Module: RailsConsoleAi::BuiltinGuards::HttpBlocker

Defined in:
lib/rails_console_ai/safety_guards.rb

Overview

Blocks non-safe HTTP requests (POST, PUT, PATCH, DELETE, etc.) via Net::HTTP. Since most Ruby HTTP libraries (HTTParty, RestClient, Faraday) use Net::HTTP under the hood, this covers them all.

Constant Summary collapse

SAFE_METHODS = 
%w[GET HEAD OPTIONS TRACE].freeze

Instance Method Summary collapse

Instance Method Details

#request(req, *args, &block) ⇒ Object 



287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
 
# File 'lib/rails_console_ai/safety_guards.rb', line 287

def request(req, *args, &block)
  if Thread.current[:rails_console_ai_block_http] && !SAFE_METHODS.include?(req.method)
    return super if Thread.current[:rails_console_ai_bypass_guards]

    host = @address.to_s
    guards = RailsConsoleAi.configuration.safety_guards
    unless guards.allowed?(:http_mutations, host)
      raise RailsConsoleAi::SafetyError.new(
        "HTTP #{req.method} blocked (#{host}#{req.path})",
        guard: :http_mutations,
        blocked_key: host
      )
    end
  end
  super
end