github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-10 18:14:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor(sandbox): share bind parsing and host-path policy checks

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-24 15:04:40 +00:00
parent 0e155690be
commit 13bfe7faa6
6 changed files with 196 additions and 107 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
src/agents/sandbox/fs-paths.ts
View File

@@ -1,6 +1,8 @@
import path from "node:path";
import { resolveSandboxInputPath, resolveSandboxPath } from "../sandbox-paths.js";
import { splitSandboxBindSpec } from "./bind-spec.js";
import { SANDBOX_AGENT_WORKSPACE_MOUNT } from "./constants.js";
import { resolveSandboxHostPathViaExistingAncestor } from "./host-paths.js";
import type { SandboxContext } from "./types.js";
export type SandboxFsMount = {
@@ -23,19 +25,13 @@ type ParsedBindMount = {
writable: boolean;
};
type SplitBindSpec = {
host: string;
container: string;
options: string;
};
export function parseSandboxBindMount(spec: string): ParsedBindMount | null {
const trimmed = spec.trim();
if (!trimmed) {
return null;
}
const parsed = splitBindSpec(trimmed);
const parsed = splitSandboxBindSpec(trimmed);
if (!parsed) {
return null;
}
@@ -60,35 +56,6 @@ export function parseSandboxBindMount(spec: string): ParsedBindMount | null {
};
}
function splitBindSpec(spec: string): SplitBindSpec | null {
const separator = getHostContainerSeparatorIndex(spec);
if (separator === -1) {
return null;
}
const host = spec.slice(0, separator);
const rest = spec.slice(separator + 1);
const optionsStart = rest.indexOf(":");
if (optionsStart === -1) {
return { host, container: rest, options: "" };
}
return {
host,
container: rest.slice(0, optionsStart),
options: rest.slice(optionsStart + 1),
};
}
function getHostContainerSeparatorIndex(spec: string): number {
const hasDriveLetterPrefix = /^[A-Za-z]:[\\/]/.test(spec);
for (let i = hasDriveLetterPrefix ? 2 : 0; i < spec.length; i += 1) {
if (spec[i] === ":") {
return i;
}
}
return -1;
}
export function buildSandboxFsMounts(sandbox: SandboxContext): SandboxFsMount[] {
const mounts: SandboxFsMount[] = [
{
@@ -259,7 +226,9 @@ function isPathInsidePosix(root: string, target: string): boolean {
}
function isPathInsideHost(root: string, target: string): boolean {
const rel = path.relative(root, target);
const canonicalRoot = resolveSandboxHostPathViaExistingAncestor(path.resolve(root));
const canonicalTarget = resolveSandboxHostPathViaExistingAncestor(path.resolve(target));
const rel = path.relative(canonicalRoot, canonicalTarget);
if (!rel) {
return true;
}