extern/bruno
1
0
Fork 1
mirror of https://github.com/usebruno/bruno.git synced 2025-04-10 16:58:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat(#306): module whitelisting support

Browse Source
This commit is contained in:
Anoop M D 2023-10-07 03:19:02 +05:30
parent 0f3a8a87bb
commit e3679c9ee9
3 changed files with 48 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
packages/bruno-js/package.json
View File

@ -1,6 +1,6 @@
{ {
"name": "@usebruno/js", "name": "@usebruno/js",
"version": "0.6.0", "version": "0.8.0",
"license": "MIT", "license": "MIT",
"main": "src/index.js", "main": "src/index.js",
"files": [ "files": [

33
packages/bruno-js/src/runtime/script-runtime.js
View File

@ -8,6 +8,7 @@ const zlib = require('zlib');
const url = require('url'); const url = require('url');
const punycode = require('punycode'); const punycode = require('punycode');
const fs = require('fs'); const fs = require('fs');
const { get } = require('lodash');
const Bru = require('../bru'); const Bru = require('../bru');
const BrunoRequest = require('../bruno-request'); const BrunoRequest = require('../bruno-request');
const BrunoResponse = require('../bruno-response'); const BrunoResponse = require('../bruno-response');
@ -38,10 +39,23 @@ class ScriptRuntime {
collectionPath, collectionPath,
onConsoleLog, onConsoleLog,
processEnvVars, processEnvVars,
allowScriptFilesystemAccess scriptingConfig
) { ) {
const bru = new Bru(envVariables, collectionVariables, processEnvVars, collectionPath); const bru = new Bru(envVariables, collectionVariables, processEnvVars, collectionPath);
const req = new BrunoRequest(request); const req = new BrunoRequest(request);
const allowScriptFilesystemAccess = get(scriptingConfig, 'filesystemAccess.allow', false);
const moduleWhitelist = get(scriptingConfig, 'moduleWhitelist', []);
const whitelistedModules = {};
for (let module of moduleWhitelist) {
try {
whitelistedModules[module] = require(module);
} catch (e) {
// Ignore
console.warn(e);
}
}
const context = { const context = {
bru, bru,
@ -89,6 +103,7 @@ class ScriptRuntime {
chai, chai,
'node-fetch': fetch, 'node-fetch': fetch,
'crypto-js': CryptoJS, 'crypto-js': CryptoJS,
...whitelistedModules,
fs: allowScriptFilesystemAccess ? fs : undefined fs: allowScriptFilesystemAccess ? fs : undefined
} }
} }
@ -111,11 +126,24 @@ class ScriptRuntime {
collectionPath, collectionPath,
onConsoleLog, onConsoleLog,
processEnvVars, processEnvVars,
allowScriptFilesystemAccess scriptingConfig
) { ) {
const bru = new Bru(envVariables, collectionVariables, processEnvVars, collectionPath); const bru = new Bru(envVariables, collectionVariables, processEnvVars, collectionPath);
const req = new BrunoRequest(request); const req = new BrunoRequest(request);
const res = new BrunoResponse(response); const res = new BrunoResponse(response);
const allowScriptFilesystemAccess = get(scriptingConfig, 'filesystemAccess.allow', false);
const moduleWhitelist = get(scriptingConfig, 'moduleWhitelist', []);
const whitelistedModules = {};
for (let module of moduleWhitelist) {
try {
whitelistedModules[module] = require(module);
} catch (e) {
// Ignore
console.warn(e);
}
}
const context = { const context = {
bru, bru,
@ -163,6 +191,7 @@ class ScriptRuntime {
axios, axios,
'node-fetch': fetch, 'node-fetch': fetch,
'crypto-js': CryptoJS, 'crypto-js': CryptoJS,
...whitelistedModules,
fs: allowScriptFilesystemAccess ? fs : undefined fs: allowScriptFilesystemAccess ? fs : undefined
} }
} }

17
packages/bruno-js/src/runtime/test-runtime.js
View File

@ -9,6 +9,7 @@ const zlib = require('zlib');
const url = require('url'); const url = require('url');
const punycode = require('punycode'); const punycode = require('punycode');
const fs = require('fs'); const fs = require('fs');
const { get } = require('lodash');
const Bru = require('../bru'); const Bru = require('../bru');
const BrunoRequest = require('../bruno-request'); const BrunoRequest = require('../bruno-request');
const BrunoResponse = require('../bruno-response'); const BrunoResponse = require('../bruno-response');
@ -38,11 +39,24 @@ class TestRuntime {
collectionPath, collectionPath,
onConsoleLog, onConsoleLog,
processEnvVars, processEnvVars,
allowScriptFilesystemAccess scriptingConfig
) { ) {
const bru = new Bru(envVariables, collectionVariables, processEnvVars, collectionPath); const bru = new Bru(envVariables, collectionVariables, processEnvVars, collectionPath);
const req = new BrunoRequest(request); const req = new BrunoRequest(request);
const res = new BrunoResponse(response); const res = new BrunoResponse(response);
const allowScriptFilesystemAccess = get(scriptingConfig, 'filesystemAccess.allow', false);
const moduleWhitelist = get(scriptingConfig, 'moduleWhitelist', []);
const whitelistedModules = {};
for (let module of moduleWhitelist) {
try {
whitelistedModules[module] = require(module);
} catch (e) {
// Ignore
console.warn(e);
}
}
const __brunoTestResults = new TestResults(); const __brunoTestResults = new TestResults();
const test = Test(__brunoTestResults, chai); const test = Test(__brunoTestResults, chai);
@ -106,6 +120,7 @@ class TestRuntime {
nanoid, nanoid,
chai, chai,
'crypto-js': CryptoJS, 'crypto-js': CryptoJS,
...whitelistedModules,
fs: allowScriptFilesystemAccess ? fs : undefined fs: allowScriptFilesystemAccess ? fs : undefined
} }
} }