Skip to content

Commit efeaa20

Browse files
dylan-mccarthydylan-mccarthy
committed
fix(security): replace 2 generic catches in SandboxExecutorService.cs
- ExecuteAsync: added Win32Exception, TimeoutException, InvalidOperationException, IOException handlers - KillProcessTree: added Win32Exception, InvalidOperationException, NotSupportedException handlers Refs: E7-T1 (34/39 catches fixed)
1 parent 0ed20f1 commit efeaa20

File tree

1 file changed

+86
-2
lines changed

1 file changed

+86
-2
lines changed

src/Node.Runtime/Services/SandboxExecutorService.cs

Lines changed: 86 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -233,11 +233,83 @@ public async Task<AgentExecutionResult> ExecuteAsync(
233233

234234
throw;
235235
}
236+
catch (System.ComponentModel.Win32Exception ex)
237+
{
238+
stopwatch.Stop();
239+
_logger.LogError(ex, "Process execution error for agent {AgentId} in sandbox", spec.AgentId);
240+
241+
if (process != null && !process.HasExited)
242+
{
243+
KillProcessTree(process);
244+
}
245+
246+
return new AgentExecutionResult
247+
{
248+
Success = false,
249+
Error = $"Process error: {ex.Message}",
250+
Duration = stopwatch.Elapsed,
251+
Metadata = new Dictionary<string, object>()
252+
};
253+
}
254+
catch (TimeoutException ex)
255+
{
256+
stopwatch.Stop();
257+
_logger.LogError(ex, "Sandbox execution timeout for agent {AgentId}", spec.AgentId);
258+
259+
if (process != null && !process.HasExited)
260+
{
261+
KillProcessTree(process);
262+
}
263+
264+
return new AgentExecutionResult
265+
{
266+
Success = false,
267+
Error = "Execution timeout",
268+
Duration = stopwatch.Elapsed,
269+
Metadata = new Dictionary<string, object>()
270+
};
271+
}
272+
catch (InvalidOperationException ex)
273+
{
274+
stopwatch.Stop();
275+
_logger.LogError(ex, "Invalid operation during sandbox execution for agent {AgentId}", spec.AgentId);
276+
277+
if (process != null && !process.HasExited)
278+
{
279+
KillProcessTree(process);
280+
}
281+
282+
return new AgentExecutionResult
283+
{
284+
Success = false,
285+
Error = ex.Message,
286+
Duration = stopwatch.Elapsed,
287+
Metadata = new Dictionary<string, object>()
288+
};
289+
}
290+
catch (IOException ex)
291+
{
292+
stopwatch.Stop();
293+
_logger.LogError(ex, "I/O error during sandbox execution for agent {AgentId}", spec.AgentId);
294+
295+
if (process != null && !process.HasExited)
296+
{
297+
KillProcessTree(process);
298+
}
299+
300+
return new AgentExecutionResult
301+
{
302+
Success = false,
303+
Error = $"I/O error: {ex.Message}",
304+
Duration = stopwatch.Elapsed,
305+
Metadata = new Dictionary<string, object>()
306+
};
307+
}
236308
catch (Exception ex)
237309
{
238310
stopwatch.Stop();
239311

240-
_logger.LogError(ex, "Error executing agent {AgentId} in sandbox", spec.AgentId);
312+
_logger.LogError(ex, "Unexpected error executing agent {AgentId} in sandbox", spec.AgentId);
241313

242314
if (process != null && !process.HasExited)
243315
{
@@ -287,9 +359,21 @@ private void KillProcessTree(Process process)
287359
_logger.LogDebug("Killed sandbox process {ProcessId} and its children", process.Id);
288360
}
289361
}
362+
catch (System.ComponentModel.Win32Exception ex)
363+
{
364+
_logger.LogWarning(ex, "Win32 error killing sandbox process {ProcessId}", process.Id);
365+
}
366+
catch (InvalidOperationException ex)
367+
{
368+
_logger.LogWarning(ex, "Invalid operation killing sandbox process {ProcessId}", process.Id);
369+
}
370+
catch (NotSupportedException ex)
371+
{
372+
_logger.LogWarning(ex, "Kill not supported for sandbox process {ProcessId}", process.Id);
373+
}
290374
catch (Exception ex)
291375
{
292-
_logger.LogWarning(ex, "Error killing sandbox process {ProcessId}", process.Id);
376+
_logger.LogWarning(ex, "Unexpected error killing sandbox process {ProcessId}", process.Id);
293377
}
294378
}
295379

0 commit comments

Comments
 (0)