From 99eeed40e511043eb9c32fc5a801ca653e418379 Mon Sep 17 00:00:00 2001
From: Tessa Pierce Ward <bluegenes@users.noreply.github.com>
Date: Fri, 14 Jun 2024 09:33:37 -0700
Subject: [PATCH] MRG: set zip permissions to 644 (#53)

Zip permissions were missing. Set to 644.
- fixes #48
---
 src/directsketch.rs     |  6 ++++--
 tests/test_gbsketch.py  | 34 ++++++++++++++++++++++++++++++++++
 tests/test_urlsketch.py | 34 +++++++++++++++++++++++++++++++++-
 3 files changed, 71 insertions(+), 3 deletions(-)

diff --git a/src/directsketch.rs b/src/directsketch.rs
index 597f799..34915a0 100644
--- a/src/directsketch.rs
+++ b/src/directsketch.rs
@@ -501,7 +501,8 @@ async fn write_sig(
 
     let now = Utc::now();
     let builder = ZipEntryBuilder::new(sig_filename.into(), Compression::Stored)
-        .last_modification_date(ZipDateTime::from_chrono(&now));
+        .last_modification_date(ZipDateTime::from_chrono(&now))
+        .unix_permissions(0o644);
     zip_writer
         .write_entry_whole(builder, &gzipped_buffer)
         .await
@@ -563,7 +564,8 @@ pub fn sigwriter_handle(
 
                 let now = Utc::now();
                 let builder = ZipEntryBuilder::new(manifest_filename.into(), Compression::Stored)
-                    .last_modification_date(ZipDateTime::from_chrono(&now));
+                    .last_modification_date(ZipDateTime::from_chrono(&now))
+                    .unix_permissions(0o644);
 
                 if let Err(e) = zip_writer
                     .write_entry_whole(builder, &manifest_buffer)
diff --git a/tests/test_gbsketch.py b/tests/test_gbsketch.py
index 3308e40..8c1fd92 100644
--- a/tests/test_gbsketch.py
+++ b/tests/test_gbsketch.py
@@ -460,3 +460,37 @@ def test_gbsketch_missing_output(runtmp):
                     '--param-str', "dna,k=31,scaled=1000")
 
     assert "Error: output signature zipfile is required if not using '--download-only'." in runtmp.last_result.err
+
+
+def test_zip_file_permissions(runtmp):
+    # Check permissions in the ZIP file
+    import zipfile
+    import stat
+    
+    acc_csv = get_test_data('acc.csv')
+    output = runtmp.output('simple.zip')
+    failed = runtmp.output('failed.csv')
+
+    sig1 = get_test_data('GCA_000175535.1.sig.gz')
+    sig2 = get_test_data('GCA_000961135.2.sig.gz')
+    sig3 = get_test_data('GCA_000961135.2.protein.sig.gz')
+    ss1 = sourmash.load_one_signature(sig1, ksize=31)
+    ss2 = sourmash.load_one_signature(sig2, ksize=31)
+    ss3 = sourmash.load_one_signature(sig3, ksize=30, select_moltype='protein')
+
+    runtmp.sourmash('scripts', 'gbsketch', acc_csv, '-o', output,
+                    '--failed', failed, '-r', '1',
+                    '--param-str', "dna,k=31,scaled=1000", '-p', "protein,k=10,scaled=200")
+
+    assert os.path.exists(output)
+    assert not runtmp.last_result.out  # stdout should be empty
+
+    with zipfile.ZipFile(output, 'r') as zip_ref:
+        for zip_info in zip_ref.infolist():
+            # The external_attr field contains the file permissions information.
+            # By shifting right 16 bits (>> 16), we extract the file permissions.
+            external_attr = zip_info.external_attr >> 16 
+            permissions = stat.filemode(external_attr)
+            print(f"File: {zip_info.filename}, Permissions: {permissions}")
+            # check permissions are 644 (rw-r--r--)
+            assert external_attr == 0o644
diff --git a/tests/test_urlsketch.py b/tests/test_urlsketch.py
index 64d1f1f..6967849 100644
--- a/tests/test_urlsketch.py
+++ b/tests/test_urlsketch.py
@@ -318,4 +318,36 @@ def test_urlsketch_from_gbsketch_failed(runtmp, capfd):
             assert url == "https://ftp.ncbi.nlm.nih.gov/genomes/all/GCA/000/175/535/GCA_000175535.1_ASM17553v1/GCA_000175535.1_ASM17553v1_protein.faa.gz"
 
 
-# def test_urlsketch_from_urlsketch_failed(runtmp, capfd):
+def test_zip_file_permissions(runtmp):
+    # Check permissions in the ZIP file
+    import zipfile
+    import stat
+    
+    acc_csv = get_test_data('acc-url.csv')
+    output = runtmp.output('simple.zip')
+    failed = runtmp.output('failed.csv')
+
+    sig1 = get_test_data('GCA_000175535.1.sig.gz')
+    sig2 = get_test_data('GCA_000961135.2.sig.gz')
+    sig3 = get_test_data('GCA_000961135.2.protein.sig.gz')
+    ss1 = sourmash.load_one_signature(sig1, ksize=31)
+    ss2 = sourmash.load_one_signature(sig2, ksize=31)
+    ss3 = sourmash.load_one_signature(sig3, ksize=30, select_moltype='protein')
+
+    runtmp.sourmash('scripts', 'urlsketch', acc_csv, '-o', output,
+                    '--failed', failed, '-r', '1',
+                    '--param-str', "dna,k=31,scaled=1000", '-p', "protein,k=10,scaled=200")
+
+    assert os.path.exists(output)
+    assert not runtmp.last_result.out  # stdout should be empty
+
+    with zipfile.ZipFile(output, 'r') as zip_ref:
+        for zip_info in zip_ref.infolist():
+            # The external_attr field contains the file permissions information.
+            # By shifting right 16 bits (>> 16), we extract the file permissions.
+            external_attr = zip_info.external_attr >> 16 
+            permissions = stat.filemode(external_attr)
+            print(f"File: {zip_info.filename}, Permissions: {permissions}")
+            # check permissions are 644 (rw-r--r--)
+            assert external_attr == 0o644
+