Skip to content

Enable Function sink again, with support for eval #861

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
hansott wants to merge 8 commits into
base: main
Choose a base branch
from
Open

Enable Function sink again, with support for eval #861

hansott wants to merge 8 commits into from

Conversation

@hansott
Copy link
Member

@hansott hansott commented Dec 19, 2025
edited
Loading

Summary by Aikido

🚀 New Features

  • Enabled Function sink using native addon to support eval

⚡ Enhancements

  • Downloaded Node internals during build with version caching and parallel downloads
  • Included node_internals in build output and uploaded in CI artifacts

🔧 Refactors

  • Refactored Function wrapper to use inspectArgs and addon loader

aikido-pr-checks[bot]
aikido-pr-checks bot reviewed Dec 19, 2025
View reviewed changes
timokoessler
timokoessler reviewed Dec 19, 2025
View reviewed changes
@hansott
Add tests for eval (direct and indirect)
5b646fc
@hansott
Refactor
6b2251c 
- Extract loading native addon to a function
- Use `inspectArgs` (which is also used for ESM instrumentation)
- Use `getLibraryRoot()` for path to binaries (needed for bundling later)
aikido-pr-checks[bot]
aikido-pr-checks bot reviewed Dec 19, 2025
View reviewed changes
aikido-pr-checks[bot]
aikido-pr-checks bot reviewed Dec 19, 2025
View reviewed changes
@hansott
Upload native addon
bbcfffe
@hansott
Merge branch 'main' of github.com:AikidoSec/node-RASP into dynamic-co…
c2bc027 
…de-hook

* 'main' of github.com:AikidoSec/node-RASP:
  Fix linting
  Fix bypassed ips ignored by Prisma sink
  Always create new array
  Do not mutate variable in function
  Remove default param value
  Fix edge case regarding attack wave samples
  Reduce sample app size
  Add e2e test
  Add vulnerable Next.js app
timokoessler
timokoessler approved these changes Dec 29, 2025
View reviewed changes
library/agent/protect.ts
import { Mistral } from "../sinks/Mistral";
import { Anthropic } from "../sinks/Anthropic";
import { GoogleGenAi } from "../sinks/GoogleGenAi";
import { Function } from "../sinks/Function";
Copy link
Member

@timokoessler timokoessler Dec 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe rename to FunctionSink to not override global Function in this file?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@timokoessler timokoessler timokoessler approved these changes

+1 more reviewer

@aikido-pr-checks aikido-pr-checks[bot] aikido-pr-checks[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@hansott @timokoessler