feat: add MAXKB_SANDBOX_PYTHON_BANNED_HOSTS env to ban host for sandbox in tools code.

Author: liqiang-fit2cloud

apps/common/utils/tool_code.py

@@ -54,8 +54,8 @@ def exec_code(self, code_str, keywords):
     path_to_exclude = ['/opt/py3/lib/python3.11/site-packages', '/opt/maxkb-app/apps']
     sys.path = [p for p in sys.path if p not in path_to_exclude]
     sys.path += {python_paths}
+    os.environ['MAXKB_SANDBOX_PYTHON_BANNED_HOSTS'] = '{self.banned_hosts}'
     os.environ['LD_PRELOAD'] = '/opt/maxkb-app/sandbox/sandbox.so'
-    os.environ['SANDBOX_BANNED_HOSTS'] = {self.banned_hosts}
     locals_v={'{}'}
     keywords={keywords}
     globals_v=globals()
@@ -162,8 +162,8 @@ def generate_mcp_server_code(self, code_str, params):
 path_to_exclude = ['/opt/py3/lib/python3.11/site-packages', '/opt/maxkb-app/apps']
 sys.path = [p for p in sys.path if p not in path_to_exclude]
 sys.path += {python_paths}
+os.environ['MAXKB_SANDBOX_PYTHON_BANNED_HOSTS'] = '{self.banned_hosts}'
 os.environ['LD_PRELOAD'] = '/opt/maxkb-app/sandbox/sandbox.so'
-os.environ['SANDBOX_BANNED_HOSTS'] = {self.banned_hosts}
 exec({dedent(code)!a})
 """
 

installer/sandbox.c

@@ -8,7 +8,7 @@
 #include <regex.h>
 #include <unistd.h>
 
-static const char *ENV_NAME = "SANDBOX_BANNED_HOSTS";
+static const char *ENV_NAME = "MAXKB_SANDBOX_PYTHON_BANNED_HOSTS";
 
 static int match_env_patterns(const char *target, const char *env_val) {
     if (!target || !env_val || !*env_val) return 0;