Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(terminal): restrict default allowed commands to 'ls' and 'echo' #372

Open
wants to merge 8 commits into
base: main
Choose a base branch
from

Conversation

RonithManikonda
Copy link
Collaborator

Change the default value of terminal.allowCommands from an empty array to ['ls', 'echo']. This change prevents users from running all available commands by default in tutorials, enhancing security and focus. Lesson authors can still allow all commands by specifying terminal.allowCommands: [] in the metadata.

BREAKING CHANGE: The default value of terminal.allowCommands is now restricted to ['ls', 'echo']. To allow all commands, explicitly set terminal.allowCommands: [] in the metadata.

Closes #302

Change the default value of `terminal.allowCommands` from an empty array to `['ls', 'echo']`. This change prevents users from running all available commands by default in tutorials, enhancing security and focus. Lesson authors can still allow all commands by specifying `terminal.allowCommands: []` in the metadata.

BREAKING CHANGE: The default value of `terminal.allowCommands` is now restricted to `['ls', 'echo']`. To allow all commands, explicitly set `terminal.allowCommands: []` in the metadata.

Closes #302
Copy link

stackblitz bot commented Oct 13, 2024

Review PR in StackBlitz Codeflow Run & review this pull request in StackBlitz Codeflow.

@AriPerkkio AriPerkkio added this to the 2.0.0 milestone Oct 14, 2024
Copy link
Member

@AriPerkkio AriPerkkio left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great start, these changes look good to me! 💯

Though there are some failing unit tests - could you take a look at those? You can run them with:

$ cd packages/runtime/
$ pnpm test

adjust tests to expect ['ls', 'echo'] as default allowCommands when undefined, aligning tests with updated functionality

closes #302
Copy link

cloudflare-workers-and-pages bot commented Oct 31, 2024

Deploying tutorialkit-demo-page with  Cloudflare Pages  Cloudflare Pages

Latest commit: 43c24c4
Status: ✅  Deploy successful!
Preview URL: https://cdcd4fde.tutorialkit-demo-page.pages.dev
Branch Preview URL: https://ronith-hide-toggle-terminal.tutorialkit-demo-page.pages.dev

View logs

RonithManikonda and others added 2 commits November 4, 2024 23:05
Co-authored-by: Ari Perkkiö <ari.perkkio@gmail.com>
Co-authored-by: Ari Perkkiö <ari.perkkio@gmail.com>
Copy link
Member

@AriPerkkio AriPerkkio left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some of the tests are still failing, could you take a look at those? 👀

RonithManikonda and others added 2 commits January 15, 2025 16:56
Change the default value of `terminal.allowCommands` from an empty array to `['ls', 'echo']`. This update enhances security and focus by limiting the commands available in tutorials by default.

Lesson authors can still enable all commands by setting `terminal.allowCommands: []` explicitly in the metadata.

BREAKING CHANGE: The default value of `terminal.allowCommands` is now restricted to `['ls', 'echo']`. To allow all commands, explicitly set `terminal.allowCommands: []` in the metadata.

Closes #372
Copy link
Member

@AriPerkkio AriPerkkio left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, great work @RonithManikonda! 💯

As this change is a breaking change, we'll merge this into main before releasing version 2.0.0 of TutorialKit.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

terminal.allowCommands should have more strict default value
2 participants