feat: Implement ordered rules security system#5
Merged
Conversation
This commit adds complete documentation for the new security system: - SECURITY.md: Full security documentation with detailed explanations - Rule evaluation algorithm (first-match wins) - Visual examples with step-by-step tables - Complete CLI command reference - Best practices and troubleshooting guide - FAQ section for common questions - QUICKSTART-SECURITY.md: 5-minute quick start guide - Basic concepts and first steps - Common setup examples (docs, Python, paranoid mode) - Rule ordering explanation - Global vs project configuration - README.md: Updated with security section - Quick security setup examples - Key security features overview - Rule evaluation explanation - Links to full documentation Documentation highlights: - Clear explanation of first-match wins behavior - Visual tables showing rule evaluation step-by-step - Examples of correct vs wrong rule ordering - Security best practices for different use cases - Complete CLI command reference for config management Related to #4
This commit implements a comprehensive security system for gtext based on ordered rules with first-match wins logic. ## Core Implementation ### config.py - Add ordered rules system for protocols (cli, static, glob) - Implement first-match wins evaluation algorithm - Add rule management methods: - add_rule: Add new security rules - remove_rule: Remove by index or name - move_rule: Reorder rules (up, down, top, bottom) - clear_rules: Remove all rules for a protocol - Global and project-level configuration support - Dangerous metacharacter detection (;, &, |, $, `, <, >) - Pattern matching with Unix wildcards (*, ?, []) ### cli.py - Add 'config' command group with subcommands: - show: View merged configuration (global + project) - :cli/:static/:glob subgroups for protocol-specific management - add_rule: Add security rules - remove_rule: Remove rules by index or name - list_rules: List rules for a protocol - clear_rules: Clear all rules - rule: Reorder rules (up, down, top, bottom) - Support for --global flag to manage system-wide rules - Support for --name flag to name rules for easier management - JSON output format with --json flag ### include.py - Integrate security checks at protocol dispatch point - Block commands/includes without matching allow rule - Return descriptive error messages for security violations - Enforce secure-by-default policy ## Test Coverage ### tests/test_config.py (39 tests) - Unit tests for all config.py methods - Edge case tests for wildcards, boundaries, errors - Pattern matching tests (*, ?, []) - Protocol independence tests - Global/project merge logic tests - 90% coverage on config.py ### tests/test_cli_security.py (17 tests) - CLI command tests using subprocess - Tests for all config CLI commands - Global vs project configuration - Rule management (add, remove, move, clear) - JSON output format - Help message tests ### tests/test_security_integration.py (9 tests) - Integration tests with rendering - First-match wins logic verification - Dangerous metacharacter blocking - Pattern matching in real documents - Global precedence verification - Protocol-specific rule enforcement ## Key Features - **Secure by Default**: Everything denied unless explicitly allowed - **First-Match Wins**: Rules evaluated in order, first match determines result - **Protocol-Specific**: Independent rules for cli, static, glob - **Global & Project**: System-wide + project-specific configuration - **Rule Ordering**: Critical for security - specific before general - **Dangerous Characters**: Always blocked (;, &, |, $, `, <, >) - **Pattern Matching**: Unix wildcards (*, ?, [abc], [a-z]) ## Test Results All 65 tests passing: - test_config.py: 39 tests ✓ - test_cli_security.py: 17 tests ✓ - test_security_integration.py: 9 tests ✓ - Coverage: 90% on config.py Fixes #4
genro
force-pushed
the
feature/config-security
branch
from
55e75a2 to
d6b571c
Compare
- Split long lines to respect 100 char limit - Rename DANGEROUS constant to lowercase dangerous - Fix import ordering
- Create conftest.py with setup_permissive_security fixture - Automatically configure allow-all rules for non-security tests - Exclude security-specific test modules (test_cli_security, test_config, test_security_integration) - Fix test_cli_command_nonzero_exit to use 'false' instead of dangerous semicolon This allows existing tests to work with the new security system without modification while keeping security tests isolated.
Welcome to Codecov 🎉Once you merge this PR into your default branch, you're all set! Codecov will compare coverage reports and display results in all future pull requests. Thanks for integrating Codecov - We've got you covered ☂️ |
Replace ✓ -> OK:, ✗ -> ERROR:, → -> -> to fix encoding issues on Windows where charmap codec cannot handle Unicode characters. This fixes test failures on Windows CI runners.
Replace 'date' command with 'python -c' for cross-platform compatibility. The 'date' command is not available or works differently on Windows. This fixes test_render_with_allowed_command on Windows CI.
9 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR implements a comprehensive security system for gtext based on ordered rules with first-match wins evaluation logic.
Key Features:
cli:,static:,glob:protocols;,&,|,$,`,<,>) always blockedImplementation:
config.py: Ordered rules system with first-match evaluation algorithmcli.py: Complete CLI commands for security configuration managementinclude.py: Security checks at protocol dispatch pointDocumentation:
SECURITY.md: Full security documentation with visual examples and step-by-step explanationsQUICKSTART-SECURITY.md: 5-minute quick start guideREADME.md: Updated with security section and CLI referenceTest Plan
Breaking Changes
Existing gtext users will need to configure security rules after upgrading:
See
QUICKSTART-SECURITY.mdfor migration guidance.Fixes #4