policy review document #8
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
leotm
reviewed
Sep 6, 2024
leotm
reviewed
Sep 6, 2024
leotm
reviewed
Sep 6, 2024
leotm
reviewed
Sep 6, 2024
leotm
reviewed
Sep 6, 2024
leotm
reviewed
Sep 6, 2024
leotm
reviewed
Sep 6, 2024
leotm
reviewed
Sep 6, 2024
leotm
reviewed
Sep 6, 2024
Co-authored-by: LeoTM <[email protected]>
leotm
previously approved these changes
Sep 16, 2024
leotm
reviewed
Sep 16, 2024
leotm
force-pushed
the
naugtur/policy-diff
branch
from
3ea03c3 to
4aa1355
Compare
- markdownlint: specify json in fenced code block - prettier: format doc, except powerful APIs table
leotm
force-pushed
the
naugtur/policy-diff
branch
from
4aa1355 to
e7ee012
Compare
boneskull
approved these changes
Sep 16, 2024
|
|
||
| The Policy File generated by LavaMoat is based on a scan of your codebase, identifying all the powers it uses. The initial policy doesn't provide security on its own. Instead, it's your review of the initial policy and the subsequent updates (with new or updated dependencies) that makes your application secure. | ||
|
|
||
| Reviewing diffs as you go lets you spot suspicious packages or limit the powers you wish newly added packages can use. |
There was a problem hiding this comment.
Suggested change
| Reviewing diffs as you go lets you spot suspicious packages or limit the powers you wish newly added packages can use. | |
| Reviewing diffs as dependencies change lets you spot suspicious packages and/or limit the powers granted to new dependencies. |
- again unsure about "powers"
- "granted" may not be the right/consistent terminology
| Reviewing diffs as you go lets you spot suspicious packages or limit the powers you wish newly added packages can use. | ||
|
|
||
| The review of your initial policy may seem like a lot of effort, but it's an investment in a good starting point for your application. | ||
| If you generate the initial policy from a known uncompromised version of your application, the main purpose of the initial review is to potentially take away some of the excessive powers from packages you don't use in their full capacity. |
There was a problem hiding this comment.
this is kind of a run-on sentence. maybe break up into something like
The purpose of the initial review is twofold:
1. It helps you build confidence that the current state of your app is not compromised
2. You may deny powers to dependencies if you determine they are excessive (assuming it does not break your app)|
|
||
| The goal of reviewing the diff is to spot a malicious package being added. | ||
|
|
||
| #### TL;DR |
There was a problem hiding this comment.
this usually comes first 😄
There was a problem hiding this comment.
It's a TLDR of this paragraph - what to look for.
Comment on lines
30
to
33
| - check `globals` and `builtins` for new powers and investigate if you're surprised the package would need them | ||
| - check if new relationships in `packages` are pointing to packages with very [powerful APIs](#powerful-apis) (e.g. spawning child processes in Node.js) | ||
| - be aware that the identifier may change to `pkgC>actual-name` from `pkgB>pkgA>actual-name` BUT! If the package now also has totally different powers, it's likely a different package of the same name. Investigate! `npm ls actual-name` should help. | ||
| - when a new package is added, consider limiting its powers to what you actually use. |
There was a problem hiding this comment.
- I'd capitalize the first letter of each list item
- remove periods at the end of the last two items
- he fourth item is unclear to me. you mean: identify the powers my app uses? (how do I do this?) I want to disallow anything that isn't in that my list of powers?
I hereby give you the explicit (altho not new) permission to add a commit with grammar/style edits to a branch where I write prose without asking first. |
Co-authored-by: Christopher Hiller <[email protected]>
Co-authored-by: Christopher Hiller <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.