mirror of
https://github.com/semihalev/twig.git
synced 2026-03-14 13:55:46 +01:00
76b01e2e6e
- Implement SecurityPolicy interface with function/filter/tag restrictions - Add DefaultSecurityPolicy with sensible defaults for common operations - Add sandboxed option to include tag for secure template inclusion - Implement context-level sandbox flag and methods - Add engine-level sandbox control methods - Create comprehensive tests for sandbox functionality 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
113 lines
2.7 KiB
Go
113 lines
2.7 KiB
Go
package twig
|
|
|
|
import (
|
|
"fmt"
|
|
)
|
|
|
|
// SecurityPolicy defines what's allowed in a sandboxed template context
|
|
type SecurityPolicy interface {
|
|
// Function permissions
|
|
IsFunctionAllowed(function string) bool
|
|
|
|
// Filter permissions
|
|
IsFilterAllowed(filter string) bool
|
|
|
|
// Tag permissions
|
|
IsTagAllowed(tag string) bool
|
|
}
|
|
|
|
// DefaultSecurityPolicy implements a simple security policy
|
|
type DefaultSecurityPolicy struct {
|
|
AllowedFunctions map[string]bool
|
|
AllowedFilters map[string]bool
|
|
AllowedTags map[string]bool
|
|
}
|
|
|
|
// NewDefaultSecurityPolicy creates a security policy with safe defaults
|
|
func NewDefaultSecurityPolicy() *DefaultSecurityPolicy {
|
|
return &DefaultSecurityPolicy{
|
|
AllowedFunctions: map[string]bool{
|
|
// Basic functions
|
|
"range": true,
|
|
"cycle": true,
|
|
"date": true,
|
|
"min": true,
|
|
"max": true,
|
|
"random": true,
|
|
"length": true,
|
|
"merge": true,
|
|
},
|
|
AllowedFilters: map[string]bool{
|
|
// Basic filters
|
|
"escape": true,
|
|
"e": true,
|
|
"raw": true,
|
|
"length": true,
|
|
"count": true,
|
|
"lower": true,
|
|
"upper": true,
|
|
"title": true,
|
|
"capitalize": true,
|
|
"trim": true,
|
|
"nl2br": true,
|
|
"join": true,
|
|
"split": true,
|
|
"default": true,
|
|
"date": true,
|
|
"abs": true,
|
|
"first": true,
|
|
"last": true,
|
|
"reverse": true,
|
|
"sort": true,
|
|
"slice": true,
|
|
},
|
|
AllowedTags: map[string]bool{
|
|
// Basic control tags
|
|
"if": true,
|
|
"else": true,
|
|
"elseif": true,
|
|
"for": true,
|
|
"set": true,
|
|
"verbatim": true,
|
|
},
|
|
}
|
|
}
|
|
|
|
// IsFunctionAllowed checks if a function is allowed
|
|
func (p *DefaultSecurityPolicy) IsFunctionAllowed(function string) bool {
|
|
return p.AllowedFunctions[function]
|
|
}
|
|
|
|
// IsFilterAllowed checks if a filter is allowed
|
|
func (p *DefaultSecurityPolicy) IsFilterAllowed(filter string) bool {
|
|
return p.AllowedFilters[filter]
|
|
}
|
|
|
|
// IsTagAllowed checks if a tag is allowed
|
|
func (p *DefaultSecurityPolicy) IsTagAllowed(tag string) bool {
|
|
return p.AllowedTags[tag]
|
|
}
|
|
|
|
// SecurityViolation represents a sandbox security violation
|
|
type SecurityViolation struct {
|
|
Message string
|
|
}
|
|
|
|
// Error returns the error message
|
|
func (v *SecurityViolation) Error() string {
|
|
return fmt.Sprintf("Sandbox security violation: %s", v.Message)
|
|
}
|
|
|
|
// NewFunctionViolation creates a function security violation
|
|
func NewFunctionViolation(function string) error {
|
|
return &SecurityViolation{
|
|
Message: fmt.Sprintf("Function '%s' is not allowed in sandbox mode", function),
|
|
}
|
|
}
|
|
|
|
// NewFilterViolation creates a filter security violation
|
|
func NewFilterViolation(filter string) error {
|
|
return &SecurityViolation{
|
|
Message: fmt.Sprintf("Filter '%s' is not allowed in sandbox mode", filter),
|
|
}
|
|
}
|