Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Permission restriction for user credentials #42

Merged
merged 1 commit into from
Nov 29, 2023
Merged

Permission restriction for user credentials #42

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 17 additions & 0 deletions src/bitsrun/config.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
from pathlib import Path
from sys import platform
from typing import Optional, Tuple, TypedDict
from warnings import warn

from platformdirs import site_config_path, user_config_path

Expand Down Expand Up @@ -72,13 +73,29 @@ def read_config() -> Optional[Tuple[ConfigType, str]]:
{ "username": "xxxx", "password": "xxxx" }
```

The config file must be only readable/writable by the owner.

Returns:
A tuple of (config, path to config file) if the config file is found.
"""

def check_permissions(path: Path):
"""Config file permissions must not be set too open."""

# The check is performed on unix only.
if not platform.startswith('win32'):
pm = path.stat().st_mode & 0o777
if pm != 0o600:
warn(f'{path} has too open permissions ({pm}), ignoring!', stacklevel=1)
warn(f'please run `chmod 600 {path}` to fix this.', stacklevel=1)
raise PermissionError()

paths = get_config_paths()
for path in paths:
try:
if not path.exists():
continue
check_permissions(path)
with open(path) as f:
data = json.loads(f.read())
return data, str(path)
Expand Down