Discuss: LAMS enforcing untrusted LookML changes

[fabio-looker]

LAMS is a linter and not yet designed/advertised as a secure enforcement mechanism against uncooperative or even malicious code changes, however it could be a desirable use case. For example, ensuring that access-related LookML declarations are not removed.

Some steps have been taken to work towards this use case: (1) manifest overrides provided by command line argument from outside the project, (2) the allowExemptions: no argument.

However, more work (both known and unknown) would need to be done. This issue will centralize such considerations.

• (Known) Rules are passed access to matched values and the overall project, and could mutate them to affect subsequent rules. Mutation of the passed values should be prevented. A replacement mechanism for pre-processing (e.g. building an index of fields) could be provided.
• (Known) Allow LAMS to run without LAMS conditional comments which could make a project appear to comply with rules while not actually complying with them. Rules can still/already be provided without conditional comments given recent work on alternative manifest sourcing options.
• (Unknown) A probably ever present consideration is Liyad unintentionally exposing some jailbreaking of undesireable Javascript globals leading to unrestricted code execution. Some were initially reported and have been patched, but there could be unknown vectors still.