Write the whole string expression ("literal " +vars['var1']+ " more text " +vars['var2']) directly into the template, or
Add a functional block in the template to take the b64-decoded $body and replace any interpolated variables in the template code itself.
For option 1, buildBody could likely just return the result of performVariableExpansion on the body payload.
Option 2 is probably better practice as the user input won't escape the string; however users who are trying to execute arbitrary code could just leverage scripted checks.
Addresses https://github.com/grafana/synthetic-monitoring-agent/issues/637. Writing
encoding.b64decode(<BODY>)into the template doesn't let us catch where the user is referencing variables.We should either:
"literal " +vars['var1']+ " more text " +vars['var2']) directly into the template, or$bodyand replace any interpolated variables in the template code itself.For option 1,
buildBodycould likely just return the result ofperformVariableExpansionon the body payload.Option 2 is probably better practice as the user input won't escape the string; however users who are trying to execute arbitrary code could just leverage scripted checks.