barrett/cp.nvim
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix(security): harden credential storage and transmission

Browse source 
Problem: credential and cookie files were world-readable (0644),
passwords transited via `CP_CREDENTIALS` env var (visible in
`/proc/PID/environ`), and Kattis/USACO echoed passwords back
through stdout unnecessarily.

Solution: set 0600 permissions on `cp-nvim.json` and `cookies.json`
after every write, pass credentials via stdin pipe instead of env
var, and stop emitting passwords in ndjson from Kattis/USACO
`LoginResult` (CSES token emission unchanged).
This commit is contained in:
Barrett Ruth 2026-03-07 18:01:54 -05:00
parent 771dbc7753
commit 0c06b4a55a
Signed by: barrett
GPG key ID: A6C96C9349D2FC81
6 changed files with 10 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

2
scrapers/usaco.py
View file

@ -533,7 +533,6 @@ class USACOScraper(BaseScraper):
return LoginResult(
success=True,
error="",
credentials={"username": username, "password": password},
)
print(json.dumps({"status": "logging_in"}), flush=True)
@ -549,7 +548,6 @@ class USACOScraper(BaseScraper):
return LoginResult(
success=True,
error="",
credentials={"username": username, "password": password},
)