Don't load dangerous funcs by default

puerco · puerco · commit f9f8027e6bca · 2025-04-24T19:25:08.000-06:00
Signed-off-by: Adolfo García Veytia (Puerco) &lt;adolfo.garcia@uservers.net&gt;
diff --git a/pkg/library/api.go b/pkg/library/api.go
@@ -13,8 +13,8 @@ import (
 
 // Functions returns the compile-time options that define the functions that
 // the protobom library exposes to the cel environment.
-func (*Protobom) Functions() []cel.EnvOption {
-	return []cel.EnvOption{
+func (p *Protobom) Functions() []cel.EnvOption {
+	envopt := []cel.EnvOption{
 		cel.Function(
 			"get_files",
 			cel.MemberOverload(
@@ -195,15 +195,6 @@ func (*Protobom) Functions() []cel.EnvOption {
 			),
 		),
 
-		cel.Function(
-			"load_sbom",
-			cel.MemberOverload(
-				"protobom_loadsbom_binding",
-				[]*cel.Type{elements.ProtobomType, cel.StringType}, elements.DocumentType,
-				cel.BinaryBinding(functions.LoadSBOM),
-			),
-		),
-
 		cel.Function(
 			"relate_node_list_at_id",
 			cel.MemberOverload(
@@ -254,4 +245,22 @@ func (*Protobom) Functions() []cel.EnvOption {
 			),
 		),
 	}
+
+	// Here we add all the functions that trigger I/O calls on the host system
+	// only if the option is enables. Most apps will not need them so we don't
+	// load them by default.
+	if p.Options.EnableIO {
+		envopt = append(
+			envopt,
+			cel.Function(
+				"load_sbom",
+				cel.MemberOverload(
+					"protobom_loadsbom_binding",
+					[]*cel.Type{elements.ProtobomType, cel.StringType}, elements.DocumentType,
+					cel.BinaryBinding(functions.LoadSBOM),
+				),
+			),
+		)
+	}
+	return envopt
 }
