Currently Sheriff has a weird split between "webhook" and "permissions enforcement".
The enforcement script runs every ~5-10 minutes but we get notified of permission changes in realtime. We should in the webhook handler check if the change is expected and if not revert it.
We could do this a few ways:
The easiest is saying "any permission change done by anyone that isn't us" should be reverted
The most technically correct is to probably pull the config and calculate the "expected" permission state for a given webhook event and if it doesn't match restore the expected state.
This means that the lifetime of a malicious / incorrect permission assignment drops from a max of 5-10 minutes to a few seconds (the duration of the webhook)
Currently Sheriff has a weird split between "webhook" and "permissions enforcement".
The enforcement script runs every ~5-10 minutes but we get notified of permission changes in realtime. We should in the webhook handler check if the change is expected and if not revert it.
We could do this a few ways:
This means that the lifetime of a malicious / incorrect permission assignment drops from a max of 5-10 minutes to a few seconds (the duration of the webhook)