From 44cc7209703c437a9211d62c6705346115deff30 Mon Sep 17 00:00:00 2001
From: Jack Ivanov <e601809@gmail.com>
Date: Thu, 31 Oct 2019 19:56:24 +0100
Subject: [PATCH] Ensure Ansible is not being run in a world writable directory

---
 main.yml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/main.yml b/main.yml
index cb67a29..cdecffb 100644
--- a/main.yml
+++ b/main.yml
@@ -2,6 +2,16 @@
 - hosts: localhost
   become: false
   tasks:
+    - name: Playbook dir stat
+      stat:
+        path: "{{ playbook_dir }}"
+      register: _playbook_dir
+
+    - name: Ensure Ansible is not being run in a world writable directory
+      assert:
+        that: _playbook_dir.stat.mode|int <= 0775
+        msg: Ansible is being run in a world writable directory ({{ playbook_dir }}), ignoring it as an ansible.cfg source. For more information see https://docs.ansible.com/ansible/devel/reference_appendices/config.html#cfg-in-world-writable-dir
+
     - name: Ensure the requirements installed
       debug:
         msg: "{{ '' | ipaddr }}"