DBT/clawgo
1
0
Fork 0
mirror of https://github.com/YspCoder/clawgo.git synced 2026-04-28 08:47:38 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix shell allowlist initialization and add guard tests

Browse Source
This commit is contained in:
野生派Coder~
2026-02-14 09:49:48 +08:00
parent c58c4cf11a
commit 4bdc25c127
2 changed files with 25 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
pkg/tools/shell.go
View File

@@ -29,15 +29,21 @@ type ExecTool struct {
}
func NewExecTool(cfg config.ShellConfig, workspace string) *ExecTool {
denyPatterns := make([]*regexp.Regexp, 0)
denyPatterns := make([]*regexp.Regexp, 0, len(cfg.DeniedCmds))
for _, p := range cfg.DeniedCmds {
denyPatterns = append(denyPatterns, regexp.MustCompile(`\b`+regexp.QuoteMeta(p)+`\b`))
}
allowPatterns := make([]*regexp.Regexp, 0, len(cfg.AllowedCmds))
for _, p := range cfg.AllowedCmds {
allowPatterns = append(allowPatterns, regexp.MustCompile(`\b`+regexp.QuoteMeta(p)+`\b`))
}
return &ExecTool{
workingDir: workspace,
timeout: cfg.Timeout,
denyPatterns: denyPatterns,
allowPatterns: allowPatterns,
restrictToWorkspace: cfg.RestrictPath,
sandboxEnabled: cfg.Sandbox.Enabled,
sandboxImage: cfg.Sandbox.Image,