Type
refactor
Severity
medium
Area
nmapui/google_drive.py, nmapui/settings.py
Description
Both google_drive.py and settings.py contain nearly identical implementations of:
_set_owner_only_permissions() — sets file to 0o600_load_or_create_encryption_key() — creates/loads Fernet keys with atomic file operations
The implementations have the same structure but have drifted slightly. Bug fixes applied to one copy may not be applied to the other.
Additionally, both have a TOCTOU race condition in key creation: between the exists() check and read_bytes(), another process could delete or modify the key file. Two processes starting simultaneously could both generate different keys, making tokens encrypted with one key undecryptable.
Proposed Fix
- Create
nmapui/crypto_utils.py with the shared implementations
- Use
fcntl.flock or O_CREAT | O_EXCL for atomic key creation
- Have both
google_drive.py and settings.py import from the shared module
Related Issues
#182 (Duplicate encryption helpers — closed, but apparently not fully resolved)
Type
refactor
Severity
medium
Area
nmapui/google_drive.py,nmapui/settings.pyDescription
Both
google_drive.pyandsettings.pycontain nearly identical implementations of:_set_owner_only_permissions()— sets file to0o600_load_or_create_encryption_key()— creates/loads Fernet keys with atomic file operationsThe implementations have the same structure but have drifted slightly. Bug fixes applied to one copy may not be applied to the other.
Additionally, both have a TOCTOU race condition in key creation: between the
exists()check andread_bytes(), another process could delete or modify the key file. Two processes starting simultaneously could both generate different keys, making tokens encrypted with one key undecryptable.Proposed Fix
nmapui/crypto_utils.pywith the shared implementationsfcntl.flockorO_CREAT | O_EXCLfor atomic key creationgoogle_drive.pyandsettings.pyimport from the shared moduleRelated Issues
#182 (Duplicate encryption helpers — closed, but apparently not fully resolved)