SQUASH – add file perm checks

Author: michaelsembwever

pylib/cqlshlib/cqlshmain.py

@@ -112,6 +112,21 @@ def resolve_cql_history_file():
         return default_cql_history
 
 
+def check_file_perms(filepath):
+    """ Check file permissions (not readable by group or others) """
+    assert os.path.exists(filepath), "File %s does not exist" % filepath
+
+    try:
+        file_stat = os.stat(filepath)
+        mode = file_stat.st_mode
+        is_group_readable = bool(mode & 0o040)
+        is_world_readable = bool(mode & 0o004)
+
+        if is_world_readable or is_group_readable:
+            print('Warning: file {0} has unsafe permissions. You should: chmod 600 {0}'.format(filepath))
+    except (OSError, IOError):
+        print('Warning: unable to check for unsafe permissions on file %s' % (filepath))
+
 HISTORY = resolve_cql_history_file()
 HISTORY_DIR = os.path.dirname(HISTORY)
 
@@ -2266,6 +2281,9 @@ def main(cmdline, pkgpath):
         else:
             os.rename(old_config_file, config_file)
 
+    check_file_perms(config_file)
+    check_file_perms(HISTORY)
+
     (options, hostname, port) = read_options(cmdline, parser, config_file, cql_dir)
 
     docspath = get_docspath(pkgpath)