R7_iZPSrSSKrSSKrSSKJrJrJrJr SSKJ r "SS5r g)u1 沙箱配置 定义工具执行的安全限制 N)ListSetOptionalTuple)Pathc\rSrSrSr1Skr1Skr1Skr/SQrS)S\ \ S \ \ S \ \ S \ \ S \ \ S \ S\ S\ S\ 4Sjjr \S*S\\S\4Sjj5r\S*S\ \ S\\S\ \ 4Sjj5rS*S\\S\\4SjjrS\ S\4SjrS\ S\4SjrS\ S\ S\ \ 4SjrS \ S\ S\4S!jrS*S\ S\\ S\4S"jjrS\ S\ 4S#jr\S+S$\ S%\ S\\SS4S&jj5r\S*S%\ S\\SS4S'jj5rS(r g), SandboxConfigu3沙箱配置类 定义工具执行的安全边界 >C[cdcplsmvpsrmshsstrwcawkcatcutenvgitnpmpippwdsedtarteetopzipbashcurldatediffechofindgrepgzipheadkilllesslsofmorenodeopenperlpip3rubysorttailtesttrueuniqwgetchmodfalsemkdirpatchpkillsleeptouchunzipwhichxargsdockergunzipprintfpythonnetstatpython3timeoutwhereisdocker-compose>gorcshphpzshr#fishjavar0r2r4rustcnodejsrHpython2rJ>suinitmkfssudochownfdiskpasswdrebootserviceshutdown systemctldd if=> /dev/rm -rf / kill -9 1 rm -rf /* chmod 777 /)z rm\s+-rf\s+/z rm\s+-rf\s+\*zsudo\s+zchmod\s+777\s+/Nallowed_directoriesallowed_write_directoriesallowed_commandsblocked_commandsknowledge_executable_dirs max_file_sizemax_output_sizecommand_timeoutdocker_timeoutc  U=(d /UlUbUO URUlU=(d URR5UlU=(d [ 5UlU=(d /UlX`lXpl Xl Xl g)u初始化沙箱配置 Args: allowed_directories: 允许读取/访问的目录列表(用于读取、列表等操作) allowed_write_directories: 允许写入的目录列表(用于写入操作,如果为None则使用allowed_directories) allowed_commands: 允许执行的命令集合 blocked_commands: 显式禁止的命令集合 knowledge_executable_dirs: 知识库可执行目录范围(相对 data/) max_file_size: 最大文件大小(字节) max_output_size: 最大输出大小(字节) command_timeout: 普通命令超时时间(秒) docker_timeout: Docker 命令超时时间(秒) N) rhriDEFAULT_ALLOWED_COMMANDScopyrjsetrkrlrmrnrorp) selfrhrirjrkrlrmrnrorps  2NaSZS`^` a !=b  !s25A  A pathsbase_dirc/nU=(d /Hhn[U5nUR5(dU(aX- R5nOUR5nUR[ U55 Mj U$![ a M{f=f)u$将相对路径解析为绝对路径)r is_absoluteresolveappendstrr)rrresolvedppath_objs rv_resolve_pathsSandboxConfig._resolve_pathss"A 7++--( ( 3<<>H'//1HH .  sA$A<< B  B policycU(dgURS5n[U[5(a]UVs/sHoD(dM UR5PM nnSU;a S1UlO&[ UR5[ U5-UlURS5n[U[5(a7[ UVs/sHoD(dM UR5PM sn5UlURS5n[U[5(aQU(aJURXr5n[[RUR=(d /U-55Ul URS5n [U [5(aQU (aJURX5n[[RUR=(d /U-55Ul [URSUR5=(d UR5Ul [URSUR5=(d UR5Ul[URS UR5=(d UR5Ul[URS UR 5=(d UR 5Ulgs snfs snf) u!应用策略到当前沙箱实例Nrj*rkallowed_read_dirsallowed_write_dirsrmrnrorp)get isinstanceliststriprjrtrkrdictfromkeysrhriintrmrnrorp) rurrpolicy_allowedcmdcleanedpolicy_blocked read_dirsextra write_dirss rv apply_policySandboxConfig.apply_policys  $67 nd + +.<Dns{syy{nGDg~),%(+D,A,A(BS\(Q% $67 nd + +$'(VRU(V$WD !JJ23 i & &9'' "   rcommand working_dirc /nUR5R5nU(dU$[U5S:aUSnUSnSU;a[RR U5OUnXpR ;aCSU;d,URS5(dURS5(aURU5 USnSU;d,URS5(dURS5(aURU5 U$)u从命令中提取所有可能的可执行文件路径 处理多种情况: - python3 data/scripts/choice.py → ['data/scripts/choice.py'] - ./data/utils/tool → ['data/utils/tool'] - bash data/scripts/helper.sh arg1 → ['data/scripts/helper.sh'] - node data/scripts/process.js → ['data/scripts/process.js'] - ./data/scripts/executable → ['data/scripts/executable'] Args: command: 命令字符串 working_dir: 工作目录(用于解析相对路径) Returns: 可执行文件路径列表 r/./../) rsplitlenosrbasenameKNOWN_INTERPRETERS startswithr)rurrrpartsfirstsecondfirst_basenames rv_extract_executable_paths'SandboxConfig._extract_executable_pathss" %%'L u:?!HE1XF9L"l2/1ww/?/? /M +t/D/DD',0J<.Xc.d'd d#,9TEZEZ1Z',0J<.Xo.p'p p&3$$&EQxH#x':':4'@'@WPXEXh77++H5000 2IJJJ91F1F!F 2IJJJe,hrycZSUR5;a UR$UR$)uh获取命令的超时时间 Args: command: 命令字符串 Returns: 超时时间(秒) rE)lowerrpro)rurs rv get_timeoutSandboxConfig.get_timeouts* w}} &&& &###ryoutput_base_dir category_idc[[5RRRRRnUS- n[U5S/nS/nU(aUR [U55 O(U(a!XR- S- nUR [U55 U"UUSSS9n U R U=(d UR 5US9 U $)u,创建用于 CTF 题目生成的沙箱配置ge10/tmpoutput,Xrhrirorpr)r__file__parentrrrr) clsrrr project_rootge10_dirrrcategory_output_dirsandboxs rvcreate_for_ctf_generation'SandboxConfig.create_for_ctf_generationsH~,,33::AAHH &( M   %X   % %c/&: ; "*"88"C   % %c*=&> ? 1&8   V8s'8<Pryc4[[5RRRRRnUS- nXA- S- n[U5S/n[U5S/nU"UUSSS9nUR U=(d UR 5US9 U$)u7创建用于知识库管理/命令执行的沙箱配置rdatarrrrr)rr r rrr) r rrr r data_dirrrrs rvcreate_for_knowledge_base'SandboxConfig.create_for_knowledge_base!sH~,,33::AAHH &()F2 ]F3!(mV4 1&8   V8s'8<Pry) rjrhrirkrorprlrmrn) NNNNNii@rr)N)NNN)!__name__ __module__ __qualname____firstlineno____doc__rrrrrrrrrrw staticmethodrrrrrrboolrrrrtuplerr classmethodrr__static_attributes__ryrvr r s<  D**./3%)%)/3-#"!"-!#Y"-$(9"-c( "- c( "- $(9 "-"-"-"-"-H!Xd^!t!! d3i 8D> TRUY  #l8D>#lXd^#lJCD>#$>**3*4PS9*XAsAQTAY]AFB#BHSMBUZBH $3 $3 $QTemnres@O@C$[jryr ) rrrtypingrrrrpathlibrr r!ryrvr$s'  --ddry