shellfirm 0.3.8

`shellfirm` will intercept any risky patterns (default or defined by you) and prompt you a small challenge for double verification, kinda like a captcha for your terminal.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94

- from: aws
  test: aws\s+s3\s+rb\s+s3://
  description: "This will delete an entire S3 bucket and potentially all its contents."
  id: aws:s3_remove_bucket
  severity: High
  alternative: "aws s3 ls s3://<bucket>"
  alternative_info: "List bucket contents first to verify what would be deleted."
- from: aws
  test: aws\s+(?:--\S+\s+\S+\s+)*s3\s+rm\s+.*s3://.*--recursive|aws\s+(?:--\S+\s+\S+\s+)*s3\s+rm\s+--recursive\s+s3://
  description: "Recursively deleting all objects in an S3 bucket."
  id: aws:s3_recursive_delete
  severity: High
  filters:
    - type: NotContains
      value: "--dryrun"
- from: aws
  test: aws\s+ec2\s+terminate-instances
  description: "Terminating EC2 instances permanently destroys them and their local storage."
  id: aws:ec2_terminate
  severity: High
  alternative: "aws ec2 stop-instances"
  alternative_info: "Stop instead of terminate to preserve the instance for later restart."
- from: aws
  test: aws\s+rds\s+delete-db-instance
  description: "Deleting an RDS instance will permanently destroy the database."
  id: aws:rds_delete
  severity: High
  alternative: "aws rds delete-db-instance --skip-final-snapshot=false --final-db-snapshot-identifier <name>"
  alternative_info: "Create a final snapshot before deletion so data can be recovered."
- from: aws
  test: aws\s+iam\s+delete-(user|role|policy|group)
  description: "Deleting IAM resources can break access for services and users."
  id: aws:iam_delete
  severity: High
- from: aws
  test: aws\s+cloudformation\s+delete-stack
  description: "Deleting a CloudFormation stack will destroy all resources it manages."
  id: aws:cfn_delete_stack
  severity: High
- from: aws
  test: aws\s+route53\s+delete-hosted-zone
  description: "Deleting a Route53 hosted zone will remove all DNS records."
  id: aws:route53_delete_zone
  severity: High
- from: aws
  test: aws\s+eks\s+delete-cluster
  description: "Deleting an EKS cluster will destroy the Kubernetes control plane."
  id: aws:eks_delete_cluster
  severity: High
- from: aws
  test: aws\s+lambda\s+delete-function
  description: "Deleting a Lambda function removes it permanently."
  id: aws:lambda_delete
  severity: High
- from: aws
  test: aws\s+dynamodb\s+delete-table
  description: "Deleting a DynamoDB table permanently destroys all its data."
  id: aws:dynamodb_delete_table
  severity: High
- from: aws
  test: aws\s+sqs\s+delete-queue
  description: "Deleting an SQS queue loses all queued messages."
  id: aws:sqs_delete_queue
  severity: High
- from: aws
  test: aws\s+sns\s+delete-topic
  description: "Deleting an SNS topic breaks all subscriptions."
  id: aws:sns_delete_topic
  severity: High
- from: aws
  test: aws\s+ecr\s+delete-repository
  description: "Deleting an ECR repository removes all container images."
  id: aws:ecr_delete_repository
  severity: High
- from: aws
  test: aws\s+secretsmanager\s+delete-secret
  description: "Deleting a secret can break applications depending on it."
  id: aws:secretsmanager_delete
  severity: High
- from: aws
  test: aws\s+elasticache\s+delete-cache-cluster
  description: "Deleting an ElastiCache cluster destroys all cached data."
  id: aws:elasticache_delete_cluster
  severity: High
- from: aws
  test: aws\s+logs\s+delete-log-group
  description: "Deleting a CloudWatch log group permanently loses all log data."
  id: aws:logs_delete_log_group
  severity: High
- from: aws
  test: aws\s+ecs\s+delete-(service|cluster)
  description: "Deleting an ECS service or cluster stops all running containers."
  id: aws:ecs_delete
  severity: High