Label Reference

  • access.public

    Indicates that a request allows public access - that is, authentication is not always required to make the request.


  • audit

    Writes an audit record, i.e. a permanent record of some application activity.


  • command.perform

    • Rules

    Indicates that an event represents the invocation of command-line command, such as a shell command or a script. Rules that use the command scope can match events that are descendants of command.perform event.


  • dao.materialize

    Loads data access objects from the database into memory.

    Examples


  • deserialize.safe

    Indicates that a function performs deserialization safely.

    Examples


  • deserialize.sanitize

    Ensures that data is safe and trusted for deserialization, transforming it if necessary, and returning falsey or raising an exception if it’s impossible to make the data safe.

    A function with this label can be used to convert untrusted data such as direct user input or HTTP request parameters into trusted data.

    Note that this is not the same as ensuring that a parameter satisfies business logic constraints - such as presence or max length. It’s a security check that ensures the data cannot cause harm on deserialization.

    To be considered successful, a deserialize.sanitize function must return a truthy value.

    Examples

    • Running user-provided YAML through a “safe loader” which discards unsafe syntax such as object class names.

  • deserialize.unsafe

    Indicates that a function does not guarantee safe deserialization.

    Examples


  • http.session.clear

    Clears the HTTP session. Any previously issued session id becomes invalid.


  • job.cancel

    Cancels execution of a background job.

    Examples


  • job.create

    Schedules a background job for execution. Background jobs run in a separate thread or process from the web application request - therefore they do not block the response.

    Examples


  • job.perform

    • Rules

    Indicates that an event represents the invocation of a background job. Rules that use the command scope can match events that are descendants of job.perform event.


  • log

    Writes a message to the application log.

    Examples


  • rpc.circuit_breaker

    Indicates that a function provides circuit breaker functionality.

    When present, a circuit breaker function is expected to be invoked as a descendant of an RPC client request.

    Examples


  • secret

    Indicates that a function returns a secret value. A secret is a user password, cryptographic key, authentication token, etc that is used for authentication or other verification.

    Personally-identifiable information (PII) does not fall under the scope of the secret label.


  • security.authentication

    Verifies the identity of an application user.

    Returns truthy if the user identity is confirmed; otherwise falsey.


  • security.authorization

    Test whether the current authenticated user has permission to make a web request.

    Returns truthy if the request is allowed; otherwise falsey.


  • security.logout

    Logs out an application user.

    The function is assumed to be successful regardless of the return value.


  • string.equals

    Compares two strings for equality.

    The function receiver should be a string, and the function should take one argument that is the other string.

    Returns truthy if the strings are equal; otherwise falsey.

    Examples


  • system.exec

    Indicates that a function performs an OS system command.


  • system.exec.safe

    Indicates that a function performs an OS system command in a manner which is known to be safe.


  • system.exec.sanitize

    Ensures that data is safe and trusted for use as a system command, transforming it if necessary, and returning falsey or raising an exception if it’s impossible to make the data safe.

    A function with this label can be used to convert untrusted data such as direct user input or HTTP request parameters into trusted data.

    Note that this is not the same as ensuring that a parameter satisfies business logic constraints - such as presence or max length. It’s a security check that ensures the data cannot cause harm when used as a system command.

    To be considered successful, a system.exec.sanitize function must return a truthy value.

    Examples

    • Ensuring that a user-provided file path is a subdirectory of a known allowed directory.
    • Ensuring that a system command string does not have any potential injection or side-effects.


Was this page helpful? thumb_up Yes thumb_down No
Thank you for your feedback!