From e663485434aa27ccb470d1815af85e5327e8a32b Mon Sep 17 00:00:00 2001 From: Alex Komoroske Date: Sat, 22 Jul 2023 14:41:09 -0700 Subject: [PATCH] Add a disallow_fetch protected environment key. If set to true, fetch will fail. Part of #53. Part of #45. --- README.md | 7 +++++++ config-schema.json | 3 +++ environment.SAMPLE.json | 1 + seed-schema.json | 4 ++++ src/grow.ts | 3 +++ src/types.ts | 3 ++- test/base/test.ts | 1 + 7 files changed, 21 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 01a1776..62651d8 100644 --- a/README.md +++ b/README.md @@ -504,6 +504,7 @@ Parameters: Environment: - `mock` - If true, will return a string representation of the request that would have been sent. +- `disallow_fetch` - If true, then any fetches will fail. This is useful to disable dangerous behaviors in sub-graphs. #### property @@ -903,6 +904,12 @@ If true, then `dynamic` seed references that are to a remote seed will fail, eve Note that you may never use `let` or `let-multi` to set this to false, only to true. This prevents sub-seeds from un-setting mock if a parent has turned it on. +#### disallow_fetch + +If true, then `fetch` seed_types will fail. + +Note that you may never use `let` or `let-multi` to set this to false, only to true. This prevents sub-seeds from un-setting mock if a parent has turned it on. + ### CLI The CLI can output a mermaid diagram. By default it prints the mermaid diagram definition to the console and exits. diff --git a/config-schema.json b/config-schema.json index 0b30b9c..81e034e 100644 --- a/config-schema.json +++ b/config-schema.json @@ -17,6 +17,9 @@ "disallow_remote": { "type": "boolean" }, + "disallow_fetch": { + "type": "boolean" + }, "completion_model": { "type": "string", "enum": [ diff --git a/environment.SAMPLE.json b/environment.SAMPLE.json index 1d12445..b007dfd 100644 --- a/environment.SAMPLE.json +++ b/environment.SAMPLE.json @@ -5,6 +5,7 @@ "memory": "_default_memory", "store": "_default_store", "disallow_remote": false, + "disallow_fetch": false, "mock": false, "namespace": "", "key": 0, diff --git a/seed-schema.json b/seed-schema.json index 8a930da..d8bacc9 100644 --- a/seed-schema.json +++ b/seed-schema.json @@ -24,6 +24,9 @@ "disallow_remote": { "type": "boolean" }, + "disallow_fetch": { + "type": "boolean" + }, "completion_model": { "type": "string", "enum": [ @@ -2372,6 +2375,7 @@ "profile", "mock", "disallow_remote", + "disallow_fetch", "completion_model", "embedding_model", "default_model_provider", diff --git a/src/grow.ts b/src/grow.ts index a90ba22..8f29b85 100644 --- a/src/grow.ts +++ b/src/grow.ts @@ -422,6 +422,9 @@ const growDynamic = async (seed : Seed, env : Environment) : Pr const growFetch = async (seed : Seed, env : Environment) : Promise => { const data = seed.data; + + if (env.getKnownProtectedKey('disallow_fetch')) throw new Error('Fetch is disabled because disallow_fetch is set to true'); + const resource = extractString(await getProperty(seed, env, data.resource, '')); if (!resource) throw new Error('no resource passed'); const rawMethod = extractString(await getProperty(seed, env, data.method, 'GET')); diff --git a/src/types.ts b/src/types.ts index 470e87c..f65e44b 100644 --- a/src/types.ts +++ b/src/types.ts @@ -168,7 +168,8 @@ export const knownSecretEnvironmentData = z.object({ const knownEnvironmentProtectedData = z.object({ mock: z.optional(z.boolean()), - disallow_remote: z.optional(z.boolean()) + disallow_remote: z.optional(z.boolean()), + disallow_fetch: z.optional(z.boolean()) }); const knownEnvironmentNonSecretData = z.object({ diff --git a/test/base/test.ts b/test/base/test.ts index 6dde97b..5ec52ea 100644 --- a/test/base/test.ts +++ b/test/base/test.ts @@ -78,6 +78,7 @@ const loadTestGarden = (files?: string[], skipFetcher = false) : Garden => { mock: true, verbose: false, disallow_remote: false, + disallow_fetch: false, key: 0, value: '' };