core-lead/molecule-core
1
0
Fork 0
forked from molecule-ai/molecule-core
Code Pull Requests Activity
23f32b22ca
molecule-core/workspace-template/tests/adapters
History
Molecule AI Backend Engineer 054226e39f fix(security): allowlist-based env sanitization for LocalPythonExecutor (#826) 
Replace denylist approach with strict allowlist: only PATH, HOME, LANG,
PYTHONPATH, WORKSPACE_ID, WORKSPACE_NAME, PLATFORM_URL (and a small set
of locale/Python runtime vars) pass through to agent-executed code.  Every
other env var — including ANTHROPIC_API_KEY, GH_TOKEN, DATABASE_URL,
REDIS_URL, *_SECRET, *_PASSWORD — is stripped from os.environ for the
duration of SafeLocalPythonExecutor.__call__ and restored on exit.

- make_safe_env() is a pure read (never mutates os.environ)
- _ENV_PATCH_LOCK serialises concurrent calls for thread safety
- os.environ fully restored even on exception (try/finally)
- 38 unit tests covering all secret categories, thread safety, import
  restrictions, and env-restore guarantees

Closes #826
Sub-issue of #804

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-17 21:54:11 +00:00
..
smolagents fix(security): allowlist-based env sanitization for LocalPythonExecutor (#826) 2026-04-17 21:54:11 +00:00
__init__.py fix(security): allowlist-based env sanitization for LocalPythonExecutor (#826) 2026-04-17 21:54:11 +00:00