shellfirm 0.3.9

`shellfirm` will intercept any risky patterns (default or defined by you) and prompt you a small challenge for double verification, kinda like a captcha for your terminal.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28

- from: shell
  test: 'curl\s+.*\|\s*(?:sudo\s+)?(bash|sh|zsh|fish|source\s)'
  description: "Piping remote content directly to shell executes arbitrary code without inspection."
  id: shell:curl_pipe_to_shell
  severity: High
  alternative: "curl -o script.sh <url> && cat script.sh && bash script.sh"
  alternative_info: "Download first, review the script, then execute it."
- from: shell
  test: 'wget\s+.*-\S*O\s*-\s.*\|\s*(?:sudo\s+)?(bash|sh|zsh|fish)'
  description: "Piping downloaded content to shell executes arbitrary code without inspection."
  id: shell:wget_pipe_to_shell
  severity: High
  alternative: "wget -O script.sh <url> && cat script.sh && bash script.sh"
  alternative_info: "Download first, review the script, then execute it."
- from: shell
  test: 'eval\s+"?\$\(curl'
  description: "Evaluating remote content executes arbitrary code without inspection."
  id: shell:eval_curl
  severity: High
  alternative: "curl -o script.sh <url> && cat script.sh && source script.sh"
  alternative_info: "Download first, review the script, then source it."
- from: shell
  test: 'curl\s+.*\|\s*(?:sudo\s+)?(python3?|perl|ruby)\b'
  description: "Piping remote content to an interpreter executes arbitrary code without inspection."
  id: shell:curl_pipe_to_interpreter
  severity: High
  alternative: "curl -o script.py <url> && cat script.py && python script.py"
  alternative_info: "Download first, review the script, then execute it."