Module: RailsConsoleAi::BuiltinGuards::HttpBlocker

Defined in:
lib/rails_console_ai/safety_guards.rb

Overview

Blocks non-safe HTTP requests (POST, PUT, PATCH, DELETE, etc.) via Net::HTTP. Since most Ruby HTTP libraries (HTTParty, RestClient, Faraday) use Net::HTTP under the hood, this covers them all.

Constant Summary collapse

SAFE_METHODS = 
%w[GET HEAD OPTIONS TRACE].freeze

Instance Method Summary collapse

Instance Method Details

#request(req, *args, &block) ⇒ Object 



168
169
170
171
172
173
174
175
176
177
178
179
180
181
 
# File 'lib/rails_console_ai/safety_guards.rb', line 168

def request(req, *args, &block)
  if Thread.current[:rails_console_ai_block_http] && !SAFE_METHODS.include?(req.method)
    host = @address.to_s
    guards = RailsConsoleAi.configuration.safety_guards
    unless guards.allowed?(:http_mutations, host)
      raise RailsConsoleAi::SafetyError.new(
        "HTTP #{req.method} blocked (#{host}#{req.path})",
        guard: :http_mutations,
        blocked_key: host
      )
    end
  end
  super
end