search

USBGuard / usbguard

USBGuard is a software framework for implementing USB device authorization policies (what kind of USB devices are authorized) as well as method of use policies (how a USB device may interact with the system)
https://usbguard.github.io/
GNU General Public License v2.0
1.1k stars 133 forks source link

clarify the exact semantics of comments in the rules config #575

Open calestyo opened 1 year ago

calestyo commented 1 year ago

Hey.

As per discussion in: https://github.com/USBGuard/usbguard/issues/461#issuecomment-1341166832 and especially because of the security sensitive nature of rules.conf, please clarify the exact semantics of comments in it.

I.e., is it just if there's only leading whitespace before the #?
Is generally everything after a # (and including that) ignored (i.e. "end of line comments"), and if so, what if the # appears in some value of a rule, e.g. a USB device name, or is there some kind of detection whether it's part of a value?

Thanks, Chris.

Cropi commented 1 year ago

Everything after the "#" symbol until the end of the line is treated as a comment if and only if the line starts with that particular symbol or has at least one leading whitespace character before the "#". The only exception is when it's part of the rule between quotation marks, e.g. part of the device name. However, not all fields of a rule can contain a "#" symbol, e.g. the device ID must have a format of XXXX:YYYY. I think there is nothing wrong with that.