# shellfirm
Opppppsss you did it again? :scream: :scream: :cold_sweat:
How do I save myself from myself?
* `rm -rf *`
* `git reset --hard` Before hitting the enter key?
* `kubectl delete ns` Stop! you are going to delete a lot of resources
* And many more!
Do you want to learn from other people's mistakes?
`shellfirm` will intercept any risky patterns and immediately prompt a small challenge that will double verify your action, think of it as a captcha for your terminal.
```bash
rm -rf /
#######################
# RISKY COMMAND FOUND #
#######################
* You are going to delete everything in the path.
Solve the challenge: 8 + 0 = ? (^C to cancel)
```
## How does it work?
`shellfirm` will evaluate all the shell commands behind the scenes.
If a risky pattern is detected, you will immediately get a prompt with the relevant warning to verify your command.
## Example

## Setup your shell
### Install via brew
```bash
brew tap kaplanelad/tap && brew install shellfirm
```
Or download the binary file from [releases page](https://github.com/kaplanelad/shellfirm/releases), unzip the file and move to `/usr/local/bin` folder.
Validate shellfirm installation
```
shellfirm --version
```
## Verify installation
```
mkdir /tmp/shellfirm
cd /tmp/shellfirm
git reset --hard
```
## Select your shell
Oh My Zsh
Download zsh plugin:
```sh
curl https://raw.githubusercontent.com/kaplanelad/shellfirm/main/shell-plugins/shellfirm.plugin.oh-my-zsh.zsh --create-dirs -o ${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/shellfirm/shellfirm.plugin.zsh
```
Add `shellfirm` to the list of Oh My Zsh plugins when Zsh is loaded(inside ~/.zshrc):
```bash
plugins=(... shellfirm)
```
Bash
Bash implementation is based on https://github.com/rcaloras/bash-preexec project, which adds a pre-exec hook to catch the command before executing.
```sh
# Download bash-preexec hook functions.
curl https://raw.githubusercontent.com/rcaloras/bash-preexec/master/bash-preexec.sh -o ~/.bash-preexec.sh
# Source our file at the end of our bash profile (e.g. ~/.bashrc, ~/.profile, or ~/.bash_profile)
echo '[[ -f ~/.bash-preexec.sh ]] && source ~/.bash-preexec.sh' >> ~/.bashrc
# Download shellfirm pre-exec function
curl https://raw.githubusercontent.com/kaplanelad/shellfirm/main/shell-plugins/shellfirm.plugin.sh -o ~/.shellfirm-plugin.sh
# Load pre-exec command on shell initialized
echo 'source ~/.shellfirm-plugin.sh' >> ~/.bashrc
```
fish
```sh
curl https://raw.githubusercontent.com/kaplanelad/shellfirm/main/shell-plugins/shellfirm.plugin.fish -o ~/.config/fish/conf.d/shellfirm.plugin.fish
```
Zsh
```sh
# Add shellfirm to conf.d fishshell folder
curl https://raw.githubusercontent.com/kaplanelad/shellfirm/main/shell-plugins/shellfirm.plugin.zsh -o ~/.shellfirm-plugin.sh
echo 'source ~/.shellfirm-plugin.sh' >> ~/.zshrc
```
Docker
* [bash](./docs/docker/bash)
* [zsh](./docs/docker/zsh)
:information_source: Open a new shell session
:eyes: :eyes: [Verify installation](./README.md#verify-installation) :eyes: :eyes:
You should get a `shellfirm` prompt challenge.
**If you didn't get the prompt challenge:**
1. Make sure the `shellfirm --version` returns a valid response.
2. Make sure that you downloaded the Zsh plugin and added it to the Oh My Zsh plugins in .zshrc.
## Risky commands
We have predefined a baseline of risky groups command that will be enabled by default, these are risky commands that might be destructive.
| Group | Enabled By Default |
| --- | --- |
| [base](./docs/checks/base.md) | `true` |
| [git](./docs/checks/git.md) | `true` |
| [fs](./docs/checks/fs.md) | `true` |
| [fs-strict](./docs/checks/fs-strict.md) | `false` |
| [kubernetes](./docs/checks/kubernetes.md) | `false` |
| [kubernetes-strict](./docs/checks/kubernetes-strict.md) | `false` |
| [heroku](./docs/checks/heroku.md) | `false` |
| [terraform](./docs/checks/terraform.md) | `false` |
### Add/Remove new group checks
```bash
shellfirm config update-groups
```
## Change challenge:
Currently we support 3 different challenges when a risky command is intercepted:
* `Math` - Default challenge which requires you to solve a math question.
* `Enter` - Required only to press `Enter` to continue.
* `Yes` - Required typing `yes` to continue.
You can change the default challenge by running the command:
```bash
shellfirm config challenge
```
*At any time you can cancel a risky command by hitting `^C`*
## Ignore pattern:
You can disable one or more patterns in a selected group by running the command:
```bash
shellfirm config ignore
```
## Deny pattern command:
Restrict user run command by select pattern id's that you not allow to run in the shell:
```bash
shellfirm config deny
```
## To Upgrade `shellfirm`
```bash
brew upgrade shellfirm
```
## Contributing
Thank you for your interest in contributing! Please refer to [contribution guidelines](./CONTRIBUTING.md) for guidance.
# Copyright
Copyright (c) 2022 [@kaplanelad](https://github.com/kaplanelad). See [LICENSE](LICENSE.txt) for further details.