Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Provide more documentation on source code protection
See original GitHub issueIn one of my jobs I expected harden-runner to fail the job as I overwrite the source code using sed in one of the shell steps. But nothing happened with egress-policy: audit
How does the source code protection work, what does it protect against exactly?
Will it warn / inform about source code being overwritten, or does it block the system call? Does that depend on the setting of the egress-policy?
Is it allowed to create new files, or I just can’t overwrite existing files? Is there a way to provide a white-list of files allowed to be overwritten by a certain step?
Keep on with the great work, thanks a lot for harden-runner
Issue Analytics
- State:
- Created a year ago
- Comments:7 (4 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
I see! Thank you a lot for the quick explanation.
Maybe there can be a config option for the extensions, or a way to whitelist certain files at some point. But I do agree that it’s also very important to keep things simple. I’m okay with your chosen trade off for now 😃
In our case we have a lot of infrastructure code (kubernetes and terraform), maybe some people want to protect that too as the infrastructure might be an even more powerful attack vector.
Closing this issue as done. Feel free to re-open if there is feedback on documentation. Thanks!