Merge commit from fork

* security: set 600 permissions on auth token cache file https://github.com/spotipy-dev/spotipy/security/advisories/GHSA-pwhh-q4h6-w599 * Update spotipy/cache_handler.py Co-authored-by: Niko <github@dieserniko.link> * add newline back in --------- Co-authored-by: Niko <github@dieserniko.link>
2026-06-19 01:03:53 +00:00 · 2025-02-26 05:01:16 -08:00 · 2025-02-26 05:01:16 -08:00 · 1ca453f6ef
commit 1ca453f6ef
parent 668158f055
2 changed files with 5 additions and 0 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -19,6 +19,7 @@ Add your changes below.

 - Fixed scripts in examples directory that didn't run correctly
 - Updated documentation for `Client.current_user_top_artists` to indicate maximum number of artists limit
+- Set auth cache file permissions to `600`: https://github.com/spotipy-dev/spotipy/security/advisories/GHSA-pwhh-q4h6-w599

 ### Changed

--- a/spotipy/cache_handler.py
+++ b/spotipy/cache_handler.py
@ -94,8 +94,12 @@ class CacheFileHandler(CacheHandler):
        try:
            with open(self.cache_path, "w", encoding='utf-8') as f:
                f.write(json.dumps(token_info, cls=self.encoder_cls))
+            # https://github.com/spotipy-dev/spotipy/security/advisories/GHSA-pwhh-q4h6-w599
+            os.chmod(self.cache_path, 0o600)
        except OSError:
            logger.warning(f"Couldn't write token to cache at: {self.cache_path}")
+        except FileNotFoundError:
+            logger.warning(f"Couldn't set permissions to cache file at: {self.cache_path}")


 class MemoryCacheHandler(CacheHandler):