Closed nbarraille closed 5 years ago
In FunctionShield v2.0.0 you need to add an additional parameter cookie
to any subsequent call to FunctionShield.configure
const FunctionShield = require("@puresec/function-shield");
const got = require("got");
const cookie = FunctionShield.configure({
policy: {
outbound_connectivity: "block",
read_write_tmp: "block",
create_child_process: "block",
read_handler: "block"
},
token: process.env.FUNCTION_SHIELD_TOKEN
});
exports.hello = async (event) => {
...
FunctionShield.configure({
cookie: cookie,
policy: {
outbound_connectivity: "allow"
}
});
const response = await got("https://api.company.com/users");
FunctionShield.configure({
cookie: cookie,
policy: {
outbound_connectivity: "block"
}
});
...
};
As it seems you're allowed to call
FunctionShield.configure
multiple times, what prevents Malicious code from re-allowing accesses before trying to make outbound network calls?