Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

White list modules #27

Merged
merged 8 commits into from
Nov 12, 2019
Merged

White list modules #27

merged 8 commits into from
Nov 12, 2019

Conversation

iaguirre88
Copy link
Member

Walks the AST to check whether a module is allowed to be used or not. Eventually, we'll have a curated list of safe modules.

def validate(command) do
{_, result} =
Code.string_to_quoted!(command)
|> Macro.prewalk([], &valid?(&1, &2))

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Use a function call when a pipeline is only one function long

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@iaguirre88 I didn't understand it at a first glance, so I'm sharing here what I would try:

command
|> Code.string_to_quoted!
|> Macro.prewalk([], &valid?(&1, &2))

def validate(command) do
{_, result} =
Code.string_to_quoted!(command)
|> Macro.prewalk([], &valid?(&1, &2))
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@iaguirre88 I didn't understand it at a first glance, so I'm sharing here what I would try:

command
|> Code.string_to_quoted!
|> Macro.prewalk([], &valid?(&1, &2))

{:ok, command}

invalid_modules ->
{:error, "Invalid modules: #{inspect(invalid_modules)}"}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: "Invalid module" (in singular)

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My bad.. just realized a list of modules is returned. It's fine to use plural.

Note: I just created a story to have something like the following in the future:
image

command = "List.first([1,2,3])"
expected_result = {:ok, command}

assert WhiteList.validate(command) == expected_result
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Style question.. do you feel it is better to use command and expected_result variables in cases where the test could fit in one line, like the following?

test "returns :ok when the command is valid" do
  assert WhiteList.validate("List.first([1,2,3])") == {:ok, command}
end

I don't have strong feelings, just looking to be consistent (I can follow this style in other tests, if you still like your way that includes more explicit variables)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I prefer the approach you are suggesting so I'm gonna change it

@@ -0,0 +1,31 @@
defmodule LiveViewDemo.WhiteList do
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great idea to extract this to its own module 👏 👏 👏

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a comment.. we probably want to organize all sandbox modules under LiveViewDemo.Sandbox namespace. We can do it now or later in other PR. This would be LiveViewDemo.Sandbox.WhiteList

use ExUnit.Case
alias LiveViewDemo.WhiteList

describe "validate/2" do
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not using describe a lot, but this is inspiring me to start using it more often in this project

@@ -0,0 +1,31 @@
defmodule LiveViewDemo.WhiteList do
@moduledoc """
Analize the ast to filter out non white-listed modules and kernel functions
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

s/Analize/Analyze/

@iaguirre88 iaguirre88 requested a review from jmbejar November 11, 2019 22:31
Copy link
Member

@jmbejar jmbejar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's merge it! 🚀

@jmbejar jmbejar merged commit e5b0f5e into master Nov 12, 2019
@jmbejar jmbejar deleted the white-list-modules branch November 12, 2019 03:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants