mirror of
https://github.com/HKUDS/nanobot.git
synced 2026-04-11 13:43:37 +00:00
0e6331b66d
Add allowed_env_keys config field to selectively forward host environment variables (e.g. GOPATH, JAVA_HOME) into the sandboxed subprocess environment, while keeping the default allow-list unchanged.
77 lines
2.6 KiB
Python
77 lines
2.6 KiB
Python
"""Tests for exec tool environment isolation."""
|
|
|
|
import sys
|
|
|
|
import pytest
|
|
|
|
from nanobot.agent.tools.shell import ExecTool
|
|
|
|
_UNIX_ONLY = pytest.mark.skipif(sys.platform == "win32", reason="Unix shell commands")
|
|
|
|
|
|
@_UNIX_ONLY
|
|
@pytest.mark.asyncio
|
|
async def test_exec_does_not_leak_parent_env(monkeypatch):
|
|
"""Env vars from the parent process must not be visible to commands."""
|
|
monkeypatch.setenv("NANOBOT_SECRET_TOKEN", "super-secret-value")
|
|
tool = ExecTool()
|
|
result = await tool.execute(command="printenv NANOBOT_SECRET_TOKEN")
|
|
assert "super-secret-value" not in result
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_exec_has_working_path():
|
|
"""Basic commands should be available via the login shell's PATH."""
|
|
tool = ExecTool()
|
|
result = await tool.execute(command="echo hello")
|
|
assert "hello" in result
|
|
|
|
|
|
@_UNIX_ONLY
|
|
@pytest.mark.asyncio
|
|
async def test_exec_path_append():
|
|
"""The pathAppend config should be available in the command's PATH."""
|
|
tool = ExecTool(path_append="/opt/custom/bin")
|
|
result = await tool.execute(command="echo $PATH")
|
|
assert "/opt/custom/bin" in result
|
|
|
|
|
|
@_UNIX_ONLY
|
|
@pytest.mark.asyncio
|
|
async def test_exec_path_append_preserves_system_path():
|
|
"""pathAppend must not clobber standard system paths."""
|
|
tool = ExecTool(path_append="/opt/custom/bin")
|
|
result = await tool.execute(command="ls /")
|
|
assert "Exit code: 0" in result
|
|
|
|
|
|
@_UNIX_ONLY
|
|
@pytest.mark.asyncio
|
|
async def test_exec_allowed_env_keys_passthrough(monkeypatch):
|
|
"""Env vars listed in allowed_env_keys should be visible to commands."""
|
|
monkeypatch.setenv("MY_CUSTOM_VAR", "hello-from-config")
|
|
tool = ExecTool(allowed_env_keys=["MY_CUSTOM_VAR"])
|
|
result = await tool.execute(command="printenv MY_CUSTOM_VAR")
|
|
assert "hello-from-config" in result
|
|
|
|
|
|
@_UNIX_ONLY
|
|
@pytest.mark.asyncio
|
|
async def test_exec_allowed_env_keys_does_not_leak_others(monkeypatch):
|
|
"""Env vars NOT in allowed_env_keys should still be blocked."""
|
|
monkeypatch.setenv("MY_CUSTOM_VAR", "hello-from-config")
|
|
monkeypatch.setenv("MY_SECRET_VAR", "secret-value")
|
|
tool = ExecTool(allowed_env_keys=["MY_CUSTOM_VAR"])
|
|
result = await tool.execute(command="printenv MY_SECRET_VAR")
|
|
assert "secret-value" not in result
|
|
|
|
|
|
@_UNIX_ONLY
|
|
@pytest.mark.asyncio
|
|
async def test_exec_allowed_env_keys_missing_var_ignored(monkeypatch):
|
|
"""If an allowed key is not set in the parent process, it should be silently skipped."""
|
|
monkeypatch.delenv("NONEXISTENT_VAR_12345", raising=False)
|
|
tool = ExecTool(allowed_env_keys=["NONEXISTENT_VAR_12345"])
|
|
result = await tool.execute(command="printenv NONEXISTENT_VAR_12345")
|
|
assert "Exit code: 1" in result
|