Add option to disable the `get_env` function
The get_env function could be a security risk, in the case that an app both:
- Allows untrusted users to write templates
- Uses environment variables to store secrets
I don't think that this is a terribly uncommon configuration, and it'd be good to give an option to disable the get_env function in cases where one doesn't need it.
In my opinion, this should be disabled by default, but I'll be happy so long as there's some way to disable it.
You can just overwrite the get_env filter with a no-op one in your Tera instance
For folks who find this in the future, I disabled this with:
tera.register_function("get_env", |_: &_| Ok(serde_json::json!("")));
Do you have thoughts about putting this behind a disabled-by-default feature or config option for v2? My guess is that usage of get_env is uncommon enough, and storing sensitive secrets in env vars common enough that that would be a good default.
It could be added as an opt-in built-in function in v2
Would it make sense to either add unregister_function / unregister_tester / unregister_filter methods?
It would cover most use cases and it's not even a breaking change.
For a v2, I wouldn't mind have a config option to just manually call the registers function myself.
I won't add it to v1 as I'd prefer not adding too much API that might be removed later.
I just made a pull request to make this functionality. Hopefully, it gets merged, or some built-in solution will soon be available. However, for now, this works as a bit of a hack to "unregister" a filter, function, or tester:
use std::collections::HashMap;
struct NoOp {
name: &'static str,
}
impl tera::Filter for NoOp {
fn filter(
&self,
_value: &serde_json::Value,
_args: &HashMap<String, serde_json::Value>,
) -> tera::Result<serde_json::Value> {
Err(tera::Error::filter_not_found(self.name))
}
}
impl tera::Function for NoOp {
fn call(
&self,
_args: &HashMap<String, serde_json::Value>,
) -> tera::Result<serde_json::Value> {
Err(tera::Error::function_not_found(self.name))
}
}
impl tera::Test for NoOp {
fn test(&self, _value: Option<&serde_json::Value>, _args: &[serde_json::Value]) -> tera::Result<bool> {
Err(tera::Error::test_not_found(self.name))
}
}