Skip to content

Add workflow expression security validation#8

Draft
sezallagwal wants to merge 2 commits into
feature/workflow-composer-foundationfrom
feature/workflow-expression-security
Draft

Add workflow expression security validation#8
sezallagwal wants to merge 2 commits into
feature/workflow-composer-foundationfrom
feature/workflow-expression-security

Conversation

@sezallagwal

Copy link
Copy Markdown
Collaborator

Summary

  • Add security validation for workflow expressions
  • Block unsafe JavaScript patterns from being used in workflow expressions
  • Allow safe access to workflow steps, params, strings, arrays, and common helper methods
  • Add support for automatically returning expression results when needed
  • Provide reusable expression validation for composer and workflow logic

Depends on

#7

@dhairyashiil dhairyashiil left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi Sezal, thanks for adding the expression security layer. Since this is the sandbox boundary, could we fix two things before this lands?

Could we block computed access to dangerous properties like constructor, prototype, and __proto__? Right now direct access is blocked, but an expression can still build the property name dynamically and reach those properties through computed access. That means a transform can mutate prototypes, which breaks the security guarantee this PR is trying to provide.

Could we also add acorn as a runtime dependency in the root package? expression-security.ts imports it at runtime, but the root package.json does not list it under dependencies. It is only present through dev tooling, so production installs can fail.

Also, npm run lint starts failing on this stack around this area, so could we clean that up here as well?

This is a strong direction, I just think the security boundary should be strict from the first version.

@dhairyashiil dhairyashiil marked this pull request as draft July 1, 2026 09:03
Address review feedback on PR #8:

- Block computed member access with dynamic keys so constructor/prototype/__proto__ cannot be reached via runtime-built property names

- Add acorn as a runtime dependency (was only present transitively via dev tooling)

- Fix lint failures (attach cause on rethrow, justify structural any)

- Switch to an allowlist identifier model, bound AST depth, block reserved-name shadowing, and handle spread elements
@sezallagwal sezallagwal requested a review from dhairyashiil July 7, 2026 21:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants