diff --git a/packages/cli/src/config/sandboxConfig.test.ts b/packages/cli/src/config/sandboxConfig.test.ts index 3ec0e6a5bb..34c97d6ecd 100644 --- a/packages/cli/src/config/sandboxConfig.test.ts +++ b/packages/cli/src/config/sandboxConfig.test.ts @@ -93,7 +93,7 @@ describe('loadSandboxConfig', () => { expect(config).toEqual({ enabled: true, allowedPaths: [], - networkAccess: false, + networkAccess: true, command: 'docker', image: 'default/image', }); @@ -122,7 +122,7 @@ describe('loadSandboxConfig', () => { expect(config).toEqual({ enabled: true, allowedPaths: [], - networkAccess: false, + networkAccess: true, command: 'lxc', image: 'default/image', }); @@ -148,7 +148,7 @@ describe('loadSandboxConfig', () => { expect(config).toEqual({ enabled: true, allowedPaths: [], - networkAccess: false, + networkAccess: true, command: 'sandbox-exec', image: 'default/image', }); @@ -161,7 +161,7 @@ describe('loadSandboxConfig', () => { expect(config).toEqual({ enabled: true, allowedPaths: [], - networkAccess: false, + networkAccess: true, command: 'sandbox-exec', image: 'default/image', }); @@ -174,7 +174,7 @@ describe('loadSandboxConfig', () => { expect(config).toEqual({ enabled: true, allowedPaths: [], - networkAccess: false, + networkAccess: true, command: 'docker', image: 'default/image', }); @@ -187,7 +187,7 @@ describe('loadSandboxConfig', () => { expect(config).toEqual({ enabled: true, allowedPaths: [], - networkAccess: false, + networkAccess: true, command: 'podman', image: 'default/image', }); @@ -210,7 +210,7 @@ describe('loadSandboxConfig', () => { expect(config).toEqual({ enabled: true, allowedPaths: [], - networkAccess: false, + networkAccess: true, command: 'podman', image: 'default/image', }); @@ -244,7 +244,7 @@ describe('loadSandboxConfig', () => { expect(config).toEqual({ enabled: true, allowedPaths: [], - networkAccess: false, + networkAccess: true, command: 'docker', image: 'env/image', }); @@ -257,7 +257,7 @@ describe('loadSandboxConfig', () => { expect(config).toEqual({ enabled: true, allowedPaths: [], - networkAccess: false, + networkAccess: true, command: 'docker', image: 'default/image', }); @@ -285,7 +285,7 @@ describe('loadSandboxConfig', () => { expect(config).toEqual({ enabled: true, allowedPaths: [], - networkAccess: false, + networkAccess: true, command: 'docker', image: 'default/image', }); @@ -339,7 +339,7 @@ describe('loadSandboxConfig', () => { enabled: true, command: 'podman', allowedPaths: [], - networkAccess: false, + networkAccess: true, }, }, }, @@ -356,7 +356,7 @@ describe('loadSandboxConfig', () => { enabled: true, image: 'custom/image', allowedPaths: [], - networkAccess: false, + networkAccess: true, }, }, }, @@ -372,7 +372,7 @@ describe('loadSandboxConfig', () => { sandbox: { enabled: false, allowedPaths: [], - networkAccess: false, + networkAccess: true, }, }, }, @@ -388,7 +388,7 @@ describe('loadSandboxConfig', () => { sandbox: { enabled: true, allowedPaths: ['/settings-path'], - networkAccess: false, + networkAccess: true, }, }, }, @@ -410,7 +410,7 @@ describe('loadSandboxConfig', () => { expect(config).toEqual({ enabled: true, allowedPaths: [], - networkAccess: false, + networkAccess: true, command: 'runsc', image: 'default/image', }); @@ -425,7 +425,7 @@ describe('loadSandboxConfig', () => { expect(config).toEqual({ enabled: true, allowedPaths: [], - networkAccess: false, + networkAccess: true, command: 'runsc', image: 'default/image', }); @@ -442,7 +442,7 @@ describe('loadSandboxConfig', () => { expect(config).toEqual({ enabled: true, allowedPaths: [], - networkAccess: false, + networkAccess: true, command: 'runsc', image: 'default/image', }); @@ -460,7 +460,7 @@ describe('loadSandboxConfig', () => { expect(config).toEqual({ enabled: true, allowedPaths: [], - networkAccess: false, + networkAccess: true, command: 'runsc', image: 'default/image', }); diff --git a/packages/cli/src/config/sandboxConfig.ts b/packages/cli/src/config/sandboxConfig.ts index 1a047760d3..07685e9bea 100644 --- a/packages/cli/src/config/sandboxConfig.ts +++ b/packages/cli/src/config/sandboxConfig.ts @@ -131,7 +131,7 @@ export async function loadSandboxConfig( let sandboxValue: boolean | string | null | undefined; let allowedPaths: string[] = []; - let networkAccess = false; + let networkAccess = true; let customImage: string | undefined; if ( @@ -142,7 +142,7 @@ export async function loadSandboxConfig( const config = sandboxOption; sandboxValue = config.enabled ? (config.command ?? true) : false; allowedPaths = config.allowedPaths ?? []; - networkAccess = config.networkAccess ?? false; + networkAccess = config.networkAccess ?? true; customImage = config.image; } else if (typeof sandboxOption !== 'object' || sandboxOption === null) { sandboxValue = sandboxOption; diff --git a/packages/core/src/sandbox/macos/MacOsSandboxManager.test.ts b/packages/core/src/sandbox/macos/MacOsSandboxManager.test.ts index 97d475e303..0940c69427 100644 --- a/packages/core/src/sandbox/macos/MacOsSandboxManager.test.ts +++ b/packages/core/src/sandbox/macos/MacOsSandboxManager.test.ts @@ -153,7 +153,10 @@ describe('MacOsSandboxManager', () => { SAFE_VAR: '1', GITHUB_TOKEN: 'sensitive', }, - policy: mockPolicy, + policy: { + ...mockPolicy, + sanitizationConfig: { enableEnvironmentVariableRedaction: true }, + }, }); expect(result.env['SAFE_VAR']).toBe('1'); diff --git a/packages/core/src/services/environmentSanitization.test.ts b/packages/core/src/services/environmentSanitization.test.ts index a7889ef0c2..e36f879f06 100644 --- a/packages/core/src/services/environmentSanitization.test.ts +++ b/packages/core/src/services/environmentSanitization.test.ts @@ -375,9 +375,9 @@ describe('sanitizeEnvironment', () => { }); describe('getSecureSanitizationConfig', () => { - it('should enable environment variable redaction by default', () => { + it('should default enableEnvironmentVariableRedaction to false', () => { const config = getSecureSanitizationConfig(); - expect(config.enableEnvironmentVariableRedaction).toBe(true); + expect(config.enableEnvironmentVariableRedaction).toBe(false); }); it('should merge allowed and blocked variables from base and requested configs', () => { @@ -440,13 +440,13 @@ describe('getSecureSanitizationConfig', () => { expect(config.blockedEnvironmentVariables).toEqual(['BLOCKED_VAR']); }); - it('should force enableEnvironmentVariableRedaction to true even if requested false', () => { + it('should respect requested enableEnvironmentVariableRedaction value', () => { const requestedConfig = { enableEnvironmentVariableRedaction: false, }; const config = getSecureSanitizationConfig(requestedConfig); - expect(config.enableEnvironmentVariableRedaction).toBe(true); + expect(config.enableEnvironmentVariableRedaction).toBe(false); }); }); diff --git a/packages/core/src/services/environmentSanitization.ts b/packages/core/src/services/environmentSanitization.ts index f3c5628607..eb95a91ca8 100644 --- a/packages/core/src/services/environmentSanitization.ts +++ b/packages/core/src/services/environmentSanitization.ts @@ -230,6 +230,9 @@ export function getSecureSanitizationConfig( allowedEnvironmentVariables: [...new Set(allowed)], blockedEnvironmentVariables: [...new Set(blocked)], // Redaction must be enabled for secure configurations - enableEnvironmentVariableRedaction: true, + enableEnvironmentVariableRedaction: + requestedConfig.enableEnvironmentVariableRedaction ?? + baseConfig?.enableEnvironmentVariableRedaction ?? + false, }; } diff --git a/packages/core/src/services/sandboxManager.test.ts b/packages/core/src/services/sandboxManager.test.ts index 9b1903ef3a..38d507769d 100644 --- a/packages/core/src/services/sandboxManager.test.ts +++ b/packages/core/src/services/sandboxManager.test.ts @@ -58,6 +58,11 @@ describe('NoopSandboxManager', () => { MY_SECRET: 'super-secret', SAFE_VAR: 'is-safe', }, + policy: { + sanitizationConfig: { + enableEnvironmentVariableRedaction: true, + }, + }, }; const result = await sandboxManager.prepareCommand(req); @@ -68,7 +73,7 @@ describe('NoopSandboxManager', () => { expect(result.env['MY_SECRET']).toBeUndefined(); }); - it('should NOT allow disabling environment variable redaction if requested in config (vulnerability fix)', async () => { + it('should allow disabling environment variable redaction if requested in config', async () => { const req = { command: 'echo', args: ['hello'], @@ -85,8 +90,8 @@ describe('NoopSandboxManager', () => { const result = await sandboxManager.prepareCommand(req); - // API_KEY should be redacted because SandboxManager forces redaction and API_KEY matches NEVER_ALLOWED_NAME_PATTERNS - expect(result.env['API_KEY']).toBeUndefined(); + // API_KEY should be preserved because redaction was explicitly disabled + expect(result.env['API_KEY']).toBe('sensitive-key'); }); it('should respect allowedEnvironmentVariables in config but filter sensitive ones', async () => { @@ -101,6 +106,7 @@ describe('NoopSandboxManager', () => { policy: { sanitizationConfig: { allowedEnvironmentVariables: ['MY_SAFE_VAR', 'MY_TOKEN'], + enableEnvironmentVariableRedaction: true, }, }, }; @@ -124,6 +130,7 @@ describe('NoopSandboxManager', () => { policy: { sanitizationConfig: { blockedEnvironmentVariables: ['BLOCKED_VAR'], + enableEnvironmentVariableRedaction: true, }, }, };