feat(security): 新增工具沙箱安全机制
为所有工具插件添加沙箱拦截层,防止危险的文件访问、Shell命令和Python代码执行。 包含配置文件、核心校验逻辑及31个单元测试。 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -0,0 +1,46 @@
|
||||
# KiloStar 沙箱安全策略配置
|
||||
sandbox:
|
||||
enabled: true
|
||||
|
||||
# 文件系统沙箱
|
||||
filesystem:
|
||||
workspace_root: "/tmp/kilostar_workspace"
|
||||
allowed_read_paths:
|
||||
- "/tmp"
|
||||
denied_paths:
|
||||
- "/etc/shadow"
|
||||
- "/etc/passwd"
|
||||
- "/root"
|
||||
|
||||
# Shell 命令沙箱
|
||||
shell:
|
||||
enabled: true
|
||||
blocked_commands:
|
||||
- "rm -rf /"
|
||||
- "mkfs"
|
||||
- "dd "
|
||||
- "shutdown"
|
||||
- "reboot"
|
||||
blocked_operators:
|
||||
- "&&"
|
||||
- "||"
|
||||
- ";"
|
||||
- "`"
|
||||
- "$("
|
||||
max_timeout: 60
|
||||
|
||||
# Python 执行器沙箱
|
||||
python_executor:
|
||||
enabled: true
|
||||
max_timeout: 30
|
||||
blocked_imports:
|
||||
- "os"
|
||||
- "subprocess"
|
||||
- "shutil"
|
||||
- "socket"
|
||||
- "ctypes"
|
||||
blocked_builtins:
|
||||
- "exec"
|
||||
- "eval"
|
||||
- "compile"
|
||||
- "__import__"
|
||||
Reference in New Issue
Block a user