From 6e39df454c192567592bfe7e709e86d9c96d0d32 Mon Sep 17 00:00:00 2001 From: liqiang-fit2cloud Date: Thu, 6 Nov 2025 11:23:09 +0800 Subject: [PATCH] refactor: rename MAXKB_SANDBOX_PYTHON_ALLOW_HOSTS_REGEXES to MAXKB_SANDBOX_PYTHON_ALLOW_HOST_REGEXES --- apps/common/utils/tool_code.py | 6 +++--- installer/Dockerfile-base | 2 +- installer/sandbox.c | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/apps/common/utils/tool_code.py b/apps/common/utils/tool_code.py index d6298805e..a8c0c1f35 100644 --- a/apps/common/utils/tool_code.py +++ b/apps/common/utils/tool_code.py @@ -28,7 +28,7 @@ class ToolExecutor: if self.sandbox: os.system(f"chown -R {self.user}:root {self.sandbox_path}") self.banned_keywords = CONFIG.get("SANDBOX_PYTHON_BANNED_KEYWORDS", 'nothing_is_banned').split(','); - self.allow_hosts_regexes = CONFIG.get("SANDBOX_PYTHON_ALLOW_HOSTS_REGEXES", ''); + self.allow_host_regexes = CONFIG.get("SANDBOX_PYTHON_ALLOW_HOST_REGEXES", ''); def _createdir(self): old_mask = os.umask(0o077) @@ -183,7 +183,7 @@ exec({dedent(code)!a}) 'cwd': self.sandbox_path, 'env': { 'LD_PRELOAD': '/opt/maxkb-app/sandbox/sandbox.so', - 'SANDBOX_ALLOW_HOSTS_REGEXES': self.allow_hosts_regexes, + 'SANDBOX_ALLOW_HOST_REGEXES': self.allow_host_regexes, }, 'transport': 'stdio', } @@ -203,7 +203,7 @@ exec({dedent(code)!a}) kwargs = {'cwd': BASE_DIR} kwargs['env'] = { 'LD_PRELOAD': '/opt/maxkb-app/sandbox/sandbox.so', - 'SANDBOX_ALLOW_HOSTS_REGEXES': self.allow_hosts_regexes, + 'SANDBOX_ALLOW_HOST_REGEXES': self.allow_host_regexes, } subprocess_result = subprocess.run( ['su', '-s', python_directory, '-c', "exec(open('" + exec_python_file + "').read())", self.user], diff --git a/installer/Dockerfile-base b/installer/Dockerfile-base index e6ab69149..80a6417e6 100644 --- a/installer/Dockerfile-base +++ b/installer/Dockerfile-base @@ -47,7 +47,7 @@ ENV PATH=/opt/py3/bin:$PATH \ MAXKB_SANDBOX=1 \ MAXKB_SANDBOX_PYTHON_PACKAGE_PATHS="/opt/py3/lib/python3.11/site-packages,/opt/maxkb-app/sandbox/python-packages,/opt/maxkb/python-packages" \ MAXKB_SANDBOX_PYTHON_BANNED_KEYWORDS="subprocess.,system(,exec(,execve(,pty.,eval(,compile(,shutil.,input(,__import__" \ - MAXKB_SANDBOX_PYTHON_ALLOW_HOSTS_REGEXES=".*,!=127\.0\.0\.1,!=localhost,!=maxkb,!=pgsql,!=redis" \ + MAXKB_SANDBOX_PYTHON_ALLOW_HOST_REGEXES=".*,!=127\.0\.0\.1,!=localhost,!=maxkb,!=pgsql,!=redis" \ MAXKB_ADMIN_PATH=/admin EXPOSE 6379 \ No newline at end of file diff --git a/installer/sandbox.c b/installer/sandbox.c index 0c1d61104..e71a49f3b 100644 --- a/installer/sandbox.c +++ b/installer/sandbox.c @@ -65,7 +65,7 @@ static int is_allowed_by_env(const char *target, const char *env_val) { /** 检查逻辑封装 */ static int check_host(const char *host) { - const char *env = getenv("SANDBOX_ALLOW_HOSTS_REGEXES"); + const char *env = getenv("SANDBOX_ALLOW_HOST_REGEXES"); return is_allowed_by_env(host, env); }