clone/codex
1
0
Fork 0
mirror of https://github.com/openai/codex.git synced 2026-04-28 00:25:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

Spread AbsolutePathBuf (#17792)

Browse Source 
Mechanical change to promote absolute paths through code.
This commit is contained in:
pakrym-oai
2026-04-14 14:26:10 -07:00
committed by GitHub
parent dae56994da
commit dd1321d11b
166 changed files with 1638 additions and 1214 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
codex-rs/exec/tests/suite/sandbox.rs
View File

@@ -2,11 +2,10 @@
use codex_core::spawn::StdioPolicy;
use codex_protocol::protocol::SandboxPolicy;
use codex_utils_absolute_path::AbsolutePathBuf;
use codex_utils_absolute_path::test_support::PathBufExt;
use std::collections::HashMap;
use std::future::Future;
use std::io;
use std::path::Path;
use std::path::PathBuf;
use std::process::ExitStatus;
use tokio::fs::create_dir_all;
use tokio::process::Child;
@@ -14,9 +13,9 @@ use tokio::process::Child;
#[cfg(target_os = "macos")]
async fn spawn_command_under_sandbox(
command: Vec<String>,
command_cwd: PathBuf,
command_cwd: AbsolutePathBuf,
sandbox_policy: &SandboxPolicy,
sandbox_cwd: &Path,
sandbox_cwd: &AbsolutePathBuf,
stdio_policy: StdioPolicy,
env: HashMap<String, String>,
) -> std::io::Result<Child> {
@@ -36,9 +35,9 @@ async fn spawn_command_under_sandbox(
#[cfg(target_os = "linux")]
async fn spawn_command_under_sandbox(
command: Vec<String>,
command_cwd: PathBuf,
command_cwd: AbsolutePathBuf,
sandbox_policy: &SandboxPolicy,
sandbox_cwd: &Path,
sandbox_cwd: &AbsolutePathBuf,
stdio_policy: StdioPolicy,
env: HashMap<String, String>,
) -> std::io::Result<Child> {
@@ -67,13 +66,11 @@ async fn spawn_command_under_sandbox(
/// (for example on kernels or container profiles where Landlock is not
/// enforced).
async fn linux_sandbox_test_env() -> Option<HashMap<String, String>> {
let command_cwd = std::env::current_dir().ok()?;
let command_cwd = AbsolutePathBuf::current_dir().ok()?;
let sandbox_cwd = command_cwd.clone();
let policy = SandboxPolicy::new_read_only_policy();
if can_apply_linux_sandbox_policy(&policy, &command_cwd, sandbox_cwd.as_path(), HashMap::new())
.await
{
if can_apply_linux_sandbox_policy(&policy, &command_cwd, &sandbox_cwd, HashMap::new()).await {
return Some(HashMap::new());
}
@@ -89,13 +86,13 @@ async fn linux_sandbox_test_env() -> Option<HashMap<String, String>> {
/// Landlock enforcement is actually active.
async fn can_apply_linux_sandbox_policy(
policy: &SandboxPolicy,
command_cwd: &Path,
sandbox_cwd: &Path,
command_cwd: &AbsolutePathBuf,
sandbox_cwd: &AbsolutePathBuf,
env: HashMap<String, String>,
) -> bool {
let spawn_result = spawn_command_under_sandbox(
vec!["/usr/bin/true".to_string()],
command_cwd.to_path_buf(),
command_cwd.clone(),
policy,
sandbox_cwd,
StdioPolicy::RedirectForShellTool,
@@ -155,7 +152,7 @@ if __name__ == '__main__':
p.join()
"#;
let command_cwd = std::env::current_dir().expect("should be able to get current dir");
let command_cwd = AbsolutePathBuf::current_dir().expect("should be able to get current dir");
let sandbox_cwd = command_cwd.clone();
let mut child = spawn_command_under_sandbox(
vec![
@@ -165,7 +162,7 @@ if __name__ == '__main__':
],
command_cwd,
&policy,
sandbox_cwd.as_path(),
&sandbox_cwd,
StdioPolicy::Inherit,
sandbox_env,
)
@@ -197,7 +194,7 @@ async fn python_getpwuid_works_under_sandbox() {
}
let policy = SandboxPolicy::new_read_only_policy();
let command_cwd = std::env::current_dir().expect("should be able to get current dir");
let command_cwd = AbsolutePathBuf::current_dir().expect("should be able to get current dir");
let sandbox_cwd = command_cwd.clone();
let mut child = spawn_command_under_sandbox(
@@ -208,7 +205,7 @@ async fn python_getpwuid_works_under_sandbox() {
],
command_cwd,
&policy,
sandbox_cwd.as_path(),
&sandbox_cwd,
StdioPolicy::RedirectForShellTool,
sandbox_env,
)
@@ -234,12 +231,13 @@ async fn sandbox_distinguishes_command_and_policy_cwds() {
let sandbox_env = HashMap::new();
let temp = tempfile::tempdir().expect("should be able to create temp dir");
let sandbox_root = temp.path().join("sandbox");
let command_root = temp.path().join("command");
let command_root = temp.path().join("command").abs();
create_dir_all(&sandbox_root).await.expect("mkdir");
create_dir_all(&command_root).await.expect("mkdir");
let canonical_sandbox_root = tokio::fs::canonicalize(&sandbox_root)
.await
.expect("canonicalize sandbox root");
.expect("canonicalize sandbox root")
.abs();
let canonical_allowed_path = canonical_sandbox_root.join("allowed.txt");
let disallowed_path = command_root.join("forbidden.txt");
@@ -264,7 +262,7 @@ async fn sandbox_distinguishes_command_and_policy_cwds() {
],
command_root.clone(),
&policy,
canonical_sandbox_root.as_path(),
&canonical_sandbox_root,
StdioPolicy::Inherit,
sandbox_env.clone(),
)
@@ -295,7 +293,7 @@ async fn sandbox_distinguishes_command_and_policy_cwds() {
],
command_root,
&policy,
canonical_sandbox_root.as_path(),
&canonical_sandbox_root,
StdioPolicy::Inherit,
sandbox_env,
)
@@ -325,7 +323,7 @@ async fn sandbox_blocks_first_time_dot_codex_creation() {
let sandbox_env = HashMap::new();
let temp = tempfile::tempdir().expect("should be able to create temp dir");
let repo_root = temp.path().join("repo");
let repo_root = temp.path().join("repo").abs();
create_dir_all(&repo_root).await.expect("mkdir repo");
let dot_codex = repo_root.join(".codex");
let config_toml = dot_codex.join("config.toml");
@@ -346,7 +344,7 @@ async fn sandbox_blocks_first_time_dot_codex_creation() {
],
repo_root.clone(),
&policy,
repo_root.as_path(),
&repo_root,
StdioPolicy::RedirectForShellTool,
sandbox_env,
)
@@ -493,13 +491,14 @@ where
cmds.push(test_selector.into());
// Your existing launcher:
let command_cwd = std::env::current_dir().expect("should be able to get current dir");
let command_cwd =
AbsolutePathBuf::current_dir().expect("should be able to get current dir");
let sandbox_cwd = command_cwd.clone();
let mut child = spawn_command_under_sandbox(
cmds,
command_cwd,
policy,
sandbox_cwd.as_path(),
&sandbox_cwd,
stdio_policy,
HashMap::from([("IN_SANDBOX".into(), "1".into())]),
)