extern/bruno
1
0
Fork 1
mirror of https://github.com/usebruno/bruno.git synced 2024-11-07 16:44:27 +01:00
Code Issues Packages Projects Releases Wiki Activity

feat(#306): module whitelisting support

Browse Source
This commit is contained in:
Anoop M D 2023-10-07 03:19:02 +05:30
parent 0f3a8a87bb
commit e3679c9ee9
3 changed files with 48 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
packages/bruno-js/package.json
View File

@ -1,6 +1,6 @@
{
"name": "@usebruno/js",
"version": "0.6.0",
"version": "0.8.0",
"license": "MIT",
"main": "src/index.js",
"files": [

33
packages/bruno-js/src/runtime/script-runtime.js
View File

@ -8,6 +8,7 @@ const zlib = require('zlib');
const url = require('url');
const punycode = require('punycode');
const fs = require('fs');
const { get } = require('lodash');
const Bru = require('../bru');
const BrunoRequest = require('../bruno-request');
const BrunoResponse = require('../bruno-response');
@ -38,10 +39,23 @@ class ScriptRuntime {
collectionPath,
onConsoleLog,
processEnvVars,
allowScriptFilesystemAccess
scriptingConfig
) {
const bru = new Bru(envVariables, collectionVariables, processEnvVars, collectionPath);
const req = new BrunoRequest(request);
const allowScriptFilesystemAccess = get(scriptingConfig, 'filesystemAccess.allow', false);
const moduleWhitelist = get(scriptingConfig, 'moduleWhitelist', []);
const whitelistedModules = {};
for (let module of moduleWhitelist) {
try {
whitelistedModules[module] = require(module);
} catch (e) {
// Ignore
console.warn(e);
}
}
const context = {
bru,
@ -89,6 +103,7 @@ class ScriptRuntime {
chai,
'node-fetch': fetch,
'crypto-js': CryptoJS,
...whitelistedModules,
fs: allowScriptFilesystemAccess ? fs : undefined
}
}
@ -111,11 +126,24 @@ class ScriptRuntime {
collectionPath,
onConsoleLog,
processEnvVars,
allowScriptFilesystemAccess
scriptingConfig
) {
const bru = new Bru(envVariables, collectionVariables, processEnvVars, collectionPath);
const req = new BrunoRequest(request);
const res = new BrunoResponse(response);
const allowScriptFilesystemAccess = get(scriptingConfig, 'filesystemAccess.allow', false);
const moduleWhitelist = get(scriptingConfig, 'moduleWhitelist', []);
const whitelistedModules = {};
for (let module of moduleWhitelist) {
try {
whitelistedModules[module] = require(module);
} catch (e) {
// Ignore
console.warn(e);
}
}
const context = {
bru,
@ -163,6 +191,7 @@ class ScriptRuntime {
axios,
'node-fetch': fetch,
'crypto-js': CryptoJS,
...whitelistedModules,
fs: allowScriptFilesystemAccess ? fs : undefined
}
}

17
packages/bruno-js/src/runtime/test-runtime.js
View File

@ -9,6 +9,7 @@ const zlib = require('zlib');
const url = require('url');
const punycode = require('punycode');
const fs = require('fs');
const { get } = require('lodash');
const Bru = require('../bru');
const BrunoRequest = require('../bruno-request');
const BrunoResponse = require('../bruno-response');
@ -38,11 +39,24 @@ class TestRuntime {
collectionPath,
onConsoleLog,
processEnvVars,
allowScriptFilesystemAccess
scriptingConfig
) {
const bru = new Bru(envVariables, collectionVariables, processEnvVars, collectionPath);
const req = new BrunoRequest(request);
const res = new BrunoResponse(response);
const allowScriptFilesystemAccess = get(scriptingConfig, 'filesystemAccess.allow', false);
const moduleWhitelist = get(scriptingConfig, 'moduleWhitelist', []);
const whitelistedModules = {};
for (let module of moduleWhitelist) {
try {
whitelistedModules[module] = require(module);
} catch (e) {
// Ignore
console.warn(e);
}
}
const __brunoTestResults = new TestResults();
const test = Test(__brunoTestResults, chai);
@ -106,6 +120,7 @@ class TestRuntime {
nanoid,
chai,
'crypto-js': CryptoJS,
...whitelistedModules,
fs: allowScriptFilesystemAccess ? fs : undefined
}
}