Skip to content

Commit fdff04a

Browse files
koki-developclaude
andcommitted
refactor: rename sandbox working directory from /code to /sandbox
Co-Authored-By: Claude <noreply@anthropic.com>
1 parent ea4626a commit fdff04a

14 files changed

Lines changed: 59 additions & 59 deletions

e2e/tests/runtime/node.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -261,8 +261,8 @@ tests:
261261
body:
262262
run:
263263
stdout: ""
264-
stderr: "/^/code/index\\.js:1\nthrow new Error\\(\"something went wrong\"\\);\n\\^\n\nError: something went wrong\n at Object\\.<anonymous> \\(/code/index\\.js:1:7\\)\n[\\s\\S]*Node\\.js v[\\d.]+\n$/"
265-
output: "/^/code/index\\.js:1\nthrow new Error\\(\"something went wrong\"\\);\n\\^\n\nError: something went wrong\n at Object\\.<anonymous> \\(/code/index\\.js:1:7\\)\n[\\s\\S]*Node\\.js v[\\d.]+\n$/"
264+
stderr: "/^/sandbox/index\\.js:1\nthrow new Error\\(\"something went wrong\"\\);\n\\^\n\nError: something went wrong\n at Object\\.<anonymous> \\(/sandbox/index\\.js:1:7\\)\n[\\s\\S]*Node\\.js v[\\d.]+\n$/"
265+
output: "/^/sandbox/index\\.js:1\nthrow new Error\\(\"something went wrong\"\\);\n\\^\n\nError: something went wrong\n at Object\\.<anonymous> \\(/sandbox/index\\.js:1:7\\)\n[\\s\\S]*Node\\.js v[\\d.]+\n$/"
266266
exit_code: 1
267267
status: "OK"
268268
signal: null

e2e/tests/runtime/ruby.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -254,8 +254,8 @@ tests:
254254
body:
255255
run:
256256
stdout: ""
257-
stderr: "/code/main.rb:1:in '<main>': something went wrong (RuntimeError)\n"
258-
output: "/code/main.rb:1:in '<main>': something went wrong (RuntimeError)\n"
257+
stderr: "/sandbox/main.rb:1:in '<main>': something went wrong (RuntimeError)\n"
258+
output: "/sandbox/main.rb:1:in '<main>': something went wrong (RuntimeError)\n"
259259
exit_code: 1
260260
status: "OK"
261261
signal: null

e2e/tests/security/bind_mount_flags.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -80,15 +80,15 @@ tests:
8080
status: "OK"
8181
signal: null
8282

83-
- name: "/code bind mount has nosuid and nodev flags"
83+
- name: "/sandbox bind mount has nosuid and nodev flags"
8484
requests:
8585
- input:
8686
runtime: bash
8787
files:
8888
- name: main.sh
8989
type: plain
9090
content: |
91-
grep ' /code ' /proc/mounts | tr ' ' '\n' | sed -n '4p' | tr ',' '\n' | grep -E '^(nosuid|nodev)$' | sort
91+
grep ' /sandbox ' /proc/mounts | tr ' ' '\n' | sed -n '4p' | tr ',' '\n' | grep -E '^(nosuid|nodev)$' | sort
9292
output:
9393
status: 200
9494
body:

e2e/tests/security/filesystem.yml

Lines changed: 12 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -61,8 +61,8 @@ tests:
6161
body:
6262
run:
6363
stdout: ""
64-
stderr: "/code/main.sh: line 1: /lib/test: Read-only file system\n"
65-
output: "/code/main.sh: line 1: /lib/test: Read-only file system\n"
64+
stderr: "/sandbox/main.sh: line 1: /lib/test: Read-only file system\n"
65+
output: "/sandbox/main.sh: line 1: /lib/test: Read-only file system\n"
6666
exit_code: 1
6767
status: "OK"
6868
signal: null
@@ -81,8 +81,8 @@ tests:
8181
body:
8282
run:
8383
stdout: ""
84-
stderr: "/code/main.sh: line 1: /usr/bin/test: Read-only file system\n"
85-
output: "/code/main.sh: line 1: /usr/bin/test: Read-only file system\n"
84+
stderr: "/sandbox/main.sh: line 1: /usr/bin/test: Read-only file system\n"
85+
output: "/sandbox/main.sh: line 1: /usr/bin/test: Read-only file system\n"
8686
exit_code: 1
8787
status: "OK"
8888
signal: null
@@ -102,8 +102,8 @@ tests:
102102
body:
103103
run:
104104
stdout: ""
105-
stderr: "/code/main.sh: line 1: /lib64/test: Read-only file system\n"
106-
output: "/code/main.sh: line 1: /lib64/test: Read-only file system\n"
105+
stderr: "/sandbox/main.sh: line 1: /lib64/test: Read-only file system\n"
106+
output: "/sandbox/main.sh: line 1: /lib64/test: Read-only file system\n"
107107
exit_code: 1
108108
status: "OK"
109109
signal: null
@@ -123,8 +123,8 @@ tests:
123123
body:
124124
run:
125125
stdout: ""
126-
stderr: "/code/main.sh: line 1: /lib64/test: Not a directory\n"
127-
output: "/code/main.sh: line 1: /lib64/test: Not a directory\n"
126+
stderr: "/sandbox/main.sh: line 1: /lib64/test: Not a directory\n"
127+
output: "/sandbox/main.sh: line 1: /lib64/test: Not a directory\n"
128128
exit_code: 1
129129
status: "OK"
130130
signal: null
@@ -191,8 +191,8 @@ tests:
191191
body:
192192
run:
193193
stdout: ""
194-
stderr: "/code/main.sh: line 1: /proc/self/oom_score_adj: Read-only file system\n"
195-
output: "/code/main.sh: line 1: /proc/self/oom_score_adj: Read-only file system\n"
194+
stderr: "/sandbox/main.sh: line 1: /proc/self/oom_score_adj: Read-only file system\n"
195+
output: "/sandbox/main.sh: line 1: /proc/self/oom_score_adj: Read-only file system\n"
196196
exit_code: 1
197197
status: "OK"
198198
signal: null
@@ -232,8 +232,8 @@ tests:
232232
body:
233233
run:
234234
stdout: ""
235-
stderr: "/^/code/main\\.rb:\\d+:.*Read-only file system @ rb_sysopen - /mise/installs/ruby/[\\d.]+/test \\(Errno::EROFS\\)\\n\\tfrom /code/main\\.rb:\\d+:.*\\n$/"
236-
output: "/^/code/main\\.rb:\\d+:.*Read-only file system @ rb_sysopen - /mise/installs/ruby/[\\d.]+/test \\(Errno::EROFS\\)\\n\\tfrom /code/main\\.rb:\\d+:.*\\n$/"
235+
stderr: "/^/sandbox/main\\.rb:\\d+:.*Read-only file system @ rb_sysopen - /mise/installs/ruby/[\\d.]+/test \\(Errno::EROFS\\)\\n\\tfrom /sandbox/main\\.rb:\\d+:.*\\n$/"
236+
output: "/^/sandbox/main\\.rb:\\d+:.*Read-only file system @ rb_sysopen - /mise/installs/ruby/[\\d.]+/test \\(Errno::EROFS\\)\\n\\tfrom /sandbox/main\\.rb:\\d+:.*\\n$/"
237237
exit_code: 1
238238
status: "OK"
239239
signal: null

e2e/tests/security/filesystem_advanced.yml

Lines changed: 11 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -19,37 +19,37 @@ tests:
1919
status: "OK"
2020
signal: null
2121

22-
- name: "device node creation in /code is blocked (no CAP_MKNOD)"
22+
- name: "device node creation in /sandbox is blocked (no CAP_MKNOD)"
2323
requests:
2424
- input:
2525
runtime: bash
2626
files:
2727
- name: main.sh
2828
type: plain
2929
content: |
30-
mknod /code/urandom c 1 9
30+
mknod /sandbox/urandom c 1 9
3131
output:
3232
status: 200
3333
body:
3434
run:
3535
stdout: ""
36-
stderr: "mknod: /code/urandom: Operation not permitted\n"
37-
output: "mknod: /code/urandom: Operation not permitted\n"
36+
stderr: "mknod: /sandbox/urandom: Operation not permitted\n"
37+
output: "mknod: /sandbox/urandom: Operation not permitted\n"
3838
exit_code: 1
3939
status: "OK"
4040
signal: null
4141

42-
- name: "SUID bit set in /code does not grant elevated privileges"
42+
- name: "SUID bit set in /sandbox does not grant elevated privileges"
4343
requests:
4444
- input:
4545
runtime: bash
4646
files:
4747
- name: main.sh
4848
type: plain
4949
content: |
50-
cp /usr/bin/id /code/suid-id
51-
chmod 4755 /code/suid-id 2>/dev/null
52-
/code/suid-id
50+
cp /usr/bin/id /sandbox/suid-id
51+
chmod 4755 /sandbox/suid-id 2>/dev/null
52+
/sandbox/suid-id
5353
output:
5454
status: 200
5555
body:
@@ -69,14 +69,14 @@ tests:
6969
- name: main.sh
7070
type: plain
7171
content: |
72-
echo test > /tmp/srcfile && ln /tmp/srcfile /code/crosslink
72+
echo test > /tmp/srcfile && ln /tmp/srcfile /sandbox/crosslink
7373
output:
7474
status: 200
7575
body:
7676
run:
7777
stdout: ""
78-
stderr: "ln: failed to create hard link '/code/crosslink' => '/tmp/srcfile': Invalid cross-device link\n"
79-
output: "ln: failed to create hard link '/code/crosslink' => '/tmp/srcfile': Invalid cross-device link\n"
78+
stderr: "ln: failed to create hard link '/sandbox/crosslink' => '/tmp/srcfile': Invalid cross-device link\n"
79+
output: "ln: failed to create hard link '/sandbox/crosslink' => '/tmp/srcfile': Invalid cross-device link\n"
8080
exit_code: 1
8181
status: "OK"
8282
signal: null

e2e/tests/security/network_advanced.yml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -14,8 +14,8 @@ tests:
1414
body:
1515
run:
1616
stdout: ""
17-
stderr: "/code/main.rb:2:in 'Socket#initialize': Operation not permitted - socket(2) (Errno::EPERM)\n\tfrom /code/main.rb:2:in 'IO.new'\n\tfrom /code/main.rb:2:in '<main>'\n"
18-
output: "/code/main.rb:2:in 'Socket#initialize': Operation not permitted - socket(2) (Errno::EPERM)\n\tfrom /code/main.rb:2:in 'IO.new'\n\tfrom /code/main.rb:2:in '<main>'\n"
17+
stderr: "/sandbox/main.rb:2:in 'Socket#initialize': Operation not permitted - socket(2) (Errno::EPERM)\n\tfrom /sandbox/main.rb:2:in 'IO.new'\n\tfrom /sandbox/main.rb:2:in '<main>'\n"
18+
output: "/sandbox/main.rb:2:in 'Socket#initialize': Operation not permitted - socket(2) (Errno::EPERM)\n\tfrom /sandbox/main.rb:2:in 'IO.new'\n\tfrom /sandbox/main.rb:2:in '<main>'\n"
1919
exit_code: 1
2020
status: "OK"
2121
signal: null
@@ -35,8 +35,8 @@ tests:
3535
body:
3636
run:
3737
stdout: ""
38-
stderr: "/code/main.rb:2:in 'UNIXSocket#initialize': No such file or directory - connect(2) for /run/docker.sock (Errno::ENOENT)\n\tfrom /code/main.rb:2:in 'IO.new'\n\tfrom /code/main.rb:2:in '<main>'\n"
39-
output: "/code/main.rb:2:in 'UNIXSocket#initialize': No such file or directory - connect(2) for /run/docker.sock (Errno::ENOENT)\n\tfrom /code/main.rb:2:in 'IO.new'\n\tfrom /code/main.rb:2:in '<main>'\n"
38+
stderr: "/sandbox/main.rb:2:in 'UNIXSocket#initialize': No such file or directory - connect(2) for /run/docker.sock (Errno::ENOENT)\n\tfrom /sandbox/main.rb:2:in 'IO.new'\n\tfrom /sandbox/main.rb:2:in '<main>'\n"
39+
output: "/sandbox/main.rb:2:in 'UNIXSocket#initialize': No such file or directory - connect(2) for /run/docker.sock (Errno::ENOENT)\n\tfrom /sandbox/main.rb:2:in 'IO.new'\n\tfrom /sandbox/main.rb:2:in '<main>'\n"
4040
exit_code: 1
4141
status: "OK"
4242
signal: null

e2e/tests/security/proc.yml

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -13,8 +13,8 @@ tests:
1313
body:
1414
run:
1515
stdout: ""
16-
stderr: "/code/main.sh: line 1: /proc/sysrq-trigger: Read-only file system\n"
17-
output: "/code/main.sh: line 1: /proc/sysrq-trigger: Read-only file system\n"
16+
stderr: "/sandbox/main.sh: line 1: /proc/sysrq-trigger: Read-only file system\n"
17+
output: "/sandbox/main.sh: line 1: /proc/sysrq-trigger: Read-only file system\n"
1818
exit_code: 1
1919
status: "OK"
2020
signal: null
@@ -33,8 +33,8 @@ tests:
3333
body:
3434
run:
3535
stdout: ""
36-
stderr: "/code/main.sh: line 1: /proc/self/mem: Read-only file system\n"
37-
output: "/code/main.sh: line 1: /proc/self/mem: Read-only file system\n"
36+
stderr: "/sandbox/main.sh: line 1: /proc/self/mem: Read-only file system\n"
37+
output: "/sandbox/main.sh: line 1: /proc/self/mem: Read-only file system\n"
3838
exit_code: 1
3939
status: "OK"
4040
signal: null
@@ -53,8 +53,8 @@ tests:
5353
body:
5454
run:
5555
stdout: ""
56-
stderr: "/code/main.sh: line 1: /proc/sys/kernel/randomize_va_space: Read-only file system\n"
57-
output: "/code/main.sh: line 1: /proc/sys/kernel/randomize_va_space: Read-only file system\n"
56+
stderr: "/sandbox/main.sh: line 1: /proc/sys/kernel/randomize_va_space: Read-only file system\n"
57+
output: "/sandbox/main.sh: line 1: /proc/sys/kernel/randomize_va_space: Read-only file system\n"
5858
exit_code: 1
5959
status: "OK"
6060
signal: null

e2e/tests/security/resource_exhaustion.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -45,8 +45,8 @@ tests:
4545
body:
4646
run:
4747
stdout: ""
48-
stderr: "/^/code/main\\.sh: line \\d+: echo: write error: No space left on device\n$/"
49-
output: "/^/code/main\\.sh: line \\d+: echo: write error: No space left on device\n$/"
48+
stderr: "/^/sandbox/main\\.sh: line \\d+: echo: write error: No space left on device\n$/"
49+
output: "/^/sandbox/main\\.sh: line \\d+: echo: write error: No space left on device\n$/"
5050
exit_code: 1
5151
status: "OK"
5252
signal: null

e2e/tests/security/rlimit.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -183,8 +183,8 @@ tests:
183183
body:
184184
run:
185185
stdout: ""
186-
stderr: "/^(/code/main\\.sh: fork: retry: Resource temporarily unavailable\n)+$/"
187-
output: "/^(/code/main\\.sh: fork: retry: Resource temporarily unavailable\n)+$/"
186+
stderr: "/^(/sandbox/main\\.sh: fork: retry: Resource temporarily unavailable\n)+$/"
187+
output: "/^(/sandbox/main\\.sh: fork: retry: Resource temporarily unavailable\n)+$/"
188188
exit_code: 0
189189
status: "OK"
190190
signal: null

e2e/tests/security/tmpfs_mount_flags.yml

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -47,9 +47,9 @@ tests:
4747
- name: main.sh
4848
type: plain
4949
content: |
50-
cp /usr/bin/id /code/suid-id
51-
chmod 4755 /code/suid-id
52-
/code/suid-id
50+
cp /usr/bin/id /sandbox/suid-id
51+
chmod 4755 /sandbox/suid-id
52+
/sandbox/suid-id
5353
output:
5454
status: 200
5555
body:
@@ -77,8 +77,8 @@ tests:
7777
body:
7878
run:
7979
stdout: ""
80-
stderr: "/code/main.sh: line 3: /tmp/test-exec: Permission denied\n"
81-
output: "/code/main.sh: line 3: /tmp/test-exec: Permission denied\n"
80+
stderr: "/sandbox/main.sh: line 3: /tmp/test-exec: Permission denied\n"
81+
output: "/sandbox/main.sh: line 3: /tmp/test-exec: Permission denied\n"
8282
exit_code: 126
8383
status: "OK"
8484
signal: null

0 commit comments

Comments
 (0)