From 2c60e142605297df21d471f1aa3a336deb04f8d5 Mon Sep 17 00:00:00 2001
From: HeshamTB <hishaminv@gmail.com>
Date: Sun, 12 Jun 2022 12:52:04 +0300
Subject: [PATCH] sql_app: enforce strict file permissions for .env

Signed-off-by: HeshamTB <hishaminv@gmail.com>
---
 run-tls                    | 10 ++++++++++
 sql_app/file_permissios.py | 18 ++++++++++++++++++
 2 files changed, 28 insertions(+)
 create mode 100755 sql_app/file_permissios.py

diff --git a/run-tls b/run-tls
index a5825a8..4c661ef 100755
--- a/run-tls
+++ b/run-tls
@@ -1,4 +1,14 @@
 #!/bin/bash
 
 source venv/bin/activate
+
+cd sql_app/
+
+./file_permissios.py
+if [ $? == 1 ]
+then
+    echo "enviorment file_permissions are incorrect"
+    exit 1
+fi
+cd ../
 exec uvicorn sql_app.main:app --ssl-certfile server.crt --ssl-keyfile server.key --port 4040 --host 0.0.0.0 --no-server-header
diff --git a/sql_app/file_permissios.py b/sql_app/file_permissios.py
new file mode 100755
index 0000000..d7c7917
--- /dev/null
+++ b/sql_app/file_permissios.py
@@ -0,0 +1,18 @@
+#!/bin/python
+
+# Hesham T. Banafa
+# Jun 12th, 2022
+# Check enviorment file permissions and return -1 if fails or 0
+
+import os
+import stat
+
+ENV_FILE='.env'
+
+st = os.stat(ENV_FILE)
+if st.st_mode & stat.S_IROTH or \
+    st.st_mode & stat.S_IWOTH or \
+    st.st_mode & stat.S_IXOTH:
+    exit(1)
+
+exit(0)
\ No newline at end of file