diff --git a/packages/bruno-js/package.json b/packages/bruno-js/package.json index 00c66c254..00ccdcb15 100644 --- a/packages/bruno-js/package.json +++ b/packages/bruno-js/package.json @@ -1,6 +1,6 @@ { "name": "@usebruno/js", - "version": "0.6.0", + "version": "0.8.0", "license": "MIT", "main": "src/index.js", "files": [ diff --git a/packages/bruno-js/src/runtime/script-runtime.js b/packages/bruno-js/src/runtime/script-runtime.js index 46c88b0c1..0d9d246f5 100644 --- a/packages/bruno-js/src/runtime/script-runtime.js +++ b/packages/bruno-js/src/runtime/script-runtime.js @@ -8,6 +8,7 @@ const zlib = require('zlib'); const url = require('url'); const punycode = require('punycode'); const fs = require('fs'); +const { get } = require('lodash'); const Bru = require('../bru'); const BrunoRequest = require('../bruno-request'); const BrunoResponse = require('../bruno-response'); @@ -38,10 +39,23 @@ class ScriptRuntime { collectionPath, onConsoleLog, processEnvVars, - allowScriptFilesystemAccess + scriptingConfig ) { const bru = new Bru(envVariables, collectionVariables, processEnvVars, collectionPath); const req = new BrunoRequest(request); + const allowScriptFilesystemAccess = get(scriptingConfig, 'filesystemAccess.allow', false); + const moduleWhitelist = get(scriptingConfig, 'moduleWhitelist', []); + + const whitelistedModules = {}; + + for (let module of moduleWhitelist) { + try { + whitelistedModules[module] = require(module); + } catch (e) { + // Ignore + console.warn(e); + } + } const context = { bru, @@ -89,6 +103,7 @@ class ScriptRuntime { chai, 'node-fetch': fetch, 'crypto-js': CryptoJS, + ...whitelistedModules, fs: allowScriptFilesystemAccess ? fs : undefined } } @@ -111,11 +126,24 @@ class ScriptRuntime { collectionPath, onConsoleLog, processEnvVars, - allowScriptFilesystemAccess + scriptingConfig ) { const bru = new Bru(envVariables, collectionVariables, processEnvVars, collectionPath); const req = new BrunoRequest(request); const res = new BrunoResponse(response); + const allowScriptFilesystemAccess = get(scriptingConfig, 'filesystemAccess.allow', false); + const moduleWhitelist = get(scriptingConfig, 'moduleWhitelist', []); + + const whitelistedModules = {}; + + for (let module of moduleWhitelist) { + try { + whitelistedModules[module] = require(module); + } catch (e) { + // Ignore + console.warn(e); + } + } const context = { bru, @@ -163,6 +191,7 @@ class ScriptRuntime { axios, 'node-fetch': fetch, 'crypto-js': CryptoJS, + ...whitelistedModules, fs: allowScriptFilesystemAccess ? fs : undefined } } diff --git a/packages/bruno-js/src/runtime/test-runtime.js b/packages/bruno-js/src/runtime/test-runtime.js index efefb451f..b4ad3f04c 100644 --- a/packages/bruno-js/src/runtime/test-runtime.js +++ b/packages/bruno-js/src/runtime/test-runtime.js @@ -9,6 +9,7 @@ const zlib = require('zlib'); const url = require('url'); const punycode = require('punycode'); const fs = require('fs'); +const { get } = require('lodash'); const Bru = require('../bru'); const BrunoRequest = require('../bruno-request'); const BrunoResponse = require('../bruno-response'); @@ -38,11 +39,24 @@ class TestRuntime { collectionPath, onConsoleLog, processEnvVars, - allowScriptFilesystemAccess + scriptingConfig ) { const bru = new Bru(envVariables, collectionVariables, processEnvVars, collectionPath); const req = new BrunoRequest(request); const res = new BrunoResponse(response); + const allowScriptFilesystemAccess = get(scriptingConfig, 'filesystemAccess.allow', false); + const moduleWhitelist = get(scriptingConfig, 'moduleWhitelist', []); + + const whitelistedModules = {}; + + for (let module of moduleWhitelist) { + try { + whitelistedModules[module] = require(module); + } catch (e) { + // Ignore + console.warn(e); + } + } const __brunoTestResults = new TestResults(); const test = Test(__brunoTestResults, chai); @@ -106,6 +120,7 @@ class TestRuntime { nanoid, chai, 'crypto-js': CryptoJS, + ...whitelistedModules, fs: allowScriptFilesystemAccess ? fs : undefined } }