mirror of
https://github.com/langbot-app/LangBot.git
synced 2026-06-02 03:55:55 +00:00
76fbd08680
- Fix O(n²) stderr trimming in runtime.py with running length tracker
- Remove dead code: RESERVED_CONTAINER_PATHS, _subprocess_wait_task,
unused config_hash computation, unused imports
- Deduplicate connection callback in BoxRuntimeConnector, parse URL once
- Use enum comparison instead of stringly-typed spec.network.value check
- Replace manual _result_to_dict/_session_to_dict with model_dump()
- Cache NativeToolLoader tool definition and sandbox system guidance
- Extract _is_path_under() helper to eliminate duplicated path checks
- Import SANDBOX_EXEC_TOOL_NAME from native.py instead of redefining
- Add JSON startswith guard in logging_utils to skip futile json.loads
- Fix ruff lint errors (F401 unused imports, F841 unused variables)
36 lines
877 B
Python
36 lines
877 B
Python
from __future__ import annotations
|
|
|
|
import os
|
|
|
|
from .errors import BoxValidationError
|
|
from .models import BoxSpec
|
|
|
|
BLOCKED_HOST_PATHS = frozenset({
|
|
'/etc',
|
|
'/proc',
|
|
'/sys',
|
|
'/dev',
|
|
'/root',
|
|
'/boot',
|
|
'/run',
|
|
'/var/run',
|
|
'/run/docker.sock',
|
|
'/var/run/docker.sock',
|
|
'/run/podman',
|
|
'/var/run/podman',
|
|
})
|
|
|
|
|
|
def validate_sandbox_security(spec: BoxSpec) -> None:
|
|
"""Validate that a BoxSpec does not request dangerous container config.
|
|
|
|
Raises BoxValidationError when the spec contains a blocked host_path.
|
|
"""
|
|
if spec.host_path:
|
|
real = os.path.realpath(spec.host_path)
|
|
for blocked in BLOCKED_HOST_PATHS:
|
|
if real == blocked or real.startswith(blocked + '/'):
|
|
raise BoxValidationError(
|
|
f'host_path {spec.host_path} is blocked for security'
|
|
)
|