create-vellaveto 4.0.3 → 4.0.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/generators/toml.js +20 -20
- package/package.json +1 -1
package/dist/generators/toml.js
CHANGED
|
@@ -136,16 +136,16 @@ function generateStrictPreset() {
|
|
|
136
136
|
toml += 'name = "Default deny all"\n';
|
|
137
137
|
toml += 'policy_type = "Deny"\n';
|
|
138
138
|
toml += "priority = 0\n";
|
|
139
|
-
toml += '
|
|
140
|
-
toml += '
|
|
139
|
+
toml += 'tool_pattern = "*"\n';
|
|
140
|
+
toml += 'function_pattern = "*"\n\n';
|
|
141
141
|
// Block credentials
|
|
142
142
|
toml += "[[policies]]\n";
|
|
143
143
|
toml += 'id = "block-credentials"\n';
|
|
144
144
|
toml += 'name = "Block credential access"\n';
|
|
145
145
|
toml += 'policy_type = "Deny"\n';
|
|
146
146
|
toml += "priority = 100\n";
|
|
147
|
-
toml += '
|
|
148
|
-
toml += '
|
|
147
|
+
toml += 'tool_pattern = "*"\n';
|
|
148
|
+
toml += 'function_pattern = "*"\n\n';
|
|
149
149
|
toml += "[policies.path_rules]\n";
|
|
150
150
|
toml +=
|
|
151
151
|
'blocked_patterns = ["**/.env", "**/*.key", "**/*.pem", "**/credentials*", "**/.ssh/**", "**/.aws/**"]\n\n';
|
|
@@ -155,8 +155,8 @@ function generateStrictPreset() {
|
|
|
155
155
|
toml += 'name = "Block data exfiltration"\n';
|
|
156
156
|
toml += 'policy_type = "Deny"\n';
|
|
157
157
|
toml += "priority = 100\n";
|
|
158
|
-
toml += '
|
|
159
|
-
toml += '
|
|
158
|
+
toml += 'tool_pattern = "*"\n';
|
|
159
|
+
toml += 'function_pattern = "*"\n\n';
|
|
160
160
|
toml += "[policies.network_rules]\n";
|
|
161
161
|
toml +=
|
|
162
162
|
'blocked_domains = ["*.pastebin.com", "*.transfer.sh", "*.ngrok.io"]\n\n';
|
|
@@ -166,8 +166,8 @@ function generateStrictPreset() {
|
|
|
166
166
|
toml += 'name = "Require approval for destructive operations"\n';
|
|
167
167
|
toml += 'policy_type = "RequireApproval"\n';
|
|
168
168
|
toml += "priority = 50\n";
|
|
169
|
-
toml += '
|
|
170
|
-
toml += '
|
|
169
|
+
toml += 'tool_pattern = "*"\n';
|
|
170
|
+
toml += 'function_pattern = "*"\n\n';
|
|
171
171
|
toml += "[policies.path_rules]\n";
|
|
172
172
|
toml += 'write_patterns = ["**/*"]\n\n';
|
|
173
173
|
return toml;
|
|
@@ -182,16 +182,16 @@ function generateBalancedPreset() {
|
|
|
182
182
|
toml += 'name = "Default deny all"\n';
|
|
183
183
|
toml += 'policy_type = "Deny"\n';
|
|
184
184
|
toml += "priority = 0\n";
|
|
185
|
-
toml += '
|
|
186
|
-
toml += '
|
|
185
|
+
toml += 'tool_pattern = "*"\n';
|
|
186
|
+
toml += 'function_pattern = "*"\n\n';
|
|
187
187
|
// Block credentials
|
|
188
188
|
toml += "[[policies]]\n";
|
|
189
189
|
toml += 'id = "block-credentials"\n';
|
|
190
190
|
toml += 'name = "Block credential access"\n';
|
|
191
191
|
toml += 'policy_type = "Deny"\n';
|
|
192
192
|
toml += "priority = 100\n";
|
|
193
|
-
toml += '
|
|
194
|
-
toml += '
|
|
193
|
+
toml += 'tool_pattern = "*"\n';
|
|
194
|
+
toml += 'function_pattern = "*"\n\n';
|
|
195
195
|
toml += "[policies.path_rules]\n";
|
|
196
196
|
toml +=
|
|
197
197
|
'blocked_patterns = ["**/.env", "**/*.key", "**/*.pem", "**/credentials*", "**/.ssh/**", "**/.aws/**"]\n\n';
|
|
@@ -202,7 +202,7 @@ function generateBalancedPreset() {
|
|
|
202
202
|
toml += 'policy_type = "Allow"\n';
|
|
203
203
|
toml += "priority = 50\n";
|
|
204
204
|
toml += 'tool = "*"\n';
|
|
205
|
-
toml += '
|
|
205
|
+
toml += 'function_pattern = "read*"\n\n';
|
|
206
206
|
// Require approval for writes
|
|
207
207
|
toml += "[[policies]]\n";
|
|
208
208
|
toml += 'id = "approve-writes"\n';
|
|
@@ -210,7 +210,7 @@ function generateBalancedPreset() {
|
|
|
210
210
|
toml += 'policy_type = "RequireApproval"\n';
|
|
211
211
|
toml += "priority = 50\n";
|
|
212
212
|
toml += 'tool = "*"\n';
|
|
213
|
-
toml += '
|
|
213
|
+
toml += 'function_pattern = "write*"\n\n';
|
|
214
214
|
return toml;
|
|
215
215
|
}
|
|
216
216
|
function generatePermissivePreset() {
|
|
@@ -223,16 +223,16 @@ function generatePermissivePreset() {
|
|
|
223
223
|
toml += 'name = "Default allow all"\n';
|
|
224
224
|
toml += 'policy_type = "Allow"\n';
|
|
225
225
|
toml += "priority = 0\n";
|
|
226
|
-
toml += '
|
|
227
|
-
toml += '
|
|
226
|
+
toml += 'tool_pattern = "*"\n';
|
|
227
|
+
toml += 'function_pattern = "*"\n\n';
|
|
228
228
|
// Block credentials
|
|
229
229
|
toml += "[[policies]]\n";
|
|
230
230
|
toml += 'id = "block-credentials"\n';
|
|
231
231
|
toml += 'name = "Block credential access"\n';
|
|
232
232
|
toml += 'policy_type = "Deny"\n';
|
|
233
233
|
toml += "priority = 100\n";
|
|
234
|
-
toml += '
|
|
235
|
-
toml += '
|
|
234
|
+
toml += 'tool_pattern = "*"\n';
|
|
235
|
+
toml += 'function_pattern = "*"\n\n';
|
|
236
236
|
toml += "[policies.path_rules]\n";
|
|
237
237
|
toml +=
|
|
238
238
|
'blocked_patterns = ["**/.env", "**/*.key", "**/*.pem", "**/credentials*", "**/.ssh/**", "**/.aws/**"]\n\n';
|
|
@@ -242,8 +242,8 @@ function generatePermissivePreset() {
|
|
|
242
242
|
toml += 'name = "Block data exfiltration"\n';
|
|
243
243
|
toml += 'policy_type = "Deny"\n';
|
|
244
244
|
toml += "priority = 100\n";
|
|
245
|
-
toml += '
|
|
246
|
-
toml += '
|
|
245
|
+
toml += 'tool_pattern = "*"\n';
|
|
246
|
+
toml += 'function_pattern = "*"\n\n';
|
|
247
247
|
toml += "[policies.network_rules]\n";
|
|
248
248
|
toml +=
|
|
249
249
|
'blocked_domains = ["*.pastebin.com", "*.transfer.sh", "*.ngrok.io"]\n\n';
|