Skip to content

workflows: add some os things to sandbox whitelist, only restrict callables#143

Merged
msullivan merged 3 commits into
mainfrom
sandbox-tweaks
Jun 24, 2026
Merged

workflows: add some os things to sandbox whitelist, only restrict callables#143
msullivan merged 3 commits into
mainfrom
sandbox-tweaks

Conversation

@msullivan

@msullivan msullivan commented Jun 23, 2026

Copy link
Copy Markdown
Contributor

shutil, pathlib and third-party rich were both failing to import due
to sandbox interactions with os.

I'm adding getenv, getcwd, and PathLike to the whitelist.

I've also made it so that we only restrict callables, since we were
restricting the set os.supports_dir_fd which was breaking some
stuff. (We could also have added it to the whitelist but this seems a
little more general, though we will want to further generalize it
later.)

@msullivan
workflows: add some os things to sandbox whitelist, only restrict cal…
81322a1 
…lables

shutil, pathlib and third-party rich were both failing to import due
to sandbox interactions with os.

I'm adding getenv, getcwd, and PathLike to the whitelist.

I've also made it so that we only restrict callables, since we were
restricting the set `os.supports_dir_fd` which was breaking some
stuff. (We could also have added it to the whitelist but this seems a
little more general, though we will want to further generalize it
later.)
@msullivan msullivan requested a review from fantix June 23, 2026 20:48
@vercel

vercel Bot commented Jun 23, 2026
edited
Loading

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
vercel-py Ready Ready Preview Jun 23, 2026 11:39pm

Request Review

@msullivan
tests: getcwd is now allowed in sandbox
ec82993 
The sandbox allowlist now permits os.getcwd(); update the test to
match the new behavior instead of asserting it raises.
fantix
fantix approved these changes Jun 24, 2026
View reviewed changes

@fantix fantix left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@msullivan msullivan merged commit ebf5e85 into main Jun 24, 2026
13 checks passed
@msullivan msullivan deleted the sandbox-tweaks branch June 24, 2026 17:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@fantix fantix fantix approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@msullivan @fantix