mirror/LocalAI
1
0
Fork 0
mirror of https://github.com/mudler/LocalAI.git synced 2026-06-20 14:49:09 -04:00
Code Issues Packages Projects Releases Wiki Activity

fix(mcp): write alias config 0600 to satisfy gosec G306

Browse Source 
The inproc createAlias path wrote the alias YAML with 0644, which gosec
flags as a new G306 finding on the PR. The LocalAI process is the sole
reader/writer of model configs, so 0600 is correct and keeps the scan clean.

Assisted-by: Claude:claude-opus-4-8 [Claude Code]
Signed-off-by: Ettore Di Giacinto <mudler@localai.io>
This commit is contained in:
Ettore Di Giacinto
2026-06-20 12:55:31 +00:00
parent 20196357c4
commit 24043fc585
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
pkg/mcp/localaitools/inproc/client.go
View File

@@ -352,7 +352,9 @@ func (c *Client) createAlias(name, target string) error {
if err != nil {
return fmt.Errorf("marshal alias config: %w", err)
}
if err := os.WriteFile(filepath.Join(modelsPath, name+".yaml"), yamlData, 0644); err != nil {
// 0600: the LocalAI process is the sole reader/writer of model configs,
// and a tighter mode keeps the gosec G306 scan clean for this new write.
if err := os.WriteFile(filepath.Join(modelsPath, name+".yaml"), yamlData, 0600); err != nil {
return fmt.Errorf("write alias config: %w", err)
}
if err := c.ConfigLoader.LoadModelConfigsFromPath(modelsPath, c.AppConfig.ToConfigLoaderOptions()...); err != nil {