CS tool, invalid options are accepted ------------------------------------- Key: WFCORE-2418 URL: https://issues.jboss.org/browse/WFCORE-2418 Project: WildFly Core Issue Type: Bug Components: Security Reporter: Martin Choma Assignee: Darran Lofthouse Priority: Critical Labels: credential-store, wildfly-elytron-tool Curently if I provide invalid option (e.g. --option_does_not_exists) it is accepted(ignored) and command is performed {code} [mchoma@localhost bin]$ java -jar wildfly-elytron-tool.jar credential-store --add myalias --secret supersecretpassword --location="/tmp/test.store" --uri "cr-store://test?modifiable=true;create=true;keyStoreType=JCEKS" --password mycspassword --salt 12345678 --iteration 230 --summary --option_does_not_exists Alias "myalias" has been successfully stored Credential store command summary: -------------------------------------- /subsystem=elytron/credential-store=test:add(uri="cr-store://test?modifiable=true;create=true;keyStoreType=JCEKS",relative-to=jboss.server.data.dir,credential-reference={clear-text="MASK-uNWeyrmbByBEjgZM1FAPQW==;12345678;230"}) {code} It will be safer if command fail instead. It will guard users from unintentional command beeing performed. {code} [mchoma@localhost bin]$ java -jar wildfly-elytron-tool.jar credential-store --add myalias --secret supersecretpassword --location="/tmp/test.store" --uri "cr-store://test?modifiable=true;create=true;keyStoreType=JCEKS" --password mycspassword --salt 12345678 --iteration 230 --summary --option_does_not_exists wildfly-elytron-tool: invalid option -- 'option_does_not_exists' {code}