refactor: rename MAXKB_SANDBOX_PYTHON_ALLOW_HOSTS_REGEXES to MAXKB_SANDBOX_PYTHON_ALLOW_HOST_REGEXES

liqiang-fit2cloud · liqiang-fit2cloud · commit 6e39df454c19 · 2025-11-06T11:23:09.000+08:00
diff --git a/apps/common/utils/tool_code.py b/apps/common/utils/tool_code.py
@@ -28,7 +28,7 @@ def __init__(self, sandbox=False):
         if self.sandbox:
             os.system(f"chown -R {self.user}:root {self.sandbox_path}")
         self.banned_keywords = CONFIG.get("SANDBOX_PYTHON_BANNED_KEYWORDS", 'nothing_is_banned').split(',');
-        self.allow_hosts_regexes = CONFIG.get("SANDBOX_PYTHON_ALLOW_HOSTS_REGEXES", '');
+        self.allow_host_regexes = CONFIG.get("SANDBOX_PYTHON_ALLOW_HOST_REGEXES", '');
 
     def _createdir(self):
         old_mask = os.umask(0o077)
@@ -183,7 +183,7 @@ def get_tool_mcp_config(self, code, params):
                 'cwd': self.sandbox_path,
                 'env': {
                     'LD_PRELOAD': '/opt/maxkb-app/sandbox/sandbox.so',
-                    'SANDBOX_ALLOW_HOSTS_REGEXES': self.allow_hosts_regexes,
+                    'SANDBOX_ALLOW_HOST_REGEXES': self.allow_host_regexes,
                 },
                 'transport': 'stdio',
             }
@@ -203,7 +203,7 @@ def _exec_sandbox(self, _code, _id):
         kwargs = {'cwd': BASE_DIR}
         kwargs['env'] = {
             'LD_PRELOAD': '/opt/maxkb-app/sandbox/sandbox.so',
-            'SANDBOX_ALLOW_HOSTS_REGEXES': self.allow_hosts_regexes,
+            'SANDBOX_ALLOW_HOST_REGEXES': self.allow_host_regexes,
         }
         subprocess_result = subprocess.run(
             ['su', '-s', python_directory, '-c', "exec(open('" + exec_python_file + "').read())", self.user],
diff --git a/installer/Dockerfile-base b/installer/Dockerfile-base
@@ -47,7 +47,7 @@ ENV PATH=/opt/py3/bin:$PATH \
     MAXKB_SANDBOX=1 \
     MAXKB_SANDBOX_PYTHON_PACKAGE_PATHS="/opt/py3/lib/python3.11/site-packages,/opt/maxkb-app/sandbox/python-packages,/opt/maxkb/python-packages" \
     MAXKB_SANDBOX_PYTHON_BANNED_KEYWORDS="subprocess.,system(,exec(,execve(,pty.,eval(,compile(,shutil.,input(,__import__" \
-    MAXKB_SANDBOX_PYTHON_ALLOW_HOSTS_REGEXES=".*,!=127\.0\.0\.1,!=localhost,!=maxkb,!=pgsql,!=redis" \
+    MAXKB_SANDBOX_PYTHON_ALLOW_HOST_REGEXES=".*,!=127\.0\.0\.1,!=localhost,!=maxkb,!=pgsql,!=redis" \
     MAXKB_ADMIN_PATH=/admin
 
 EXPOSE 6379
diff --git a/installer/sandbox.c b/installer/sandbox.c
@@ -65,7 +65,7 @@ static int is_allowed_by_env(const char *target, const char *env_val) {
 
 /** 检查逻辑封装 */
 static int check_host(const char *host) {
-    const char *env = getenv("SANDBOX_ALLOW_HOSTS_REGEXES");
+    const char *env = getenv("SANDBOX_ALLOW_HOST_REGEXES");
     return is_allowed_by_env(host, env);
 }
 

Original file line number	Diff line number	Diff line change
`@@ -65,7 +65,7 @@ static int is_allowed_by_env(const char target, const char env_val) {`
`65`	`65`
`66`	`66`	`/** 检查逻辑封装 */`
`67`	`67`	`static int check_host(const char *host) {`
`68`		`- const char *env = getenv("SANDBOX_ALLOW_HOSTS_REGEXES");`
	`68`	`+ const char *env = getenv("SANDBOX_ALLOW_HOST_REGEXES");`
`69`	`69`	`return is_allowed_by_env(host, env);`
`70`	`70`	`}`
`71`	`71`