studio/wfe
2
0
Fork 0
Code Issues Pull Requests Actions Packages Releases 10 Activity

feat(wfe-yaml): add log streaming to shell executor + security hardening

Browse Source 
Shell step streaming: when LogSink is present, uses cmd.spawn() with
tokio::select! to interleave stdout/stderr line-by-line. Respects
timeout_ms with child.kill() on timeout. Falls back to buffered mode
when no LogSink.

Security: block sensitive env var overrides (PATH, LD_PRELOAD, etc.)
from workflow data injection. Proper error handling for pipe capture.

4 LogSink regression tests + 2 env var security regression tests.
This commit is contained in:
Sienna Meridian Satterwhite
2026-04-01 14:33:53 +01:00
parent 7a9af8015e
commit c63bf7b814
5 changed files with 393 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
wfe-yaml/Cargo.toml
View File

@@ -21,6 +21,7 @@ async-trait = { workspace = true }
tokio = { workspace = true }
thiserror = { workspace = true }
tracing = { workspace = true }
chrono = { workspace = true }
regex = { workspace = true }
deno_core = { workspace = true, optional = true }
deno_error = { workspace = true, optional = true }