create-vellaveto 4.0.4 → 4.0.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/generators/toml.js +6 -22
- package/package.json +1 -1
package/dist/generators/toml.js
CHANGED
|
@@ -148,7 +148,7 @@ function generateStrictPreset() {
|
|
|
148
148
|
toml += 'function_pattern = "*"\n\n';
|
|
149
149
|
toml += "[policies.path_rules]\n";
|
|
150
150
|
toml +=
|
|
151
|
-
'
|
|
151
|
+
'blocked = ["**/.env", "**/*.key", "**/*.pem", "**/credentials*", "**/.ssh/**", "**/.aws/**"]\n\n';
|
|
152
152
|
// Block exfiltration
|
|
153
153
|
toml += "[[policies]]\n";
|
|
154
154
|
toml += 'id = "block-exfiltration"\n';
|
|
@@ -160,16 +160,7 @@ function generateStrictPreset() {
|
|
|
160
160
|
toml += "[policies.network_rules]\n";
|
|
161
161
|
toml +=
|
|
162
162
|
'blocked_domains = ["*.pastebin.com", "*.transfer.sh", "*.ngrok.io"]\n\n';
|
|
163
|
-
//
|
|
164
|
-
toml += "[[policies]]\n";
|
|
165
|
-
toml += 'id = "approve-destructive"\n';
|
|
166
|
-
toml += 'name = "Require approval for destructive operations"\n';
|
|
167
|
-
toml += 'policy_type = "RequireApproval"\n';
|
|
168
|
-
toml += "priority = 50\n";
|
|
169
|
-
toml += 'tool_pattern = "*"\n';
|
|
170
|
-
toml += 'function_pattern = "*"\n\n';
|
|
171
|
-
toml += "[policies.path_rules]\n";
|
|
172
|
-
toml += 'write_patterns = ["**/*"]\n\n';
|
|
163
|
+
// Note: all operations not explicitly allowed are denied by default-deny
|
|
173
164
|
return toml;
|
|
174
165
|
}
|
|
175
166
|
function generateBalancedPreset() {
|
|
@@ -194,23 +185,16 @@ function generateBalancedPreset() {
|
|
|
194
185
|
toml += 'function_pattern = "*"\n\n';
|
|
195
186
|
toml += "[policies.path_rules]\n";
|
|
196
187
|
toml +=
|
|
197
|
-
'
|
|
188
|
+
'blocked = ["**/.env", "**/*.key", "**/*.pem", "**/credentials*", "**/.ssh/**", "**/.aws/**"]\n\n';
|
|
198
189
|
// Allow reads
|
|
199
190
|
toml += "[[policies]]\n";
|
|
200
191
|
toml += 'id = "allow-reads"\n';
|
|
201
192
|
toml += 'name = "Allow file reads"\n';
|
|
202
193
|
toml += 'policy_type = "Allow"\n';
|
|
203
194
|
toml += "priority = 50\n";
|
|
204
|
-
toml += '
|
|
195
|
+
toml += 'tool_pattern = "*"\n';
|
|
205
196
|
toml += 'function_pattern = "read*"\n\n';
|
|
206
|
-
//
|
|
207
|
-
toml += "[[policies]]\n";
|
|
208
|
-
toml += 'id = "approve-writes"\n';
|
|
209
|
-
toml += 'name = "Require approval for file writes"\n';
|
|
210
|
-
toml += 'policy_type = "RequireApproval"\n';
|
|
211
|
-
toml += "priority = 50\n";
|
|
212
|
-
toml += 'tool = "*"\n';
|
|
213
|
-
toml += 'function_pattern = "write*"\n\n';
|
|
197
|
+
// Note: writes are denied by default-deny; only reads are explicitly allowed
|
|
214
198
|
return toml;
|
|
215
199
|
}
|
|
216
200
|
function generatePermissivePreset() {
|
|
@@ -235,7 +219,7 @@ function generatePermissivePreset() {
|
|
|
235
219
|
toml += 'function_pattern = "*"\n\n';
|
|
236
220
|
toml += "[policies.path_rules]\n";
|
|
237
221
|
toml +=
|
|
238
|
-
'
|
|
222
|
+
'blocked = ["**/.env", "**/*.key", "**/*.pem", "**/credentials*", "**/.ssh/**", "**/.aws/**"]\n\n';
|
|
239
223
|
// Block exfiltration
|
|
240
224
|
toml += "[[policies]]\n";
|
|
241
225
|
toml += 'id = "block-exfiltration"\n';
|