feat: forward pipelock config dict instead of parsing individual fields
- Change PipelockRoutePolicy to store raw pipelock config dict instead
of individual coerced fields (TlsPassthrough, SsrfIpAllowlist)
- Update pipelock.py and egress.py to extract values from Config dict
- Simplifies manifest validation: pipelock handles its own schema
- Enables new pipelock options like skip_scan_for_extensions without
updating bot-bottle code
This allows bottles to configure pipelock directly, e.g.:
pipelock:
skip_scan_for_extensions: [".whl", ".tar.gz"]
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
This commit is contained in:
@@ -132,8 +132,11 @@ def pipelock_effective_ssrf_ip_allowlist(
|
||||
"""
|
||||
seen: dict[str, None] = {ip: None for ip in extra}
|
||||
for route in bottle.egress.routes:
|
||||
for ip in route.Pipelock.SsrfIpAllowlist:
|
||||
seen.setdefault(ip, None)
|
||||
ssrf_raw = route.Pipelock.Config.get("ssrf_ip_allowlist", [])
|
||||
if isinstance(ssrf_raw, list):
|
||||
for ip in ssrf_raw:
|
||||
if isinstance(ip, str):
|
||||
seen.setdefault(ip, None)
|
||||
return sorted(seen.keys())
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user