From 51eca1fc88e9c44773e7b59045a7874291727244 Mon Sep 17 00:00:00 2001
From: Daniel Richard G <skunk@iSKUNK.ORG>
Date: Wed, 29 Sep 2021 04:00:07 -0400
Subject: [PATCH 1/2] write config file with mode 600 as it may contain secrets

---
 blackduck/Core.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/blackduck/Core.py b/blackduck/Core.py
index d0f82700..0a71d4b3 100644
--- a/blackduck/Core.py
+++ b/blackduck/Core.py
@@ -1,4 +1,5 @@
 import logging
+import os
 import requests
 import json
 from operator import itemgetter
@@ -17,7 +18,9 @@ def read_config(self):
         raise
         
 def write_config(self):
-    with open(self.configfile,'w') as f:
+    def openfn(cfg, flags):
+        return os.open(cfg, flags, mode=0o600)
+    with open(self.configfile, 'w', opener=openfn) as f:
         json.dump(self.config, f, indent=3)
         
 def get_auth_token(self):

From f539b2636a6af515eb239dae22b77a0ba5994ef6 Mon Sep 17 00:00:00 2001
From: Daniel Richard G <skunk@iSKUNK.ORG>
Date: Wed, 29 Sep 2021 04:01:34 -0400
Subject: [PATCH 2/2] don't write config file by default, as it may contain
 secrets

---
 blackduck/HubRestApi.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/blackduck/HubRestApi.py b/blackduck/HubRestApi.py
index 81b1723d..55e9213c 100755
--- a/blackduck/HubRestApi.py
+++ b/blackduck/HubRestApi.py
@@ -141,7 +141,7 @@ def __init__(self, *args, **kwargs):
             self.config['insecure'] = kwargs.get('insecure', False)
             self.config['debug'] = kwargs.get('debug', False)
 
-            if kwargs.get('write_config_flag', True):
+            if kwargs.get('write_config_flag', False):
                 self.write_config()
         except Exception:
             self.read_config()