mirror of
https://github.com/openai/codex.git
synced 2026-04-25 23:24:55 +00:00
75 lines
1.8 KiB
Rust
75 lines
1.8 KiB
Rust
#![cfg(windows)]
|
|
|
|
use std::collections::HashMap;
|
|
use std::path::PathBuf;
|
|
|
|
use codex_core::exec::ExecParams;
|
|
use codex_core::exec::SandboxType;
|
|
use codex_core::exec::process_exec_tool_call;
|
|
use codex_core::protocol::SandboxPolicy;
|
|
use codex_core::safety::set_windows_sandbox_enabled;
|
|
|
|
struct WindowsSandboxGuard;
|
|
|
|
impl WindowsSandboxGuard {
|
|
fn enable() -> Self {
|
|
set_windows_sandbox_enabled(true);
|
|
Self
|
|
}
|
|
}
|
|
|
|
impl Drop for WindowsSandboxGuard {
|
|
fn drop(&mut self) {
|
|
set_windows_sandbox_enabled(false);
|
|
}
|
|
}
|
|
|
|
fn windows_workspace_policy(root: &PathBuf) -> SandboxPolicy {
|
|
SandboxPolicy::WorkspaceWrite {
|
|
writable_roots: vec![root.clone()],
|
|
network_access: false,
|
|
exclude_tmpdir_env_var: true,
|
|
exclude_slash_tmp: true,
|
|
}
|
|
}
|
|
|
|
#[tokio::test]
|
|
async fn exec_tool_uses_windows_sandbox() {
|
|
let _guard = WindowsSandboxGuard::enable();
|
|
let temp = tempfile::tempdir().expect("tempdir");
|
|
let cwd = temp.path().to_path_buf();
|
|
let policy = windows_workspace_policy(&cwd);
|
|
let params = ExecParams {
|
|
command: vec![
|
|
"cmd.exe".to_string(),
|
|
"/C".to_string(),
|
|
"set CODEX_SANDBOX".to_string(),
|
|
],
|
|
cwd: cwd.clone(),
|
|
timeout_ms: None,
|
|
env: HashMap::new(),
|
|
with_escalated_permissions: None,
|
|
justification: None,
|
|
};
|
|
|
|
let output = process_exec_tool_call(
|
|
params,
|
|
SandboxType::WindowsAppContainer,
|
|
&policy,
|
|
temp.path(),
|
|
&None,
|
|
None,
|
|
)
|
|
.await
|
|
.expect("exec output");
|
|
|
|
assert_eq!(output.exit_code, 0);
|
|
assert!(
|
|
output
|
|
.aggregated_output
|
|
.text
|
|
.to_lowercase()
|
|
.contains("codex_sandbox=windows_appcontainer")
|
|
);
|
|
}
|