Module: ConsoleAgent::BuiltinGuards::HttpBlocker

Defined in:: lib/console_agent/safety_guards.rb

Overview

Blocks non-safe HTTP requests (POST, PUT, PATCH, DELETE, etc.) via Net::HTTP. Since most Ruby HTTP libraries (HTTParty, RestClient, Faraday) use Net::HTTP under the hood, this covers them all.

Constant Summary collapse

SAFE_METHODS =

%w[GET HEAD OPTIONS TRACE].freeze

Instance Method Summary collapse

#request(req, *args, &block) ⇒ Object

Instance Method Details

#request(req, *args, &block) ⇒ `Object`

# File 'lib/console_agent/safety_guards.rb', line 157

def request(req, *args, &block)
  if Thread.current[:console_agent_block_http] && !SAFE_METHODS.include?(req.method)
    host = @address.to_s
    guards = ConsoleAgent.configuration.safety_guards
    unless guards.allowed?(:http_mutations, host)
      raise ConsoleAgent::SafetyError.new(
        "HTTP #{req.method} blocked (#{host}#{req.path})",
        guard: :http_mutations,
        blocked_key: host
      )
    end
  end
  super
end

Module: ConsoleAgent::BuiltinGuards::HttpBlocker

Overview

Constant Summary collapse

Instance Method Summary collapse

Instance Method Details

#request(req, *args, &block) ⇒ Object

#request(req, *args, &block) ⇒ `Object`