Disabling advanced language features #541
Labels
Comments
No, but you could create your own derived class from ScriptVisitor, visit the AST, and apply/perform your validation. If you are looking to disable this entirely at parsing time, that would require code changes, but I'm not sure I would accept such changes (because of the niche aspect that might not fit every cases and might require too much knobs to make it usable). |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I am evaluating this library for a simple use case of implementing template parameters in a microservice. My use case does not require most of the more advanced language features. For my use case the following are required:
From a threat modeling standpoint I am concerned about the flexibility allowed by advanced features such as functions, nested conditional expressions, loops, and recursion.
I've reviewed the Safe Runtime, Parser, and Lexer options which allow me to limit the potential threats posed by some of these features but I don't see a way to disable them entirely.
Is there a way to disable some of these features or is work of this type on the backlog?
The text was updated successfully, but these errors were encountered: