Updated vectorscan pre-compilation to respect umask when writing data…

…base files

wordfence/cli/malwarescan/malwarescan.py

@@ -15,6 +15,7 @@
 from wordfence.util.platform import Platform, UnknownPlatform
 from wordfence.intel.signatures import SignatureSet, PrecompiledSignatureSet, \
     deserialize_precompiled_signature_set
+from wordfence.util.io import chmod_with_umask
 from wordfence.logging import (log, remove_initial_handler,
                                restore_initial_handler)
 from ..subcommands import Subcommand
@@ -262,6 +263,7 @@ def filter_precompiled(precompiled):
                     file.write(pickle.dumps(precompiled))
                     file.flush()
                     file.close()
+                    chmod_with_umask(file.name)
                     os.replace(file.name, database_path)
 
         if precompiled is None:

wordfence/intel/signatures.py

@@ -119,6 +119,7 @@ def deserialize_precompiled_signature_set(data):
     signature_set = limited_deserialize(
             data,
             {
+                'wordfence.api.licensing.License',
                 'wordfence.intel.signatures.PrecompiledSignatureSet',
                 'wordfence.intel.signatures.SignatureSet',
                 'wordfence.intel.signatures.Signature',

wordfence/util/io.py

@@ -280,3 +280,19 @@ def iterate_files(
             yield from iterate_files(item.path, parents, loop_callback)
         else:
             yield item.path
+
+
+def get_umask() -> int:
+    current = os.umask(0)
+    os.umask(current)
+    return current
+
+
+def umask_mode(mode: int) -> int:
+    umask = get_umask()
+    return mode & ~umask
+
+
+def chmod_with_umask(path: str, mode: int = 0o666) -> int:
+    mode = umask_mode(mode)
+    os.chmod(path, mode)