introduce a new 'order' keyword in the ACL rules (see #305)

parent 85e513bf
Pipeline #1685 passed with stages
in 11 minutes and 37 seconds
......@@ -11,6 +11,7 @@ Current
- Add: new `audit logging <>`_ system
- Add: new ``bui-monitor`` processes pool + ``async`` backend to parallelize some requests `#278 <>`_
- Add: new `listen` and `listen_status` options in burp-2.2.10 `#279 <>`_
- Add: new `order` keyword in ACL definitions in order to decide whether `rw` should be evaluated first or not `#305 <>`__
- Add: allow to hide selected clients/servers `#282 <>`_
- Add: allow to delete clients data upon removal `#232 <>`_
- Add: allow to create clients from templates in one call `#266 <>`_
......@@ -10,6 +10,7 @@ jQuery/Bootstrap
.. moduleauthor:: Ziirish <>
import os
import sys
import json
import time
import logging
......@@ -116,7 +117,7 @@ def create_app(conf=None, verbose=0, logfile=None, **kwargs):'Using configuration: {}'.format(app.config['CFG']))
app.setup(app.config['CFG'], unittest, cli)
if cli and not websocket_server:
if cli and not websocket_server and 'shell' not in sys.argv:
return app
if debug:
This diff is collapsed.
......@@ -787,6 +787,22 @@ keyword.
deletable), you can also create/update/delete client configuration files.
Since *v0.7.0*, you can also define an additional ``order`` keyword in order
to specify in which order the ACL engine should evaluate the rules (should we
match ``ro`` first or ``rw``). The default evaluation order is ``rw`` then ``ro``.
myuser = '{"agents": {"agent1": {"order": ["ro", "rw"], "ro": ["client.specific.*"], "rw": ["client.*"]}}}'
With the above rule, the engine will treat ``client.specific.test`` as ``ro``
whereas without the ``order`` keywoard, ``client.specific.test`` would have
matched the ``rw`` rule first and thus would be considered as ``rw``.
About the ``inverse_inheritance`` option, here is a concrete example. We assume
you have this piece of configuration:
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment