npm - postman-runtime - Versions diffs - 7.41.2 → 7.43.0 - Mend

postman-runtime 7.41.2 → 7.43.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/CHANGELOG.yaml +17 -0
package/README.md +3 -0
package/dist/index.js +1 -1
package/lib/runner/extensions/event.command.js +48 -7
package/lib/runner/extensions/item.command.js +4 -2
package/lib/runner/extensions/waterfall.command.js +2 -1
package/lib/runner/index.js +1 -0
package/lib/runner/util.js +1 -1
package/package.json +3 -3

package/lib/runner/extensions/event.command.js CHANGED Viewed

@@ -21,6 +21,8 @@ var _ = require('lodash'),
     EXECUTION_COOKIES_EVENT_BASE = 'execution.cookies.',
     EXECUTION_SKIP_REQUEST_EVENT_BASE = 'execution.skipRequest.',
+    EXECUTION_VAULT_BASE = 'execution.vault.',
     COOKIES_EVENT_STORE_ACTION = 'store',
     COOKIE_STORE_PUT_METHOD = 'putCookie',
     COOKIE_STORE_UPDATE_METHOD = 'updateCookie',
@@ -240,6 +242,11 @@ module.exports = {
                 packageResolver = _.get(this, 'options.script.packageResolver'),
+                vaultSecrets = payload.context.vaultSecrets,
+                // Do not assign any initial value here as it will be used
+                // to determine if the vault access check was done or not
+                hasVaultAccess,
                 events;
             // @todo: find a better place to code this so that event is not aware of such options
@@ -387,6 +394,37 @@ module.exports = {
                         }
                     }.bind(this));
+                this.host.on(EXECUTION_VAULT_BASE + executionId, async function (id, cmd, ...args) {
+                    if (hasVaultAccess === undefined) {
+                        try {
+                            // eslint-disable-next-line require-atomic-updates
+                            hasVaultAccess = Boolean(await vaultSecrets?._?.allowScriptAccess(item.id));
+                        }
+                        catch (_) {
+                            // eslint-disable-next-line require-atomic-updates
+                            hasVaultAccess = false;
+                        }
+                    }
+                    // Ensure error is string
+                    // TODO identify why error objects are not being serialized correctly
+                    const dispatch = (e, r) => { this.host.dispatch(EXECUTION_VAULT_BASE + executionId, id, e, r); };
+                    if (!hasVaultAccess) {
+                        return dispatch('Vault access denied');
+                    }
+                    if (!['get', 'set', 'unset'].includes(cmd)) {
+                        return dispatch(`Invalid vault command: ${cmd}`);
+                    }
+                    // Explicitly enable tracking for vault secrets here as this will
+                    // not be sent to sandbox who otherwise takes care of mutation tracking
+                    vaultSecrets.enableTracking({ autoCompact: true });
+                    dispatch(null, vaultSecrets[cmd](...args));
+                }.bind(this));
                 this.host.on(EXECUTION_REQUEST_EVENT_BASE + executionId,
                     function (scriptCursor, id, requestId, request) {
                         // remove files in request body if any
@@ -458,11 +496,7 @@ module.exports = {
                             // @todo: Expose this as a property in Collection SDK's Script
                             timeout: payload.scriptTimeout,
                             cursor: scriptCursor,
-                            context: {
-                                ..._.pick(payload.context, SAFE_CONTEXT_VARIABLES),
-                                vaultSecrets: _.get(payload.context.vaultSecrets, '_.allowScriptAccess') ?
-                                    payload.context.vaultSecrets : undefined
-                            },
+                            context: _.pick(payload.context, SAFE_CONTEXT_VARIABLES),
                             resolvedPackages: resolvedPackages,
                             // legacy options
@@ -479,6 +513,7 @@ module.exports = {
                             this.host.removeAllListeners(EXECUTION_COOKIES_EVENT_BASE + executionId);
                             this.host.removeAllListeners(EXECUTION_ERROR_EVENT_BASE + executionId);
                             this.host.removeAllListeners(EXECUTION_SKIP_REQUEST_EVENT_BASE + executionId);
+                            this.host.removeAllListeners(EXECUTION_VAULT_BASE + executionId);
                             // Handle async errors as well.
                             // If there was an error running the script itself, that takes precedence
@@ -529,10 +564,16 @@ module.exports = {
                             result && result.globals && (result.globals = new sdk.VariableScope(result.globals));
                             result && result.collectionVariables &&
                                 (result.collectionVariables = new sdk.VariableScope(result.collectionVariables));
-                            result && result.vaultSecrets &&
-                                (result.vaultSecrets = new sdk.VariableScope(result.vaultSecrets));
                             result && result.request && (result.request = new sdk.Request(result.request));
+                            // vault secrets are not sent to sandbox, thus using the scope from run context.
+                            if (hasVaultAccess && vaultSecrets) {
+                                result.vaultSecrets = vaultSecrets;
+                                // Prevent mutations from being carry-forwarded to subsequent events
+                                vaultSecrets.disableTracking();
+                            }
                             // @note Since postman-sandbox@3.5.2, response object is not included in the execution
                             // result.
                             // Refer: https://github.com/postmanlabs/postman-sandbox/pull/512

package/lib/runner/extensions/item.command.js CHANGED Viewed

@@ -152,7 +152,8 @@ module.exports = {
                     item: item,
                     coords: coords,
                     context: ctxTemplate,
-                    trackContext: ['globals', 'environment', 'collectionVariables', 'vaultSecrets'],
+                    // No need to include vaultSecrets here as runtime takes care of tracking internally
+                    trackContext: ['globals', 'environment', 'collectionVariables'],
                     stopOnScriptError: stopOnError,
                     stopOnFailure: stopOnFailure
                 }).done(function (prereqExecutions, prereqExecutionError, shouldSkipExecution) {
@@ -234,7 +235,8 @@ module.exports = {
                             item: item,
                             coords: coords,
                             context: ctxTemplate,
-                            trackContext: ['tests', 'globals', 'environment', 'collectionVariables', 'vaultSecrets'],
+                            // No need to include vaultSecrets here as runtime takes care of tracking internally
+                            trackContext: ['tests', 'globals', 'environment', 'collectionVariables'],
                             stopOnScriptError: stopOnError,
                             abortOnFailure: abortOnFailure,
                             stopOnFailure: stopOnFailure

package/lib/runner/extensions/waterfall.command.js CHANGED Viewed

@@ -80,7 +80,8 @@ module.exports = {
             new VariableScope(state.vaultSecrets);
         state.collectionVariables = VariableScope.isVariableScope(state.collectionVariables) ?
             state.collectionVariables : new VariableScope(state.collectionVariables);
-        state._variables = new VariableScope();
+        state._variables = VariableScope.isVariableScope(state.localVariables) ?
+            state.localVariables : new VariableScope(state.localVariables);
         // prepare the vault variable scope
         prepareVaultVariableScope(state.vaultSecrets);

package/lib/runner/index.js CHANGED Viewed

@@ -121,6 +121,7 @@ _.assign(Runner.prototype, {
                 vaultSecrets: options.vaultSecrets,
                 // @todo Move to item level to support Item and ItemGroup variables
                 collectionVariables: collection.variables,
+                localVariables: options.localVariables,
                 certificates: options.certificates,
                 proxies: options.proxies
             }, runOptions)));

package/lib/runner/util.js CHANGED Viewed

@@ -201,7 +201,7 @@ module.exports = {
                 const url = new Url(domain);
                 // @note URL path is ignored
-                return `${url.protocol || 'https'}://${url.getRemote()}/*`;
+                return `${url.protocol || 'https'}://${url.getRemote()}:*/*`;
             }));
         });

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "postman-runtime",
-  "version": "7.41.2",
+  "version": "7.43.0",
   "description": "Underlying library of executing Postman Collections",
   "author": "Postman Inc.",
   "license": "Apache-2.0",
@@ -55,8 +55,8 @@
     "node-oauth1": "1.3.0",
     "performance-now": "2.1.0",
     "postman-collection": "4.5.0",
-    "postman-request": "2.88.1-postman.39",
-    "postman-sandbox": "5.1.1",
+    "postman-request": "2.88.1-postman.40",
+    "postman-sandbox": "5.1.2",
     "postman-url-encoder": "3.0.5",
     "serialised-error": "1.1.3",
     "strip-json-comments": "3.1.1",