15308555518/ MaxKB
1
0
Fork 0
mirror of https://github.com/1Panel-dev/MaxKB.git synced 2025-12-26 01:33:05 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

refactor: forbidden access by hostname or docker ip.

This commit is contained in:
liqiang-fit2cloud 2025-11-06 16:52:47 +08:00
parent f0ecad6de1
commit c1fbb41aa5
1 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
apps/common/utils/tool_code.py
View File

@ -5,7 +5,7 @@ import os
import subprocess
import sys
from textwrap import dedent
import socket
import uuid_utils.compat as uuid
from django.utils.translation import gettext_lazy as _
@ -28,7 +28,15 @@ class ToolExecutor:
if self.sandbox:
os.system(f"chown -R {self.user}:root {self.sandbox_path}")
self.banned_keywords = CONFIG.get("SANDBOX_PYTHON_BANNED_KEYWORDS", 'nothing_is_banned').split(',');
self.banned_hosts = CONFIG.get("SANDBOX_PYTHON_BANNED_HOSTS", '');
banned_hosts = CONFIG.get("SANDBOX_PYTHON_BANNED_HOSTS", '').strip()
try:
if banned_hosts:
hostname = socket.gethostname()
local_ip = socket.gethostbyname(hostname)
banned_hosts = f"{banned_hosts},{hostname},{local_ip}"
except Exception:
pass
self.banned_hosts = banned_hosts
def _createdir(self):
old_mask = os.umask(0o077)