wanwu/deer-flow
1
0
Fork 0
mirror of https://gitee.com/wanwujie/deer-flow synced 2026-04-15 03:04:44 +08:00
Code Issues Packages Projects Releases Wiki Activity
1,559 Commits 15 Branches 0 Tags
copilot/sub-pr-983
Commit Graph

3 Commits

Author SHA1 Message Date
copilot-swe-agent[bot]
036035dae0 fix(sandbox): preserve PermissionError messages and allow /mnt/user-data root in resolve_local_tool_path 
Co-authored-by: WillemJiang <219644+WillemJiang@users.noreply.github.com>
 2026-03-06 02:18:35 +00:00
Willem Jiang
24a8ea76ee feat(sandbox): restrict risky absolute paths in local bash commands 
- validate absolute path usage in local-mode bash commands
- allow only /mnt/user-data virtual paths for user data access
- keep a small allowlist for system executable/device paths
- return clear permission errors for unsafe command paths
- add regression tests for bash path validation rules
 2026-03-05 22:13:06 +08:00
Willem Jiang
34e3f5c9d4 feat(sandbox): harden local file access and mask host paths 
- enforce local sandbox file tools to only accept /mnt/user-data paths
- add path traversal checks against thread workspace/uploads/outputs roots
- preserve requested virtual paths in tool error messages (no host path leaks)
- mask local absolute paths in bash output back to virtual sandbox paths
- update bash tool guidance to prefer thread-local venv + python -m pip
- add regression tests for path mapping, masking, and access restrictions

Fixes #968
 2026-03-05 22:07:45 +08:00