mrtoth/agent-sandbox
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Ensure passing relative paths to CLI works

Browse Source
This commit is contained in:
Kristóf Tóth
2026-03-20 21:36:55 +01:00
parent 94535b20d3
commit 4112288a30
2 changed files with 66 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
src/main.rs
View File

@@ -1,5 +1,5 @@
use std::ffi::{OsStr, OsString}; use std::ffi::{OsStr, OsString};
use std::path::PathBuf; use std::path::{Path, PathBuf};
use std::process; use std::process;
use clap::Parser; use clap::Parser;
@@ -67,8 +67,16 @@ fn main() {
mode, mode,
hardened: args.hardened, hardened: args.hardened,
no_net: args.no_net, no_net: args.no_net,
extra_rw: args.extra_rw, extra_rw: args
extra_ro: args.extra_ro, .extra_rw
.iter()
.map(|p| canonicalize_or_exit(p))
.collect(),
extra_ro: args
.extra_ro
.iter()
.map(|p| canonicalize_or_exit(p))
.collect(),
command, command,
command_args, command_args,
chdir, chdir,
@@ -104,7 +112,7 @@ fn assert_binary_exists(name: &OsStr) -> PathBuf {
fn assert_chdir(explicit: Option<PathBuf>) -> PathBuf { fn assert_chdir(explicit: Option<PathBuf>) -> PathBuf {
if let Some(p) = explicit { if let Some(p) = explicit {
return p; return canonicalize_or_exit(&p);
} }
match std::env::current_dir() { match std::env::current_dir() {
Ok(p) => p, Ok(p) => p,
@@ -118,6 +126,13 @@ fn assert_chdir(explicit: Option<PathBuf>) -> PathBuf {
} }
} }
fn canonicalize_or_exit(p: &Path) -> PathBuf {
std::fs::canonicalize(p).unwrap_or_else(|e| {
eprintln!("error: cannot resolve path '{}': {e}", p.display());
process::exit(1);
})
}
fn resolve_binary(name: &OsStr) -> Option<PathBuf> { fn resolve_binary(name: &OsStr) -> Option<PathBuf> {
let path = PathBuf::from(name); let path = PathBuf::from(name);
if path.is_absolute() || path.components().count() > 1 { if path.is_absolute() || path.components().count() > 1 {

47
tests/integration.rs
View File

@@ -237,6 +237,53 @@ fn blacklist_overlays_survive_tmp_bind() {
); );
} }
#[test]
fn relative_chdir_works() {
let output = sandbox(&["--chdir", "src"])
.args(["--", "bash", "-c", "pwd"])
.output()
.expect("agent-sandbox binary failed to execute");
assert!(
output.status.success(),
"relative --chdir should work, stderr: {}",
String::from_utf8_lossy(&output.stderr)
);
let stdout = String::from_utf8_lossy(&output.stdout).trim().to_string();
assert!(
stdout.ends_with("/src"),
"expected cwd ending in /src, got: {stdout}"
);
}
#[test]
fn relative_rw_path_works() {
let output = sandbox(&["--rw", "src"])
.args(["--", "bash", "-c", "echo ok"])
.output()
.expect("agent-sandbox binary failed to execute");
assert!(
output.status.success(),
"relative --rw should work, stderr: {}",
String::from_utf8_lossy(&output.stderr)
);
}
#[test]
fn relative_ro_path_works() {
let output = sandbox(&["--ro", "src"])
.args(["--", "bash", "-c", "echo ok"])
.output()
.expect("agent-sandbox binary failed to execute");
assert!(
output.status.success(),
"relative --ro should work, stderr: {}",
String::from_utf8_lossy(&output.stderr)
);
}
#[test] #[test]
fn rw_missing_path_errors() { fn rw_missing_path_errors() {
let output = sandbox(&["--rw", "/nonexistent/xyz"]) let output = sandbox(&["--rw", "/nonexistent/xyz"])