From a402e25166870ac7eda20e923169774797dd5085 Mon Sep 17 00:00:00 2001
From: qyt <486179@qq.com>
Date: Thu, 30 Apr 2026 09:45:30 +0000
Subject: [PATCH] Potential fix for code scanning alert no. 47

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 .../Verification_XAuth/Verification_XAuthKey.cpp  | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/XEngine_Module/XEngine_Verification/Verification_XAuth/Verification_XAuthKey.cpp b/XEngine_Module/XEngine_Verification/Verification_XAuth/Verification_XAuthKey.cpp
index 7c5f27e..155130e 100644
--- a/XEngine_Module/XEngine_Verification/Verification_XAuth/Verification_XAuthKey.cpp
+++ b/XEngine_Module/XEngine_Verification/Verification_XAuth/Verification_XAuthKey.cpp
@@ -1,5 +1,8 @@
 #include "pch.h"
 #include "Verification_XAuthKey.h"
+#include <fcntl.h>
+#include <sys/stat.h>
+#include <unistd.h>
 /********************************************************************
 //    Created:     2025/09/30  16:47:21
 //    File Name:   D:\XEngine_OPenSource\XEngine_Module\XEngine_Verification\Verification_XAuth\Verification_XAuthKey.cpp
@@ -151,10 +154,18 @@ bool CVerification_XAuthKey::Verification_XAuthKey_FileWrite(VERIFICATION_XAUTHK
 	{
 		return false;
 	}
-	//打开文件
-	FILE* pSt_File = _xtfopen(lpszKeyFile, _X("wb"));
+	//打开文件(限制为仅当前用户可读写)
+	int nFile = open(lpszKeyFile, O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR);
+	if (nFile < 0)
+	{
+		Verification_IsErrorOccur = true;
+		Verification_dwErrorCode = ERROR_XENGINE_MODULE_VERIFICATION_XAUTH_OPENFILE;
+		return false;
+	}
+	FILE* pSt_File = fdopen(nFile, "wb");
 	if (NULL == pSt_File)
 	{
+		close(nFile);
 		Verification_IsErrorOccur = true;
 		Verification_dwErrorCode = ERROR_XENGINE_MODULE_VERIFICATION_XAUTH_OPENFILE;
 		return false;