From c1fbb41aa5fee30e91796b213e0938c4d0017694 Mon Sep 17 00:00:00 2001
From: liqiang-fit2cloud <liqiang@fit2cloud.com>
Date: Thu, 6 Nov 2025 16:52:47 +0800
Subject: [PATCH] refactor: forbidden access by hostname or docker ip.

---
 apps/common/utils/tool_code.py | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/apps/common/utils/tool_code.py b/apps/common/utils/tool_code.py
index 7143dbff7..fd5e0283b 100644
--- a/apps/common/utils/tool_code.py
+++ b/apps/common/utils/tool_code.py
@@ -5,7 +5,7 @@ import os
 import subprocess
 import sys
 from textwrap import dedent
-
+import socket
 import uuid_utils.compat as uuid
 from django.utils.translation import gettext_lazy as _
 
@@ -28,7 +28,15 @@ class ToolExecutor:
         if self.sandbox:
             os.system(f"chown -R {self.user}:root {self.sandbox_path}")
         self.banned_keywords = CONFIG.get("SANDBOX_PYTHON_BANNED_KEYWORDS", 'nothing_is_banned').split(',');
-        self.banned_hosts = CONFIG.get("SANDBOX_PYTHON_BANNED_HOSTS", '');
+        banned_hosts = CONFIG.get("SANDBOX_PYTHON_BANNED_HOSTS", '').strip()
+        try:
+            if banned_hosts:
+                hostname = socket.gethostname()
+                local_ip = socket.gethostbyname(hostname)
+                banned_hosts = f"{banned_hosts},{hostname},{local_ip}"
+        except Exception:
+            pass
+        self.banned_hosts = banned_hosts
 
     def _createdir(self):
         old_mask = os.umask(0o077)