fix: quote sandbox names in shell commands to prevent truncation#90
Closed
WuKongAI-CMU wants to merge 1 commit intoNVIDIA:mainfrom
Closed
fix: quote sandbox names in shell commands to prevent truncation#90WuKongAI-CMU wants to merge 1 commit intoNVIDIA:mainfrom
WuKongAI-CMU wants to merge 1 commit intoNVIDIA:mainfrom
Conversation
On WSL and certain shell environments, unquoted sandbox names containing hyphens (e.g., "my-assistant") can be truncated or split by word splitting when passed to openshell commands via bash -c. This caused policy set to receive a single character instead of the full name (Fixes NVIDIA#21), and contributed to the unexpected 'mkdir' argument error on DGX Spark (NVIDIA#46). Changes: - Quote all sandbox name interpolations in openshell commands (sandbox delete, sandbox create --name, forward start, policy get, policy set) - Add validateSandboxName() to reject names with shell metacharacters or argument-injection patterns before they reach any command - Add regression tests for name validation including WSL-style hyphenated names Fixes NVIDIA#21 Fixes NVIDIA#46 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: peteryuqin <peter.yuqin@gmail.com>
4 tasks
Contributor
Author
|
Closing to reduce my open PR count below the repo policy limit and refocus on a smaller set of higher-signal changes. I can revive this branch later if it becomes the right path again. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
sandboxNameinterpolations in shell commands (openshell sandbox delete,sandbox create --name,forward start,policy get,policy set) to prevent word-splitting truncationvalidateSandboxName()that rejects names with shell metacharacters or argument-injection patterns before they reach any commandFixes #21 — WSL sandbox name truncation where
my-assistantbecomesmFixes #46 — DGX Spark step 7/7 failure where
openshell policy setreceives unexpectedmkdirargument due to unquoted nameRoot cause
All
openshellcommands inonboard.jsandpolicies.jsinterpolated${sandboxName}without shell quotes into strings executed viabash -c. On WSL and other environments with different argument-parsing behavior, hyphens or special characters caused word splitting.Test plan
node --test test/sandbox-name.test.js test/policies.test.js)🤖 Generated with Claude Code