From 10aa58e53b5bb7ef322d9f95c1a8b8850817cc35 Mon Sep 17 00:00:00 2001 From: Henry Date: Thu, 18 Sep 2025 11:38:19 +0100 Subject: [PATCH] disable available dependencies by default, only allow when ALLOW_BUILTIN_DEP is set to true --- CONTRIBUTING.md | 5 +++-- docker/.env.example | 1 + docker/docker-compose-queue-prebuilt.yml | 6 ++++-- docker/docker-compose.yml | 3 ++- docker/worker/.env.example | 1 + docker/worker/docker-compose.yml | 3 ++- packages/components/src/utils.ts | 2 +- packages/server/.env.example | 1 + packages/server/src/commands/base.ts | 4 +++- 9 files changed, 18 insertions(+), 8 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index bda3b5e11..90a7acafb 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -130,8 +130,9 @@ Flowise support different environment variables to configure your instance. You | LOG_PATH | Location where log files are stored | String | `your-path/Flowise/logs` | | LOG_LEVEL | Different levels of logs | Enum String: `error`, `info`, `verbose`, `debug` | `info` | | LOG_JSON_SPACES | Spaces to beautify JSON logs | | 2 | -| TOOL_FUNCTION_BUILTIN_DEP | NodeJS built-in modules to be used for Tool Function | String | | -| TOOL_FUNCTION_EXTERNAL_DEP | External modules to be used for Tool Function | String | | +| TOOL_FUNCTION_BUILTIN_DEP | NodeJS built-in modules to be used for Custom Tool or Function | String | | +| TOOL_FUNCTION_EXTERNAL_DEP | External modules to be used for Custom Tool or Function | String | | +| ALLOW_BUILTIN_DEP | Allow project dependencies to be used for Custom Tool or Function | Boolean | false | | DATABASE_TYPE | Type of database to store the flowise data | Enum String: `sqlite`, `mysql`, `postgres` | `sqlite` | | DATABASE_PATH | Location where database is saved (When DATABASE_TYPE is sqlite) | String | `your-home-dir/.flowise` | | DATABASE_HOST | Host URL or IP address (When DATABASE_TYPE is not sqlite) | String | | diff --git a/docker/.env.example b/docker/.env.example index 7e72923e9..07b65a45d 100644 --- a/docker/.env.example +++ b/docker/.env.example @@ -39,6 +39,7 @@ LOG_PATH=/root/.flowise/logs # LOG_LEVEL=info #(error | warn | info | verbose | debug) # TOOL_FUNCTION_BUILTIN_DEP=crypto,fs # TOOL_FUNCTION_EXTERNAL_DEP=moment,lodash +# ALLOW_BUILTIN_DEP=false ############################################################################################################ diff --git a/docker/docker-compose-queue-prebuilt.yml b/docker/docker-compose-queue-prebuilt.yml index 3777cd9d1..0115af1b2 100644 --- a/docker/docker-compose-queue-prebuilt.yml +++ b/docker/docker-compose-queue-prebuilt.yml @@ -47,9 +47,10 @@ services: - LOG_PATH=${LOG_PATH} - LOG_LEVEL=${LOG_LEVEL} - # CUSTOM TOOL DEPENDENCIES + # CUSTOM TOOL/FUNCTION DEPENDENCIES - TOOL_FUNCTION_BUILTIN_DEP=${TOOL_FUNCTION_BUILTIN_DEP} - TOOL_FUNCTION_EXTERNAL_DEP=${TOOL_FUNCTION_EXTERNAL_DEP} + - ALLOW_BUILTIN_DEP=${ALLOW_BUILTIN_DEP} # STORAGE - STORAGE_TYPE=${STORAGE_TYPE} @@ -183,9 +184,10 @@ services: - LOG_PATH=${LOG_PATH} - LOG_LEVEL=${LOG_LEVEL} - # CUSTOM TOOL DEPENDENCIES + # CUSTOM TOOL/FUNCTION DEPENDENCIES - TOOL_FUNCTION_BUILTIN_DEP=${TOOL_FUNCTION_BUILTIN_DEP} - TOOL_FUNCTION_EXTERNAL_DEP=${TOOL_FUNCTION_EXTERNAL_DEP} + - ALLOW_BUILTIN_DEP=${ALLOW_BUILTIN_DEP} # STORAGE - STORAGE_TYPE=${STORAGE_TYPE} diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index 3f7529983..5b476977b 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -32,9 +32,10 @@ services: - LOG_PATH=${LOG_PATH} - LOG_LEVEL=${LOG_LEVEL} - # CUSTOM TOOL DEPENDENCIES + # CUSTOM TOOL/FUNCTION DEPENDENCIES - TOOL_FUNCTION_BUILTIN_DEP=${TOOL_FUNCTION_BUILTIN_DEP} - TOOL_FUNCTION_EXTERNAL_DEP=${TOOL_FUNCTION_EXTERNAL_DEP} + - ALLOW_BUILTIN_DEP=${ALLOW_BUILTIN_DEP} # STORAGE - STORAGE_TYPE=${STORAGE_TYPE} diff --git a/docker/worker/.env.example b/docker/worker/.env.example index 0540cf768..926224ed2 100644 --- a/docker/worker/.env.example +++ b/docker/worker/.env.example @@ -39,6 +39,7 @@ LOG_PATH=/root/.flowise/logs # LOG_LEVEL=info #(error | warn | info | verbose | debug) # TOOL_FUNCTION_BUILTIN_DEP=crypto,fs # TOOL_FUNCTION_EXTERNAL_DEP=moment,lodash +# ALLOW_BUILTIN_DEP=false ############################################################################################################ diff --git a/docker/worker/docker-compose.yml b/docker/worker/docker-compose.yml index 4a8924dd2..703dfed7b 100644 --- a/docker/worker/docker-compose.yml +++ b/docker/worker/docker-compose.yml @@ -32,9 +32,10 @@ services: - LOG_PATH=${LOG_PATH} - LOG_LEVEL=${LOG_LEVEL} - # CUSTOM TOOL DEPENDENCIES + # CUSTOM TOOL/FUNCTION DEPENDENCIES - TOOL_FUNCTION_BUILTIN_DEP=${TOOL_FUNCTION_BUILTIN_DEP} - TOOL_FUNCTION_EXTERNAL_DEP=${TOOL_FUNCTION_EXTERNAL_DEP} + - ALLOW_BUILTIN_DEP=${ALLOW_BUILTIN_DEP} # STORAGE - STORAGE_TYPE=${STORAGE_TYPE} diff --git a/packages/components/src/utils.ts b/packages/components/src/utils.ts index 7b0c4a25d..d07bbd060 100644 --- a/packages/components/src/utils.ts +++ b/packages/components/src/utils.ts @@ -1543,7 +1543,7 @@ export const executeJavaScriptCode = async ( ? defaultAllowBuiltInDep.concat(process.env.TOOL_FUNCTION_BUILTIN_DEP.split(',')) : defaultAllowBuiltInDep const externalDeps = process.env.TOOL_FUNCTION_EXTERNAL_DEP ? process.env.TOOL_FUNCTION_EXTERNAL_DEP.split(',') : [] - const deps = availableDependencies.concat(externalDeps) + const deps = process.env.ALLOW_BUILTIN_DEP === 'true' ? availableDependencies.concat(externalDeps) : externalDeps const defaultNodeVMOptions: any = { console: 'inherit', diff --git a/packages/server/.env.example b/packages/server/.env.example index fe47880b0..2c9fcce91 100644 --- a/packages/server/.env.example +++ b/packages/server/.env.example @@ -39,6 +39,7 @@ PORT=3000 # LOG_LEVEL=info #(error | warn | info | verbose | debug) # TOOL_FUNCTION_BUILTIN_DEP=crypto,fs # TOOL_FUNCTION_EXTERNAL_DEP=moment,lodash +# ALLOW_BUILTIN_DEP=false ############################################################################################################ diff --git a/packages/server/src/commands/base.ts b/packages/server/src/commands/base.ts index bdffb8f62..cc40e367f 100644 --- a/packages/server/src/commands/base.ts +++ b/packages/server/src/commands/base.ts @@ -22,6 +22,7 @@ export abstract class BaseCommand extends Command { LOG_LEVEL: Flags.string(), TOOL_FUNCTION_BUILTIN_DEP: Flags.string(), TOOL_FUNCTION_EXTERNAL_DEP: Flags.string(), + ALLOW_BUILTIN_DEP: Flags.string(), NUMBER_OF_PROXIES: Flags.string(), DATABASE_TYPE: Flags.string(), DATABASE_PATH: Flags.string(), @@ -143,9 +144,10 @@ export abstract class BaseCommand extends Command { if (flags.LOG_PATH) process.env.LOG_PATH = flags.LOG_PATH if (flags.LOG_LEVEL) process.env.LOG_LEVEL = flags.LOG_LEVEL - // Tool functions + // Custom tool/function dependencies if (flags.TOOL_FUNCTION_BUILTIN_DEP) process.env.TOOL_FUNCTION_BUILTIN_DEP = flags.TOOL_FUNCTION_BUILTIN_DEP if (flags.TOOL_FUNCTION_EXTERNAL_DEP) process.env.TOOL_FUNCTION_EXTERNAL_DEP = flags.TOOL_FUNCTION_EXTERNAL_DEP + if (flags.ALLOW_BUILTIN_DEP) process.env.ALLOW_BUILTIN_DEP = flags.ALLOW_BUILTIN_DEP // Database config if (flags.DATABASE_TYPE) process.env.DATABASE_TYPE = flags.DATABASE_TYPE