292ba596d2
* fix(sandbox): URL路径被误判为不安全绝对路径 (#1385) 在本地沙箱模式下,bash工具对命令做绝对路径安全校验时,会把curl命令中的 HTTPS URL(如 https://example.com/api/v1/check)误识别为本地绝对路径并拦截。 根因:_ABSOLUTE_PATH_PATTERN 正则的负向后行断言 (?<![:\w]) 只排除了冒号和 单词字符,但 :// 中第二个斜杠前面是第一个斜杠(/),不在排除列表中,导致 //example.com/api/... 被匹配为绝对路径 /example.com/api/...。 修复:在负向后行断言中增加斜杠字符,改为 (?<![:\w/]),使得 :// 中的连续 斜杠不会触发绝对路径匹配。同时补充了URL相关的单元测试用例。 Signed-off-by: moose-lab <moose-lab@users.noreply.github.com> * fix(sandbox): refine absolute path regex to preserve file:// defense-in-depth Change lookbehind from (?<![:\w/]) to (?<![:\w])(?<!:/) so only the second slash in :// sequences is excluded. This keeps URL paths from false-positiving while still letting the regex detect /etc/passwd in file:///etc/passwd. Also add explicit file:// URL blocking and tests. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Signed-off-by: moose-lab <moose-lab@users.noreply.github.com> Co-authored-by: moose-lab <moose-lab@users.noreply.github.com> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Co-authored-by: Willem Jiang <willem.jiang@gmail.com> |
||
|---|---|---|
| .. | ||
| agents | ||
| community | ||
| config | ||
| guardrails | ||
| mcp | ||
| models | ||
| reflection | ||
| runtime | ||
| sandbox | ||
| skills | ||
| subagents | ||
| tools | ||
| tracing | ||
| uploads | ||
| utils | ||
| __init__.py | ||
| client.py | ||