-
Notifications
You must be signed in to change notification settings - Fork 135
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Expected command pattern instead of strict and relaxed alignment #46
Comments
I think that just recording what was run and having the client software On Fri, Nov 18, 2016 at 12:42 PM, lukpueh notifications@github.com wrote:
|
Sounds good to me. |
In a previous commit we added a custom CommandAlignmentFailed exception and replaced log with print in case of soft fail. This commit removes the custom exception (1) and changes print back to log (2) for the following reasons. (1) We decided use log throughout the library also for user feedback because it is more powerful and can easily be toggled programatically, see discussion #6 (comment) (2) We decided to never hard fail command alignment because the check is of informational character rather than a security guarantee. See #46 The commit also adds unit tests for command alignment
In a previous commit we added a custom CommandAlignmentFailed exception and replaced log with print in case of soft fail. This commit removes the custom exception (1) and changes print back to log (2) for the following reasons. (1) We decided use log throughout the library also for user feedback because it is more powerful and can easily be toggled programatically, see discussion #6 (comment) (2) We decided to never hard fail command alignment because the check is of informational character rather than a security guarantee. See #46 The commit also adds unit tests for command alignment
Currently we pass command verification upon strict (must be equal) and relaxed (must have an equal prefix) alignment of recorded command and expected command. The following examples show in what cases the alignment passes or fails.
As one can see in above examples that semantically equal commands sometimes fail whereas syntactically (relaxed) equal commands can pass although they have very different semantics.
@vladimir-v-diaz brought up the idea of using match patterns. We could use regex or a subset of regex like implemented by fnmatch. This would allow either fail or pass and get rid of the relaxed pass.
In any case command alignment does not provide strong security guarantees, since recorded commands can be easily faked using alias, symlinks or the like.
The text was updated successfully, but these errors were encountered: