpath, '755')
return helmpath
}
export function findHelm(rootFolder: string): string {
fs.chmodSync(rootFolder, '777')
fs.chmodSync(rootFolder, '755')
let filelist: string[] = []
walkSync(rootFolder, filelist, helmToolName + getExecutableExtension())
if (!filelist || filelist.length == 0) {