restrict file permissions

Signed-off-by: Daniele Martinoli <dmartino@redhat.com>

Author: dmartinol

pkg/config/config_test.go

@@ -173,7 +173,7 @@ filter:
 
 			// Create test config file
 			configPath := filepath.Join(tmpDir, "config.yaml")
-			err := os.WriteFile(configPath, []byte(tt.yamlContent), 0644)
+			err := os.WriteFile(configPath, []byte(tt.yamlContent), 0600)
 			require.NoError(t, err)
 
 			// Load the config
@@ -229,7 +229,7 @@ filter:
     include: ["prod", "stable"]
     exclude: ["beta", "alpha"]`
 
-	err := os.WriteFile(configPath, []byte(yamlContent), 0644)
+	err := os.WriteFile(configPath, []byte(yamlContent), 0600)
 	require.NoError(t, err)
 
 	// Load it back

pkg/sources/storage_manager.go

@@ -64,7 +64,7 @@ func (f *FileStorageManager) Store(ctx context.Context, config *config.Config, r
 
 	// Write to temporary file first for atomic operation
 	tempPath := filePath + ".tmp"
-	if err := os.WriteFile(tempPath, data, 0644); err != nil {
+	if err := os.WriteFile(tempPath, data, 0600); err != nil {
 		return fmt.Errorf("failed to write temporary registry file: %w", err)
 	}
 

pkg/status/persistence.go

@@ -51,7 +51,7 @@ func (f *FileStatusPersistence) SaveStatus(ctx context.Context, status *SyncStat
 
 	// Write to temporary file first for atomic operation
 	tempPath := f.filePath + ".tmp"
-	if err := os.WriteFile(tempPath, data, 0644); err != nil {
+	if err := os.WriteFile(tempPath, data, 0600); err != nil {
 		return fmt.Errorf("failed to write temporary status file: %w", err)
 	}