✨ feat(mq-lang): add http_get/http_post and write_file, gated by --allow-net/--allow-write#1974
Open
harehare wants to merge 6 commits into
Open
✨ feat(mq-lang): add http_get/http_post and write_file, gated by --allow-net/--allow-write#1974harehare wants to merge 6 commits into
harehare wants to merge 6 commits into
Conversation
is_global_ip, SsrfSafeResolver, and the ureq agent construction were split across http_import.rs and http_resolver.rs, both only used for HTTP module imports. Moves them into a dedicated ssrf module so the upcoming http_get/http_post builtins can reuse the same SSRF-hardened agent (HTTPS-only, no redirects, DNS results filtered to public IPs) instead of duplicating this security-sensitive logic. No behavior change; test_is_global_ip moves with the function it tests.
…low-net/--allow-write Adds network and filesystem-write capabilities that were previously unavailable from mq queries. Both are disabled by default and require an explicit opt-in flag, mirroring a Deno-style permission model: - --allow-net enables http_get(url)/http_post(url, body). Requests are HTTPS-only and routed through the same SSRF-hardened ureq agent used for HTTP module imports (no redirects, DNS results filtered to publicly routable addresses), so even an allowed request can't reach a loopback/private/link-local address. - --allow-write enables write_file(path, content), accepting either a string or bytes. Permission state lives in a small process-wide capability module rather than per-Engine, matching how the file-io Cargo feature already gates read_file at compile time. Also documents both flags in cli.md/README.md and adds a "Network and File-Write Capabilities" section to modules_and_imports.md.
ace3c43 to
0b8f67b
Compare
Merging this PR will improve performance by 29.08%
|
| Benchmark | BASE |
HEAD |
Efficiency | |
|---|---|---|---|---|
| ⚡ | eval_macro_expansion_simple |
127.3 µs | 98.6 µs | +29.08% |
Tip
Curious why this is faster? Comment @codspeedbot explain why this is faster on this PR, or directly use the CodSpeed MCP with your agent.
Comparing feat/builtin-net-and-write-io (d31ef35) with main (9367593)1
Footnotes
…apse write_file arms
- Share url.starts_with("https://") via ssrf::is_https() instead of
duplicating it in http.rs and http_resolver.rs
- Build the SSRF-safe ureq::Agent for http_get/http_post once and reuse
it, instead of rebuilding on every call
- Collapse write_file_impl's String/Bytes match arms into one helper
…thod, url, body?) builtin Replaces the two fixed-method builtins with a single native `http` function that accepts any HTTP method as a string or symbol (e.g. "delete" or :delete), parsed via http::Method so arbitrary/extension verbs work too. http_get/http_post remain as thin builtin.mq prelude wrappers around http(:get, ...)/http(:post, ...) so no ergonomics are lost. Updates mq-check type registrations and adds table-driven tests covering method parsing and the net/HTTPS capability gates across methods.
Allow http(method, url, headers) / http(method, url, body, headers) so
callers can set request headers like Content-Type or Authorization.
Add http_put/http_patch/http_delete/http_head convenience wrappers
alongside the existing http_get/http_post, and give all six an
optional headers = {} parameter.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds network and filesystem-write capabilities that were previously
unavailable from mq queries. Both are disabled by default and require
an explicit opt-in flag, mirroring a Deno-style permission model:
HTTPS-only and routed through the same SSRF-hardened ureq agent used
for HTTP module imports (no redirects, DNS results filtered to
publicly routable addresses), so even an allowed request can't reach
a loopback/private/link-local address.
string or bytes.
Permission state lives in a small process-wide capability module
rather than per-Engine, matching how the file-io Cargo feature already
gates read_file at compile time.
Also documents both flags in cli.md/README.md and adds a "Network and
File-Write Capabilities" section to modules_and_imports.md.
Close #1147
Type of Change
Checklist
cargo fmtandcargo clippyand addressed any warningsjust test-alland all tests pass/docs, crateREADME.md) if neededAdditional Context