shellfirm 0.3.9

`shellfirm` will intercept any risky patterns (default or defined by you) and prompt you a small challenge for double verification, kinda like a captcha for your terminal.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95

- from: kubernetes
  test: (kubectl|k)\s+(?:-\S+\s+\S+\s+)*delete\s+(ns|namespace)
  description: "Deleting the namespace also deletes all the residing components."
  id: kubernetes:delete_namespace
  severity: Critical
  filters:
    - type: NotContains
      value: "--dry-run"
  alternative: "kubectl get all -n <namespace>"
  alternative_info: "List all resources in the namespace first to verify what will be deleted."
- from: kubernetes
  test: (k|kubectl)\s+(?:-\S+\s+\S+\s+)*delete\s+
  description: "This command will going to delete a given resource."
  id: kubernetes-strict:delete_resource
  severity: High
  filters:
    - type: NotContains
      value: "--dry-run"
- from: kubernetes
  test: ^(k|kubectl)\s+set\s+([[:word:]]+)
  description: "This command will update the given given resource."
  id: kubernetes-strict:update_resource
  severity: High
  filters:
    - type: NotContains
      value: "--dry-run"
- from: kubernetes
  test: (kubectl|k)\s+scale
  description: "This command will set a new size for a given resource."
  id: kubernetes-strict:change_resource_size
  severity: High
  filters:
    - type: NotContains
      value: "--dry-run"
- from: kubernetes
  test: (k|kubectl)\s+rollout\s+(pause|restart|resume|undo)
  description: "This command will manage a rollout for a given resource."
  id: kubernetes-strict:rollout_resource
  severity: High
  filters:
    - type: NotContains
      value: "--dry-run"
- from: kubernetes
  test: helm\s+(uninstall|delete)\s+
  description: "Removing a Helm release deletes all its managed Kubernetes resources."
  id: helm:uninstall
  severity: High
- from: kubernetes
  test: helm\s+rollback\s+
  description: "Rolling back a Helm release reverts to a previous revision."
  id: helm:rollback
  severity: Medium
- from: kubernetes
  test: helm\s+upgrade\s+.*--force
  description: "Force-upgrading a Helm release deletes and recreates resources."
  id: helm:upgrade_force
  severity: High
- from: kubernetes
  test: (kubectl|k)\s+drain\s+
  description: "Draining a node evicts all pods and marks the node unschedulable."
  id: kubernetes:drain_node
  severity: High
- from: kubernetes
  test: (kubectl|k)\s+cordon\s+
  description: "Cordoning a node prevents new pods from being scheduled on it."
  id: kubernetes:cordon_node
  severity: Medium
- from: kubernetes
  test: (kubectl|k)\s+replace\s+.*--force
  description: "Force-replacing a resource deletes and recreates it, causing downtime."
  id: kubernetes:replace_force
  severity: High
  filters:
    - type: NotContains
      value: "--dry-run"
- from: kubernetes
  test: (kubectl|k)\s+(?:-\S+\s+\S+\s+)*delete\s+.*--all(\s|$)
  description: "Deleting all resources of a type wipes everything in the namespace."
  id: kubernetes:delete_all_resources
  severity: Critical
  filters:
    - type: NotContains
      value: "--dry-run"
  alternative: "kubectl get <resource> -n <namespace>"
  alternative_info: "List resources first to verify what would be deleted."
- from: kubernetes
  test: (kubectl|k)\s+(?:-\S+\s+\S+\s+)*apply\s+.*--force(\s|$)
  description: "Force-applying deletes and recreates resources, causing downtime."
  id: kubernetes:apply_force
  severity: High
  filters:
    - type: NotContains
      value: "--dry-run"
  alternative: "kubectl apply -f <file>"
  alternative_info: "Apply without --force to update resources in-place without downtime."