feat(trigger-docs): new trigger docs, function block rce imports fix #1462
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
v0.3.20: KB Tag fixes
…ypes (#919) * feat(execution-filesystem): system to pass files between blocks (#866) * feat(files): pass files between blocks * presigned URL for downloads * Remove latest migration before merge * starter block file upload wasn't getting logged * checkpoint in human readable form * checkpoint files / file type outputs * file downloads working for block outputs * checkpoint file download * fix type issues * remove filereference interface with simpler user file interface * show files in the tag dropdown for start block * more migration to simple url object, reduce presigned time to 5 min * Remove migration 0065_parallel_nightmare and related files - Deleted apps/sim/db/migrations/0065_parallel_nightmare.sql - Deleted apps/sim/db/migrations/meta/0065_snapshot.json - Removed 0065 entry from apps/sim/db/migrations/meta/_journal.json Preparing for merge with origin/staging and migration regeneration * add migration files * fix tests * Update apps/sim/lib/uploads/setup.ts Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> * Update apps/sim/lib/workflows/execution-file-storage.ts Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> * Update apps/sim/lib/workflows/execution-file-storage.ts Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> * cleanup types * fix lint * fix logs typing for file refs * open download in new tab * fixed * Update apps/sim/tools/index.ts Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> * fix file block * cleanup unused code * fix bugs * remove hacky file id logic * fix drag and drop * fix tests --------- Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> * feat(trigger-mode): added trigger-mode to workflow_blocks table (#902) * fix(schedules-perms): use regular perm system to view/edit schedule info (#901) * fix(schedules-perms): use regular perm system to view schedule info * fix perms * improve logging * feat(webhooks): deprecate singular webhook block + add trigger mode to blocks (#903) * feat(triggers): added new trigger mode for blocks, added socket event, ran migrations * Rename old trigger/ directory to background/ * cleaned up, ensured that we display active webhook at the block-level * fix submenu in tag dropdown * keyboard nav on tag dropdown submenu * feat(triggers): add outlook to new triggers system * cleanup * add types to tag dropdown, type all outputs for tools and use that over block outputs * update doc generator to truly reflect outputs * fix docs * add trigger handler * fix active webhook tag * tag dropdown fix for triggers * remove trigger mode schema change * feat(execution-filesystem): system to pass files between blocks (#866) * feat(files): pass files between blocks * presigned URL for downloads * Remove latest migration before merge * starter block file upload wasn't getting logged * checkpoint in human readable form * checkpoint files / file type outputs * file downloads working for block outputs * checkpoint file download * fix type issues * remove filereference interface with simpler user file interface * show files in the tag dropdown for start block * more migration to simple url object, reduce presigned time to 5 min * Remove migration 0065_parallel_nightmare and related files - Deleted apps/sim/db/migrations/0065_parallel_nightmare.sql - Deleted apps/sim/db/migrations/meta/0065_snapshot.json - Removed 0065 entry from apps/sim/db/migrations/meta/_journal.json Preparing for merge with origin/staging and migration regeneration * add migration files * fix tests * Update apps/sim/lib/uploads/setup.ts Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> * Update apps/sim/lib/workflows/execution-file-storage.ts Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> * Update apps/sim/lib/workflows/execution-file-storage.ts Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> * cleanup types * fix lint * fix logs typing for file refs * open download in new tab * fixed * Update apps/sim/tools/index.ts Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> * fix file block * cleanup unused code * fix bugs * remove hacky file id logic * fix drag and drop * fix tests --------- Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> * feat(trigger-mode): added trigger-mode to workflow_blocks table (#902) * fix(schedules-perms): use regular perm system to view/edit schedule info (#901) * fix(schedules-perms): use regular perm system to view schedule info * fix perms * improve logging * cleanup * prevent tooltip showing up on modal open * updated trigger config * fix type issues --------- Co-authored-by: Vikhyath Mondreti <vikhyathvikku@gmail.com> Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> Co-authored-by: Vikhyath Mondreti <vikhyath@simstudio.ai> * fix(helm): fix helm charts migrations using wrong image (#907) * fix(helm): fix helm charts migrations using wrong image * fixed migrations * feat(whitelist): add email & domain-based whitelisting for signups (#908) * improvement(helm): fix duplicate SOCKET_SERVER_URL and add additional envvars to template (#909) * improvement(helm): fix duplicate SOCKET_SERVER_URL and add additional envvars to template * rm serper & freestyle * improvement(tag-dropdown): typed tag dropdown values (#910) * fix(min-chunk): remove minsize for chunk (#911) * fix(min-chunk): remove minsize for chunk * fix tests * improvement(chunk-config): migrate unused default for consistency (#913) * fix(mailer): update mailer to use the EMAIL_DOMAIN (#914) * fix(mailer): update mailer to use the EMAIL_DOMAIn * add more * Improvement(cc): added cc to gmail and outlook (#900) * changed just gmail * bun run lint * fixed bcc * updated docs --------- Co-authored-by: Adam Gough <adamgough@Mac.attlocal.net> Co-authored-by: waleedlatif1 <walif6@gmail.com> * fix(email-validation): add email validation to prevent bouncing, fixed OTP validation (#916) * feat(email-validation): add email validation to prevent bouncing * removed suspicious patterns * fix(verification): fixed OTP verification * fix failing tests, cleanup * fix(otp): fix email not sending (#917) * fix(email): manual OTP instead of better-auth (#921) * fix(email): manual OTP instead of better-auth * lint --------- Co-authored-by: Vikhyath Mondreti <vikhyathvikku@gmail.com> Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> Co-authored-by: Vikhyath Mondreti <vikhyath@simstudio.ai> Co-authored-by: Adam Gough <77861281+aadamgough@users.noreply.github.com> Co-authored-by: Adam Gough <adamgough@Mac.attlocal.net>
…ers fixes v0.3.23: multiplayer variables, api key fixes, kb improvements, triggers fixes
v0.3.24: revert redis session management change
v0.3.25: oauth credentials sharing mechanism, workflow block error handling changes
…curity improvements v0.3.26: fix billing, bubble up workflow block errors, credentials security improvements
v0.3.27: oauth/webhook fixes, whitelabel fixes, code cleanups
attempt to fix build issues (#985)
v0.3.29: copilot fixes, remove block from subflow, code cleanups
fix: migration mem issues bypass
syntax issue in migration
reduce batch size to prevent timeouts
update migration file for notekeeping purpose
…s fixes, UI/UX improvements
…, new supabase tools
…start block input format changes
…ed mode/serializer fix, jira fix, billing notifs
…n data, bug fixes
… keys, knowledgebase improvements
…rage, i18n for docs
…ooks fixes, Sharepoint Improvement
…ma & docker fixes
…ent/docs-update-triggers
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Greptile Overview
Summary
This PR delivers two main improvements: comprehensive trigger documentation and a critical security fix for JavaScript function execution.
Key Changes:
- New Trigger Documentation: Added complete documentation for all trigger types (API, Chat, Input Form, Manual, etc.) with clear examples, reference tables, and usage guidance
- RCE Security Fix: Implemented proper JavaScript import extraction using TypeScript AST parsing to prevent remote code execution vulnerabilities in function blocks
- Minor UI Fix: Added z-index styling for workflow edge label visibility
The import extraction fix is particularly important as it securely handles JavaScript imports in user-provided code by separating them from the main execution body, preventing potential security exploits. The documentation provides users with clear guidance on workflow triggers, improving the platform's usability.
Confidence Score: 4/5
- This PR is safe to merge with minor considerations for CSS organization
- Score reflects well-implemented security fixes and comprehensive documentation. The import extraction logic is properly implemented with TypeScript AST parsing and error handling. Only minor style consideration is the
globals.cssedit which could be better placed in a component file. - apps/sim/app/globals.css - consider moving z-index style to local component
Important Files Changed
File Analysis
| Filename | Score | Overview |
|---|---|---|
| apps/sim/app/api/function/execute/route.ts | 4/5 | Added comprehensive JavaScript import extraction and RCE security fix with proper AST parsing |
| apps/sim/app/globals.css | 5/5 | Minor CSS z-index fix for workflow edge labels visibility |
| apps/docs/content/docs/en/triggers/index.mdx | 5/5 | New comprehensive trigger documentation with clear overview and comparison table |
| apps/docs/content/docs/en/triggers/api.mdx | 5/5 | Complete API trigger documentation with examples and reference tables |
| apps/docs/content/docs/en/triggers/chat.mdx | 5/5 | Chat trigger documentation with runtime outputs and usage guidance |
Sequence Diagram
sequenceDiagram
participant User as User
participant API as Function Execute API
participant Parser as Import Parser
participant E2B as E2B Sandbox
participant VM as Local VM
User->>API: POST /api/function/execute
Note over API: resolveCodeVariables()
API->>Parser: extractJavaScriptImports(code)
Parser->>Parser: Load TypeScript AST
Parser->>Parser: Parse import statements
Parser-->>API: {imports, remainingCode, importLineCount}
alt E2B Execution
API->>E2B: executeInE2B(importSection + prologue + wrapped)
E2B-->>API: {result, stdout, error}
alt Error Case
API->>API: formatE2BError(error, stdout, lang, userCode, prologueLineCount + importLineCount)
API-->>User: {success: false, error: formattedError}
else Success Case
API-->>User: {success: true, output: {result, stdout}}
end
else Local VM Execution
API->>VM: script.runInContext(context, timeout)
VM-->>API: result
alt Error Case
API->>API: extractEnhancedError(error, userCodeStartLine, resolvedCode)
API-->>User: {success: false, error: userFriendlyErrorMessage}
else Success Case
API-->>User: {success: true, output: {result, stdout}}
end
end
13 files reviewed, 1 comment
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Type of Change
Testing
Docs pages read and function block tested locally with e2b env vars set
Checklist