A significant concern is the balancing of user input sanitization vs. flexibility. Regular expressions could cause a ReDoS vector without filtering if the tool is used upstream in other projects. However, filtering removes groups, or operators, * extensions, and more, essentially making regular expressions useless.
I have used timeouts to prevent long-running regular expressions (e.g., preventing ReDoS through execution limits). This required the non-standard-library package regex, which provides timeouts.
The new filters are:
/ -> REGEX
^/ -> NOT_REGEX
The new info page is:
+----+
|NOTE|
+----+
Jockey is a work-in-progress currently only supports querying:
units
machines
+-------+
|FILTERS|
+-------+
Filters have a three-part syntax:
<object type><filter code><content>
<object type> can be any supported Juju object types or their equivalent
abbreviations (see "SHORT NAMES", below). These values are identical to the
`object` argument in the Jockey CLI.
<filter code> specifies how objects should be filtered relative to <content>
There are four possible values for <filter code>:
= : matches
^= : does not match
~ : contains
^~ : does not contain
/ : matches regex
^/ : does not match regex
Exactly one <filter code> must be given per filter.
<content> is a given string that will be used to filter Juju object names.
+-----------+
|SHORT NAMES|
+-----------+
Jockey object name abbreviations:
OBJECT TYPE SHORT NAMES
charms charm, c
applications app, apps, application, a
units unit, u
machines machine, m
ips address, addresses, ip, i
hostnames hostname, host, hosts, h
+---------------+
|EXAMPLE QUERIES|
+---------------+
Get all units:
jockey units
Get all nova-compute units:
jockey units application=nova-compute
Get the hw-health unit on a machine with a partial hostname "e01":
jockey u a=hw-health host~e01
Get all non-lxd machines:
jockey m m^~lxd
Get units for applications matching a regular expression:
jockey u a/'telegraf-ceph-(osd|mon)'
+-------------------+
|OPERATIONS EXAMPLES|
+-------------------+
Run a 'show-sel' action a machine with a partial host name 'ts1363co':
juju run-action --wait $(jockey u a~hw-hea m~ts1363co) show-sel
This PR adds regular expression filters per #1.
A significant concern is the balancing of user input sanitization vs. flexibility. Regular expressions could cause a ReDoS vector without filtering if the tool is used upstream in other projects. However, filtering removes groups,
or
operators,*
extensions, and more, essentially making regular expressions useless.I have used timeouts to prevent long-running regular expressions (e.g., preventing ReDoS through execution limits). This required the non-standard-library package
regex
, which provides timeouts.The new filters are:
/
->REGEX
^/
->NOT_REGEX
The new info page is: