kaplanelad / shellfirm Goto Github PK
View Code? Open in Web Editor NEWIntercept any risky patterns (default or defined by you) and prompt you a small challenge for double verification
License: Apache License 2.0
Intercept any risky patterns (default or defined by you) and prompt you a small challenge for double verification
License: Apache License 2.0
Ads xtask and run github action.ass codecove
Is it still possible to configure custom checks? I remember it used to be possible by setting checks
to an array of checks in settings.yaml (at the time config.yaml).
Shellfirm version:
What happened: Anything
What you expected to happen: Check the command because it is equivalent to "rm -r ."
How to reproduce it (as minimally and precisely as possible): run "rm - R ." or
"RUST_LOG=trace shellfirm pre-command --command "rm -R .""
It gives no more traces
Anything else we need to know?: No, but you are doing a great job
OS: Ubuntu 22.04
Support risky patterns in docker cli
When using rm -rf ../ (or multiple ../) it can be dangerous when you do not specify a specific folder to delete.
you may be jump too many folders up :)
Catch ../ or multio ../../../ without spisify spisific folder
Missing new line:
git reset --hard#######################
# RISKY COMMAND FOUND #
#######################
* This command going to reset all your local changes.
Solve the challenge:: 4 + 7 = ? ^C to cancel
^C
What happened:
the filter .*>(.*)
in fs.yaml file is catch also >>
which is also append to file and nut flush the file
What you expected to happen:
the regex should catch only in one >
when running shellfirm config reset
shows the config file path + the backup file path if given
Make $XDG_CONFIG_HOME/shellfirm/
the default path for all configuration, in accordance with XDG dir spec and to prevent clutter of $HOME
dir.
Alternatively, allow user to set the path explicitly (with an env variable, for example).
Also, thank you for the project!
Shellfirm version:
What happened:
Tried to customize the denied command, but it didn't work.
What you expected to happen:
what I think, shellfirm
can customize commands that can be denied in addition to the default commands like in the shellfirm/checks directory. But it doesn't work well at my place
How to reproduce it (as minimally and precisely as possible):
.shellfirm/settings.yaml
in the line deny_patterns_ids
& includes
shellfirm
give such as git reset
etc.Anything else we need to know?:
OS:
git reset
command rejected as usual.openstack
command not rejected as usual.Promot notification when user wants to parent folder
There are checks that we want to define a different challenge from the default.
By default, I configure Enter
as the main challenge, but when I use rm
I want a different challenge before continuing the command
Add challenge
per check as an optional field
- from: fs
test: rm.+(-r|-fr|-rf)(\s*)(/|\*|.|./)(\s*)\z
method: Regex
enable: true
description: "You are going to delete everything in the path."
challenge: Math
Promot notification when user wants to delete the folder with changes git commits
Add new patterns to base.yaml checks
add Heroku risky commands
List of command:
example:
heroku ps:restart
heroku ps:stop
heroku ps:kill
heroku ps:stop
heroku maintenance:on
heroku members:remove
heroku features:disable
heroku container:rm
heroku config:unset
heroku clients:destroy
heroku clients:rotate
heroku clients:update
heroku apps:destroy
heroku apps:leave
heroku apps:rename
heroku addons:destroy
heroku addons:detach
heroku access:remove
heroku access:update
heroku repo:reset
Please add a check for:
crontab -r
The above command is risky because it'll remove the user's entire crontab of scheduled tasks. Since users typically would want to edit their crontab using the -e
option, an accidental keypress of neighbouring -r
would be disastrous. Yes, an alias to include the -i
(interactive) option could be set to at least first prompt the user before its removal, but users typically only learn about this option once the damage is already done.
Can we have the option to enable rmdir from the list of risky commands?
Please provide native support for Apple silicon.
Support shellfirm
in fish.
I'm using fish
as my default shell and failed to make it work so assuming it's not yet supported there?
Reduce actions
on:
push:
paths-ignore:
- '**/*.md'
List of command:
example:
heroku ps:restart
heroku ps:stop
heroku ps:kill
heroku ps:stop
heroku maintenance:on
heroku members:remove
heroku features:disable
heroku container:rm
heroku config:unset
heroku clients:destroy
heroku clients:rotate
heroku clients:update
heroku apps:destroy
heroku apps:leave
heroku apps:rename
heroku addons:destroy
heroku addons:detach
heroku access:remove
heroku access:update
for better config managment we can move all the list of check to include like:
include: git,fs,base, kubernetes, aws etc
the includes should copy to list of check like :
user_defined:
list of checks....
Please add installation instructions for Zsh without using Oh My Zsh
People using Zsh without Oh My Zsh
Pasting shellfirm.plugin.zsh
to .zshrc
Support bash
test not consistent: test config::config::can_add_checks_group
command shellfirm config reset
to be interactive:
Rest configuration will reset all checks settings. Select how to continue...
1. Yes, i want to override the current configuration
2. Override and backup the existing file
3. Cancel Or ^C
4. ```
When copy file to destination exists can be override the existing file
List of possible risky patterns:
terraform apply
- with flag -auto-approveterraform force-unlock
- with flag -forceterraform state mv
- without dryrun flag https://www.terraform.io/cli/commands/state/mvterraform state replace-provider
- with -auto-approveterraform state rm
- without -dry-runterraform workspace delete
- with -forceWhen new test added (for base.yaml for example) that test settings_config.add_checks_group(&["base".into()])
is failed .
need to move the test to take a test yaml file for better maintenance
when new test added to base
the test should't brake
Hi Elad, thanks for your good work. Can you add a feature to restrict commands at all? looks like it would be very good if the feature was held.
Very Thanks!
/.shellfirm/config.yaml
/.shellfirm/config.yaml
at all./.shellfirm/config.yaml
for example git push --force
We need the option the add/delete/change baseline check when a new version is released.
when we have:
we need the option to do it automatically when the user updates the new shellfirm version
AWS destroy commands
List of command:
TTBD
Needs to change the static /
char to Path join
for support multiple OS
https://github.com/kaplanelad/shellfirm/blob/main/src/config.rs#L299
https://github.com/kaplanelad/shellfirm/blob/main/src/config.rs#L330
https://github.com/kaplanelad/shellfirm/blob/main/src/config.rs#L344
Add the option to disable patterns from the selected groups
Some patterns that you don't want to check
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.