bronevichok

Commit Diff

Commit:: 219b2b019ea60a966315f78d50e9575bfc8ef334
From:: Sergey Bronnikov <estetus@gmail.com>
Date:: Sat Apr 15 14:43:25 2023 UTC
Message:: rules/tarantool: add rule grant_guest_full_access
Actions:: Patch | Tree

commit - 5ea965ef243224c50d8ce851ff80b7fab2e05c07
commit + 219b2b019ea60a966315f78d50e9575bfc8ef334
blob - e3767e880a98e4b96a80ecdf47f466ebfbada862
blob + 31ecb149f3c4687477bba2f7d73af1436ce5cb81
--- README.md
+++ README.md
@@ -52,6 +52,7 @@ $ spatch --sp-file coccinelle/mmap_map_failed.cocci --
 #### Tarantool-specific rules
 
 - `tarantool/box/box_cfg_raw_access`
+- `tarantool/box/grant_guest_full_access`
 - `tarantool/crypto/insecure-hash-algorithm`
 - `tarantool/digest/insecure-hash-algorithm`
 - `tarantool/vshard/bad_hash_func`
blob - /dev/null
blob + 7e050d7359db9b2fc46f11b253561f4cd1f26b5d (mode 644)
--- /dev/null
+++ rules/lua/tarantool/box/grant_guest_full_access.lua
@@ -0,0 +1,2 @@
+-- ruleid: grant_guest_full_access
+box.schema.user.grant('guest', 'read,write,execute,create,drop', 'universe')
blob - /dev/null
blob + bead57b0cd17f2e1add833a9ca5f004e7a0b0cdc (mode 644)
--- /dev/null
+++ rules/lua/tarantool/box/grant_guest_full_access.yaml
@@ -0,0 +1,10 @@
+rules:
+  - id: grant_guest_full_access
+    patterns:
+      - pattern: box.schema.user.grant('guest', $PRIVELEGE, 'universe')
+    message: Пользователю guest не предоставляют полный доступ на universe.
+    languages: [lua]
+    metadata:
+      references:
+        - https://www.tarantool.io/ru/doc/latest/book/admin/access_control/
+    severity: WARNING