71caa18552
PR #666 introduced hardcoded SAFE_COMMAND_PREFIXES and SSRF URL blocklists with no override mechanism. Users with non-standard credential tools (sops, doppler, age, infisical) or needing to fetch from internal URLs (self-hosted docs, VPN services) were silently blocked with no recourse. Add two global-only settings (ignored in project-level settings.json to preserve the security property against malicious repos): - allowedCommandPrefixes: replaces the built-in command allowlist - fetchAllowedUrls: exempts hostnames from SSRF blocking Both also support env var overrides (GSD_ALLOWED_COMMAND_PREFIXES, GSD_FETCH_ALLOWED_URLS) for CI/container environments. Env vars take precedence over settings.json. Security model: global-only keys are stripped from project settings at load time via stripGlobalOnlyKeys(), applied at all three assignment points for this.projectSettings. The merge function stays untouched — no future caller can accidentally skip stripping. 15 new tests covering override behavior, cache invalidation, allowlist exemptions, and global-only enforcement. |
||
|---|---|---|
| .. | ||
| scripts | ||
| src | ||
| package.json | ||
| tsconfig.json | ||