Merge commit from fork

* security: set 600 permissions on auth token cache file /~https://github.com/spotipy-dev/spotipy/security/advisories/GHSA-pwhh-q4h6-w599 * Update spotipy/cache_handler.py Co-authored-by: Niko <github@dieserniko.link> * add newline back in --------- Co-authored-by: Niko <github@dieserniko.link>
spotipy-dev · Feb 26, 2025 · 1ca453f · 1ca453f
1 parent 668158f
commit 1ca453f
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -19,6 +19,7 @@ Add your changes below.
 
 - Fixed scripts in examples directory that didn't run correctly
 - Updated documentation for `Client.current_user_top_artists` to indicate maximum number of artists limit
+- Set auth cache file permissions to `600`: /~https://github.com/spotipy-dev/spotipy/security/advisories/GHSA-pwhh-q4h6-w599
 
 ### Changed
 

diff --git a/spotipy/cache_handler.py b/spotipy/cache_handler.py
@@ -94,8 +94,12 @@ def save_token_to_cache(self, token_info):
         try:
             with open(self.cache_path, "w", encoding='utf-8') as f:
                 f.write(json.dumps(token_info, cls=self.encoder_cls))
+            # /~https://github.com/spotipy-dev/spotipy/security/advisories/GHSA-pwhh-q4h6-w599
+            os.chmod(self.cache_path, 0o600)
         except OSError:
             logger.warning(f"Couldn't write token to cache at: {self.cache_path}")
+        except FileNotFoundError:
+            logger.warning(f"Couldn't set permissions to cache file at: {self.cache_path}")
 
 
 class MemoryCacheHandler(CacheHandler):