Closed freshchen closed 8 months ago
ebussieres
commented
8 months ago I don't think we should add this kind of property in core engine. Why do you need this ?
It's developer responsability to protect templates access.
If your templates are shipped with your application code by your developers, your developers can't do more harm this way than what they can already do with malicious code in their Java code.
freshchen
commented
8 months ago Our scenario is LLM Agent. In order to make it more convenient for everyone, try to combine business and LLM capabilities. we provides SaaS services.
Users complete simple processing of registered API tool's result through the template engine. So the template content is provided by the customer's developer or independent software developer
We don’t want their templates to seriously affect the stability of our SaaS service, and we don’t want to introduce complex architectures like FaaS for simple operations.
ebussieres
commented
8 months ago If you don't control your templates, you're gonna be at risk. Please read this : https://github.com/PebbleTemplates/pebble/issues/625
freshchen
commented
8 months ago Thanks for notifying this very useful issue.
In addition, can we refer to the groovy sandbox on the basis of MethodAccessValidator to conduct security risk control on the entire execution process of the template.
Personally, I prefer the implementation of whitelisting.
Prevent malicious templates from draining CPU resources