clientside_validation_jquery.libraries.yml has execute permission [#3073528]

clientside_validation_jquery/clientside_validation_jquery.libraries.yml file has "execute" permission and checkouts with permissions -rwxr-xr-x (755).
I believe it should not have "execute" permission and should checkout with permissions -rw-r--r-- (644).

Comment	File	Size	Author
#2	clientside_validation-file-execute-permission-3073528-2-D8.patch	191 bytes	asvira
#2	8.x-1.x: PHP 7.1 & MySQL 5.6, D8.8 1 pass

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

Comment #1

8 August 2019 at 12:22

asvira created an issue. See original summary.

Comment #2

asvira CreditAttribution: asvira at DrupalSquad commented 8 August 2019 at 12:28

Status:

Active

» Needs review

File	Size
clientside_validation-file-execute-permission-3073528-2-D8.patch	191 bytes
8.x-1.x: PHP 7.1 & MySQL 5.6, D8.8 1 pass

Comment #3

2 October 2019 at 18:22

nikunjkotecha committed 9188dcd on 8.x-2.x authored by asvira

Issue #3073528 by asvira: clientside_validation_jquery.libraries.yml has...

Comment #4

nikunjkotecha

he/him

Gujarati

India, Gujarat, Rajkot

CreditAttribution: nikunjkotecha as a volunteer and at QED42 commented 2 October 2019 at 18:23

Status:

Needs review

» Fixed

Thanks @asvira for reporting and the patch.

Just curious, is there any issue with this permission? Any doc or reference you went through to find this as a vulnerability or issue?

Comment #5

asvira CreditAttribution: asvira at DrupalSquad commented 4 October 2019 at 06:20

@nikunjkotecha, I don't think there is any real issue, except that human commits the file as non-executable (just because it should be so) and then composer makes file executable (when installing/updating/patching) and it produces additional line about modified file in git status (which requires attention each time).