Merge pull request #17 from accordproject/disableJavaScriptEvaluation

feat: disableJavaScriptEvaluation

.eslintrc.yml

@@ -43,3 +43,4 @@ rules:
         - error
         - requireReturn: false
     yoda: error
+    '@typescript-eslint/no-explicit-any': 0

package.json

@@ -40,17 +40,17 @@
     "author": "accordproject.org",
     "license": "Apache-2.0",
     "dependencies": {
-        "@accordproject/concerto-codegen": "^3.15.2",
-        "@accordproject/concerto-core": "^3.11.1",
-        "@accordproject/concerto-util": "^3.11.1",
+        "@accordproject/concerto-codegen": "^3.20.0",
+        "@accordproject/concerto-core": "^3.16.1",
+        "@accordproject/concerto-util": "^3.16.1",
         "@accordproject/markdown-common": "^0.16.19",
         "@accordproject/markdown-template": "^0.16.19",
-        "@typescript/twoslash": "^3.2.1",
-        "dayjs": "1.11.7",
+        "@typescript/twoslash": "^3.2.4",
+        "dayjs": "1.11.10",
         "jsonpath": "^1.1.1",
-        "tar": "^6.1.13",
-        "traverse": "^0.6.7",
-        "typescript": "^4.6.3"
+        "tar": "^6.2.0",
+        "traverse": "^0.6.8",
+        "typescript": "^4"
     },
     "devDependencies": {
         "@accordproject/markdown-html": "^0.16.19",
@@ -60,8 +60,8 @@
         "@types/semver": "7.3.10",
         "@types/tar": "^6.1.4",
         "@types/traverse": "^0.6.32",
-        "@typescript-eslint/eslint-plugin": "5.27.1",
-        "@typescript-eslint/parser": "5.27.1",
+        "@typescript-eslint/eslint-plugin": "^6.19.0",
+        "@typescript-eslint/parser": "^6.19.0",
         "esbuild": "^0.18.12",
         "jest": "28.1.1",
         "license-check-and-add": "2.3.6",

src/TemplateMarkInterpreter.ts

@@ -57,6 +57,9 @@ function checkCode(code:ICode) {
  * @returns {object} the result of evaluating the expression against the data
  */
 function evaluateJavaScript(clauseLibrary:object, data: TemplateData, fn: string, options?: GenerationOptions): object {
+    if(options?.disableJavaScriptEvaluation) {
+        throw new Error('JavaScript evaluation is disabled.');
+    }
     if (!data || !fn) {
         throw new Error(`Cannot evaluate JS ${fn} against ${data}`);
     }

src/TypeScriptRuntime.ts

@@ -23,6 +23,7 @@ const DEBUG = false;
 export type GenerationOptions = {
     now?:string,
     locale?:string
+    disableJavaScriptEvaluation?:boolean
 }
 
 export function joinList(data:Array<string>, joinDef:any, options?:GenerationOptions) : string {

test/GenerateOptions.test.ts

@@ -0,0 +1,22 @@
+import { ModelManager } from '@accordproject/concerto-core';
+import { readFileSync } from 'fs';
+import { TemplateMarkInterpreter } from '../src';
+import { TemplateMarkTransformer } from '@accordproject/markdown-template';
+
+describe('template generation options', () => {
+    test('should fail to evaluate a formula with disableJavaScriptEvaluation set to true', async () => {
+        const f = async () => {
+            const model = readFileSync('./test/templates/good/helloformula/model.cto', 'utf-8');
+            const template = readFileSync('./test/templates/good/helloformula/template.md', 'utf-8');
+            const data = JSON.parse(readFileSync('./test/templates/good/helloformula/data.json', 'utf-8'));
+            const modelManager = new ModelManager({ strict: true });
+            modelManager.addCTOModel(model);
+            const engine = new TemplateMarkInterpreter(modelManager, {});
+            const templateMarkTransformer = new TemplateMarkTransformer();
+            const templateMarkDom = templateMarkTransformer.fromMarkdownTemplate({ content: template }, modelManager, 'contract', { verbose: false });
+            const now = '2023-03-17T00:00:00.000Z';
+            return engine.generate(templateMarkDom, data, {now, disableJavaScriptEvaluation: true});
+        };
+        await expect(f()).rejects.toThrow('JavaScript evaluation is disabled.');
+    });
+});

test/__snapshots__/TemplateMarkInterpreter.test.ts.snap

@@ -11,7 +11,7 @@ Array [
         "code": 2304,
         "id": "err-2304-468-4",
         "length": 4,
-        "line": 12,
+        "line": 65,
         "renderedMessage": "Cannot find name 'THIS'.",
         "start": 1424,
       },
@@ -21,7 +21,7 @@ Array [
         "code": 2304,
         "id": "err-2304-473-2",
         "length": 2,
-        "line": 12,
+        "line": 65,
         "renderedMessage": "Cannot find name 'IS'.",
         "start": 1429,
       },
@@ -31,7 +31,7 @@ Array [
         "code": 2304,
         "id": "err-2304-476-7",
         "length": 7,
-        "line": 12,
+        "line": 65,
         "renderedMessage": "Cannot find name 'GARBAGE'.",
         "start": 1432,
       },
@@ -41,7 +41,7 @@ Array [
         "code": 1435,
         "id": "err-1435-468-4",
         "length": 4,
-        "line": 12,
+        "line": 65,
         "renderedMessage": "Unknown keyword or identifier. Did you mean 'this'?",
         "start": 1424,
       },
@@ -51,7 +51,7 @@ Array [
         "code": 1434,
         "id": "err-1434-473-2",
         "length": 2,
-        "line": 12,
+        "line": 65,
         "renderedMessage": "Unexpected keyword or identifier.",
         "start": 1429,
       },
@@ -72,7 +72,7 @@ Array [
         "code": 2339,
         "id": "err-2339-483-7",
         "length": 7,
-        "line": 12,
+        "line": 65,
         "renderedMessage": "Property 'missing' does not exist on type 'string'.",
         "start": 1439,
       },
@@ -93,7 +93,7 @@ Array [
         "code": 18048,
         "id": "err-18048-475-7",
         "length": 7,
-        "line": 12,
+        "line": 65,
         "renderedMessage": "'message' is possibly 'undefined'.",
         "start": 1432,
       },