Skip to content

[SECRES-3850] Handle non-interactive shells gracefully #158

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ikretz merged 8 commits into from
Oct 7, 2025
Merged

[SECRES-3850] Handle non-interactive shells gracefully #158

ikretz merged 8 commits into from
Oct 7, 2025

Conversation

@ikretz
Copy link
Collaborator

@ikretz ikretz commented Oct 7, 2025
edited
Loading

This PR adds a check during scfw run for whether we're running in a non-interactive shell. This is relevant when the user must provide interactive input to confirm a command with only warning-level findings. Instead of erroring out, SCFW now defaults to blocking in this situation. Users can change this default behavior by adding --allow-on-warning to their SCFW command-line.

For cases where users are unable or unwilling to update their command lines, this PR also allows users to configure this auto-allow/auto-block behavior by setting a new environment variable SCFW_ON_WARNING to "ALLOW" or "BLOCK".

The command-line options and environment variables determine the warning-level action as follows:

  1. If --block-on-warning or --allow-on-warning is set, behave accordingly
  2. Else if SCFW_ON_WARNING is set and valid, behave accordingly
  3. Else if in a non-interactive shell, BLOCK,
  4. Else, ask the user for confirmation and act accordingly

Other changes include:

  • Adding more precise error checking and logs while configuring the Datadog Agent
  • Update README with detail on useful CLI options and the new environment variables
  • Move the file containing configuration-related constants to the top-level directory

@ikretz ikretz marked this pull request as ready for review October 7, 2025 12:51
tesnim5hamdouni
tesnim5hamdouni reviewed Oct 7, 2025
View reviewed changes
@ikretz ikretz merged commit 278cf30 into main Oct 7, 2025
192 of 193 checks passed
@ikretz ikretz deleted the ikretz/env-allow-block branch October 7, 2025 14:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tesnim5hamdouni tesnim5hamdouni tesnim5hamdouni approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ikretz @tesnim5hamdouni