shellfirm 0.3.9

`shellfirm` will intercept any risky patterns (default or defined by you) and prompt you a small challenge for double verification, kinda like a captcha for your terminal.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60

- from: terraform
  test: terraform\s+apply.*-auto-approve
  method: Regex
  enable: true
  description: "apply state without asking for confirmation."
  id: terraform:apply_with_auto_approve
  severity: Critical
  alternative: "terraform plan -out=plan.tfplan && terraform apply plan.tfplan"
  alternative_info: "Review the plan first, then apply from the saved plan file for a controlled deployment."
- from: terraform
  test: terraform\s+destroy\s+.*-auto-approve
  method: Regex
  enable: true
  description: "This command will destroy all managed infrastructure without asking for confirmation."
  id: terraform:destroy_auto_approve
  severity: Critical
  alternative: "terraform plan -destroy"
  alternative_info: "Preview what would be destroyed first, then run 'terraform destroy' with manual approval."
- from: terraform
  test: terraform\s+state\s+(mv|replace-provider)
  method: Regex
  enable: true
  description: "Move state without asking for confirmation."
  id: terraform:state
  severity: High
  filters:
    - type: NotContains
      value: "-dry-run"
  alternative: "terraform state <cmd> -dry-run"
  alternative_info: "Preview the state change with -dry-run before actually modifying state."
- from: terraform
  test: terraform\s+state\s+rm\s
  method: Regex
  enable: true
  description: "Removing a resource from state causes Terraform to lose track of existing infrastructure."
  id: terraform:state_rm
  severity: High
  alternative: "terraform state list"
  alternative_info: "List resources in state first to verify what you're removing."
- from: terraform
  test: terraform\s+workspace\s+delete.*(-force)
  method: Regex
  enable: true
  description: "Delete a Terraform workspace without asking for confirmation."
  id: terraform:workspace_delete_with_force_flag
  severity: High
- from: terraform
  test: terraform\s+workspace\s+delete.*(-lock=false)
  method: Regex
  enable: true
  description: "Delete a Terraform workspace without asking for confirmation."
  id: terraform:workspace_delete_without_lock
  severity: High
- from: terraform
  test: terraform\s+force-unlock\s+.*(-force)
  method: Regex
  enable: true
  description: "Manually unlock the state for the defined configuration. without asking for confirmation."
  id: terraform:force_unlock_with_force_flag
  severity: High