Skip to content

feat: prevent environment variable leaks from sandbox execution#58

Merged
harche merged 1 commit intomainfrom
harche/sandbox-server-hardening-18v
Feb 27, 2026
Merged

feat: prevent environment variable leaks from sandbox execution#58
harche merged 1 commit intomainfrom
harche/sandbox-server-hardening-18v

Conversation

@harche
Copy link
Owner

@harche harche commented Feb 27, 2026

Summary

  • Layer 1: Replace process.env in the sandbox VM context with Object.freeze({}) instead of the real process.env. Modules loaded via safeRequire() still access the real env through their own module scope, so this doesn't break module functionality.
  • Layer 2: Defense-in-depth output filter that scans each output line for sensitive env var values (≥8 chars, excluding known non-sensitive names/prefixes) before returning results. Blocks execution with a clear error if a leak is detected. Works across all execution modes: blocking, streaming, and test.
  • 24 new tests covering both layers: empty env, frozen env, env enumeration prevention, output leak detection via console/stdout/stderr/errors, streaming mode, test mode, false positive avoidance, and more.

Test plan

  • All 114 executor tests pass (including 24 new + all pre-existing)
  • Existing module tests (kubernetes, prometheus, simple-statistics) still pass with restricted process.env
  • Manual verification: submit code that tries to read process.env — should get undefined
  • Manual verification: if a sensitive value somehow appears in output, execution is blocked with error

🤖 Generated with Claude Code

@harche @claude
feat: prevent environment variable leaks from sandbox execution
10abec5 
Two-layer defense to prevent sensitive env vars from leaking through
sandbox code execution output:

Layer 1: Replace process.env in the sandbox with a frozen empty object.
Modules loaded via safeRequire() still access the real process.env
through their own module scope, so this doesn't break module functionality.

Layer 2: Defense-in-depth output filter that scans each output line
for sensitive env var values before returning results. Blocks execution
and returns an error if a match is detected. Works across all execution
modes (blocking, streaming, test).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@harche harche merged commit 81dbaca into main Feb 27, 2026
7 checks passed
@harche harche deleted the harche/sandbox-server-hardening-18v branch February 27, 2026 20:48
@harche harche mentioned this pull request Feb 27, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@harche