Improve sandbox error matching and caching (#24550)

2026-05-12 12:54:07 -07:00 · 2026-04-07 21:08:18 +00:00
parent 9637fb3990
commit adf7b3b717
10 changed files with 324 additions and 51 deletions
@@ -27,11 +27,16 @@ import {
  verifySandboxOverrides,
  getCommandName,
 } from '../utils/commandUtils.js';
+import { assertValidPathString } from '../../utils/paths.js';
 import {
  isKnownSafeCommand,
  isDangerousCommand,
 } from '../utils/commandSafety.js';
-import { parsePosixSandboxDenials } from '../utils/sandboxDenialUtils.js';
+import {
+  parsePosixSandboxDenials,
+  createSandboxDenialCache,
+  type SandboxDenialCache,
+} from '../utils/sandboxDenialUtils.js';
 import { handleReadWriteCommands } from '../utils/sandboxReadWriteUtils.js';
 import { buildBwrapArgs } from './bwrapArgsBuilder.js';

@@ -108,6 +113,7 @@ function getSeccompBpfPath(): string {
 * Ensures a file or directory exists.
 */
 function touch(filePath: string, isDirectory: boolean) {
+  assertValidPathString(filePath);
  try {
    // If it exists (even as a broken symlink), do nothing
    if (fs.lstatSync(filePath)) return;
@@ -129,6 +135,7 @@ function touch(filePath: string, isDirectory: boolean) {

 export class LinuxSandboxManager implements SandboxManager {
  private static maskFilePath: string | undefined;
+  private readonly denialCache: SandboxDenialCache = createSandboxDenialCache();

  constructor(private readonly options: GlobalSandboxOptions) {}

@@ -141,7 +148,7 @@ export class LinuxSandboxManager implements SandboxManager {
  }

  parseDenials(result: ShellExecutionResult): ParsedSandboxDenial | undefined {
-    return parsePosixSandboxDenials(result);
+    return parsePosixSandboxDenials(result, this.denialCache);
  }

  getWorkspace(): string {