Missing new line:

 git reset --hard#######################
# RISKY COMMAND FOUND #
#######################
* This command going to reset all your local changes.

Solve the challenge:: 4 + 7 = ? ^C to cancel
^C

Promot notification when user wants to parent folder

AWS destroy commands

List of command:
TTBD

List of command:
example:
heroku ps:restart
heroku ps:stop
heroku ps:kill
heroku ps:stop
heroku maintenance:on
heroku members:remove
heroku features:disable
heroku container:rm
heroku config:unset
heroku clients:destroy
heroku clients:rotate
heroku clients:update
heroku apps:destroy
heroku apps:leave
heroku apps:rename
heroku addons:destroy
heroku addons:detach
heroku access:remove
heroku access:update

for example git push --force

Proposal

When using rm -rf ../ (or multiple ../) it can be dangerous when you do not specify a specific folder to delete.
you may be jump too many folders up :)

Attempted Solutions

Catch ../ or multio ../../../ without spisify spisific folder

Proposal

Support shellfirm in fish.

Use-cases

I'm using fish as my default shell and failed to make it work so assuming it's not yet supported there?

Shellfirm version:

What happened:
Tried to customize the denied command, but it didn't work.

What you expected to happen:
what I think, shellfirm can customize commands that can be denied in addition to the default commands like in the shellfirm/checks directory. But it doesn't work well at my place

How to reproduce it (as minimally and precisely as possible):

• I declared the command I want to deny in .shellfirm/settings.yaml in the line deny_patterns_ids & includes
• I did a shellfirm config challenge
• I've seen my pattern customization already entered there
• but after I tried the command, it still works in other words it is not restricted by shellfirm. Unlike the default commands that shellfirm give such as git reset etc.

Anything else we need to know?:

• we all know that this app has big vision and i already feel it
• I am very happy that you build an application like this, it is very useful in my opinion
• Thanks @kaplanelad

OS:

• Ubuntu 20.04LTS Server

Evidence

• git reset command rejected as usual.
• openstack command not rejected as usual.

What happened:
the filter .*>(.*) in fs.yaml file is catch also >> which is also append to file and nut flush the file

What you expected to happen:
the regex should catch only in one >

Proposal

Make $XDG_CONFIG_HOME/shellfirm/ the default path for all configuration, in accordance with XDG dir spec and to prevent clutter of $HOME dir.

Alternatively, allow user to set the path explicitly (with an env variable, for example).

Also, thank you for the project!

Proposal

Add the option to disable patterns from the selected groups

Use-cases

Some patterns that you don't want to check

Is it still possible to configure custom checks? I remember it used to be possible by setting checks to an array of checks in settings.yaml (at the time config.yaml).

Proposal

When copy file to destination exists can be override the existing file

Support risky patterns in docker cli

Needs to change the static / char to Path join for support multiple OS

https://github.com/kaplanelad/shellfirm/blob/main/src/config.rs#L299
https://github.com/kaplanelad/shellfirm/blob/main/src/config.rs#L330
https://github.com/kaplanelad/shellfirm/blob/main/src/config.rs#L344

Ads xtask and run github action.ass codecove

test not consistent: test config::config::can_add_checks_group

Proposal

We need the option the add/delete/change baseline check when a new version is released.

Use-cases

when we have:

1. bug in some of the checks
2. new checks
3. checks that we want to remove

we need the option to do it automatically when the user updates the new shellfirm version

Attempted Solutions

Promot notification when user wants to delete the folder with changes git commits

Proposal

when running shellfirm config reset shows the config file path + the backup file path if given

Proposal

Please provide native support for Apple silicon.

Proposal

Reduce actions

Use-cases

Attempted Solutions

on:
  push:

    paths-ignore:
      - '**/*.md'

Add new patterns to base.yaml checks

Proposal

add Heroku risky commands

Use-cases

List of command:
example:
heroku ps:restart
heroku ps:stop
heroku ps:kill
heroku ps:stop
heroku maintenance:on
heroku members:remove
heroku features:disable
heroku container:rm
heroku config:unset
heroku clients:destroy
heroku clients:rotate
heroku clients:update
heroku apps:destroy
heroku apps:leave
heroku apps:rename
heroku addons:destroy
heroku addons:detach
heroku access:remove
heroku access:update

heroku repo:reset

Proposal

Hi Elad, thanks for your good work. Can you add a feature to restrict commands at all? looks like it would be very good if the feature was held.

Very Thanks!

Use-cases

• Admin set command which is restricted in /.shellfirm/config.yaml
• The user cannot execute the command in /.shellfirm/config.yaml at all.

Expected Beahviour

• User can't run command at all if command is on the list of /.shellfirm/config.yaml

Actual Behaviour

• The user can still run the command if the user succeeds in winning the challenge.

Please add a check for:

crontab -r

The above command is risky because it'll remove the user's entire crontab of scheduled tasks. Since users typically would want to edit their crontab using the -e option, an accidental keypress of neighbouring -r would be disastrous. Yes, an alias to include the -i (interactive) option could be set to at least first prompt the user before its removal, but users typically only learn about this option once the damage is already done.

Proposal

When new test added (for base.yaml for example) that test settings_config.add_checks_group(&["base".into()]) is failed .
need to move the test to take a test yaml file for better maintenance

Use-cases

when new test added to base the test should't brake

Can we have the option to enable rmdir from the list of risky commands?

Proposal

There are checks that we want to define a different challenge from the default.

Use-cases

By default, I configure Enter as the main challenge, but when I use rm I want a different challenge before continuing the command

Attempted Solutions

Add challenge per check as an optional field

- from: fs
  test: rm.+(-r|-fr|-rf)(\s*)(/|\*|.|./)(\s*)\z
  method: Regex
  enable: true
  description: "You are going to delete everything in the path."
  challenge: Math

command shellfirm config reset to be interactive:

Rest configuration will reset all checks settings. Select how to continue...
 1. Yes, i want to override the current configuration
 2. Override and backup the existing file
 3. Cancel Or ^C
 4. ```

for better config managment we can move all the list of check to include like:

include: git,fs,base, kubernetes, aws etc

the includes should copy to list of check like :

user_defined:
   list of checks....

Proposal

Support bash

List of possible risky patterns:

• terraform apply - with flag -auto-approve
• terraform force-unlock - with flag -force
• terraform state mv - without dryrun flag https://www.terraform.io/cli/commands/state/mv
• terraform state replace-provider - with -auto-approve
• terraform state rm - without -dry-run
• terraform workspace delete - with -force

Shellfirm version:

What happened: Anything

What you expected to happen: Check the command because it is equivalent to "rm -r ."

How to reproduce it (as minimally and precisely as possible): run "rm - R ." or
"RUST_LOG=trace shellfirm pre-command --command "rm -R .""

It gives no more traces

Anything else we need to know?: No, but you are doing a great job

OS: Ubuntu 22.04

Proposal

Please add installation instructions for Zsh without using Oh My Zsh

Use-cases

People using Zsh without Oh My Zsh

Attempted Solutions

Pasting shellfirm.plugin.zsh to .zshrc