Skip to content

Commit

Permalink
Added: Detect any folder deletion (rmdir) command. (#129)
Browse files Browse the repository at this point in the history
  • Loading branch information
Geoff12889 authored Aug 9, 2023
1 parent 931d41b commit da4c5b2
Show file tree
Hide file tree
Showing 6 changed files with 48 additions and 3 deletions.
2 changes: 1 addition & 1 deletion Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 3 additions & 1 deletion docs/checks/fs-strict.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,9 @@

:warning: make sure that `fs` group also enabled :warning:

* Detect any deletion (`rm`) command.
* Detect any deletion (`rm`) command.

* Detect any folder deletion (`rmdir`) command.

* Detect and permissions changes (`chmod`) command.

Expand Down
2 changes: 1 addition & 1 deletion shellfirm/Cargo.toml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
[package]
name = "shellfirm"
description = "`shellfirm` will intercept any risky patterns (default or defined by you) and prompt you a small challenge for double verification, kinda like a captcha for your terminal."
version = "0.2.7"
version = "0.2.8"
edition = "2021"
authors = ["Elad-Kaplan <[email protected]>"]
license = "MIT"
Expand Down
6 changes: 6 additions & 0 deletions shellfirm/checks/fs-strict.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -6,5 +6,11 @@
test: rm\s{1,}(?:-rf|-fr|-r|-f)?\s*(.*)
description: "Are you sure you want to continue with deletion?"
id: fs-strict:any_deletion
filters:
IsExists: "1"
- from: fs-strict
test: rmdir\s
description: "Are you sure you want to continue with deletion?"
id: fs-strict:folder_deletion
filters:
IsExists: "1"
7 changes: 7 additions & 0 deletions shellfirm/tests/checks/fs-strict-folder_deletion.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
---
- test: rmdir TestFolder
description: match command by finding existing file
- test: rmdir -pv TestFolder
description: match command with flags
- test: rmdir -pv TestFolder
description: match command with spaces
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
---
source: shellfirm/tests/checks.rs
expression: test_file_results
---
[
TestSensitivePatternsResult {
file_path: "fs-strict-folder_deletion.yaml",
test: "rmdir TestFolder",
check_detection_ids: [
"fs-strict:folder_deletion",
],
test_description: "match command by finding existing file",
},
TestSensitivePatternsResult {
file_path: "fs-strict-folder_deletion.yaml",
test: "rmdir -pv TestFolder",
check_detection_ids: [
"fs-strict:folder_deletion",
],
test_description: "match command with flags",
},
TestSensitivePatternsResult {
file_path: "fs-strict-folder_deletion.yaml",
test: "rmdir -pv TestFolder",
check_detection_ids: [
"fs-strict:folder_deletion",
],
test_description: "match command with spaces",
},
]

0 comments on commit da4c5b2

Please sign in to comment.