tera icon indicating copy to clipboard operation
tera copied to clipboard
verified publisher icon Keats

Add option to disable the `get_env` function

Open WesleyAC opened this issue 4 years ago • 6 comments

The get_env function could be a security risk, in the case that an app both:

  • Allows untrusted users to write templates
  • Uses environment variables to store secrets

I don't think that this is a terribly uncommon configuration, and it'd be good to give an option to disable the get_env function in cases where one doesn't need it.

In my opinion, this should be disabled by default, but I'll be happy so long as there's some way to disable it.

WesleyAC avatar Oct 12 '21 19:10 WesleyAC

You can just overwrite the get_env filter with a no-op one in your Tera instance

Keats avatar Oct 13 '21 07:10 Keats

For folks who find this in the future, I disabled this with:

tera.register_function("get_env", |_: &_| Ok(serde_json::json!("")));

Do you have thoughts about putting this behind a disabled-by-default feature or config option for v2? My guess is that usage of get_env is uncommon enough, and storing sensitive secrets in env vars common enough that that would be a good default.

WesleyAC avatar Oct 14 '21 17:10 WesleyAC

It could be added as an opt-in built-in function in v2

Keats avatar Oct 15 '21 17:10 Keats

Would it make sense to either add unregister_function / unregister_tester / unregister_filter methods? It would cover most use cases and it's not even a breaking change.

For a v2, I wouldn't mind have a config option to just manually call the registers function myself.

shaoner avatar Aug 05 '22 20:08 shaoner

I won't add it to v1 as I'd prefer not adding too much API that might be removed later.

Keats avatar Aug 05 '22 20:08 Keats

I just made a pull request to make this functionality. Hopefully, it gets merged, or some built-in solution will soon be available. However, for now, this works as a bit of a hack to "unregister" a filter, function, or tester:

use std::collections::HashMap;

struct NoOp {
    name: &'static str,
}

impl tera::Filter for NoOp {
    fn filter(
        &self,
        _value: &serde_json::Value,
        _args: &HashMap<String, serde_json::Value>,
    ) -> tera::Result<serde_json::Value> {
        Err(tera::Error::filter_not_found(self.name))
    }
}

impl tera::Function for NoOp {
    fn call(
        &self,
        _args: &HashMap<String, serde_json::Value>,
    ) -> tera::Result<serde_json::Value> {
        Err(tera::Error::function_not_found(self.name))
    }
}

impl tera::Test for NoOp {
    fn test(&self, _value: Option<&serde_json::Value>, _args: &[serde_json::Value]) -> tera::Result<bool> {
        Err(tera::Error::test_not_found(self.name))
    }
}

seancroach avatar Jul 25 '23 06:07 seancroach