monadical/greywall
Archived
13
0
Fork 0
Code Issues Pull Requests 1 Actions 2 Packages Projects Releases Wiki Activity
This repository has been archived on 2026-03-13. You can view files and clone it. You cannot open issues or pull requests or push a commit.
Files
da3a2ac3a46adc0e0c07c253640d9796945c503c
greywall/internal/sandbox/utils.go
Mathieu Virbel da3a2ac3a4 rename Fence to Greywall as GreyHaven sandboxing component 
Rebrand the project from Fence to Greywall, the sandboxing layer of the
GreyHaven platform. This updates:

- Go module path to gitea.app.monadical.io/monadical/greywall
- Binary name, CLI help text, and all usage examples
- Config paths (~/.config/greywall/greywall.json), env vars (GREYWALL_*)
- Log prefixes ([greywall:*]), temp file prefixes (greywall-*)
- All documentation, scripts, CI workflows, and example files
- README rewritten with GreyHaven branding and Fence attribution

Directory/file renames: cmd/fence → cmd/greywall, pkg/fence → pkg/greywall,
docs/why-fence.md → docs/why-greywall.md, example JSON files, and banner.
2026-02-10 16:00:24 -06:00

106 lines
2.5 KiB
Go
Raw Blame History

package sandbox
import (
"encoding/base64"
"os"
"path/filepath"
"strings"
)
// ContainsGlobChars checks if a path pattern contains glob characters.
func ContainsGlobChars(pattern string) bool {
return strings.ContainsAny(pattern, "*?[]")
}
// RemoveTrailingGlobSuffix removes trailing /** from a path pattern.
func RemoveTrailingGlobSuffix(pattern string) string {
return strings.TrimSuffix(pattern, "/**")
}
// NormalizePath normalizes a path for sandbox configuration.
// Handles tilde expansion and relative paths.
func NormalizePath(pathPattern string) string {
home, _ := os.UserHomeDir()
cwd, _ := os.Getwd()
normalized := pathPattern
// Expand ~ and relative paths
switch {
case pathPattern == "~":
normalized = home
case strings.HasPrefix(pathPattern, "~/"):
normalized = filepath.Join(home, pathPattern[2:])
case strings.HasPrefix(pathPattern, "./"), strings.HasPrefix(pathPattern, "../"):
normalized, _ = filepath.Abs(filepath.Join(cwd, pathPattern))
case !filepath.IsAbs(pathPattern) && !ContainsGlobChars(pathPattern):
normalized, _ = filepath.Abs(filepath.Join(cwd, pathPattern))
}
// For non-glob patterns, try to resolve symlinks
if !ContainsGlobChars(normalized) {
if resolved, err := filepath.EvalSymlinks(normalized); err == nil {
return resolved
}
}
return normalized
}
// GenerateProxyEnvVars creates environment variables for proxy configuration.
// Used on macOS where transparent proxying is not available.
func GenerateProxyEnvVars(proxyURL string) []string {
envVars := []string{
"GREYWALL_SANDBOX=1",
"TMPDIR=/tmp/greywall",
}
if proxyURL == "" {
return envVars
}
// NO_PROXY for localhost and private networks
noProxy := strings.Join([]string{
"localhost",
"127.0.0.1",
"::1",
"*.local",
".local",
"169.254.0.0/16",
"10.0.0.0/8",
"172.16.0.0/12",
"192.168.0.0/16",
}, ",")
envVars = append(envVars,
"NO_PROXY="+noProxy,
"no_proxy="+noProxy,
"ALL_PROXY="+proxyURL,
"all_proxy="+proxyURL,
"HTTP_PROXY="+proxyURL,
"HTTPS_PROXY="+proxyURL,
"http_proxy="+proxyURL,
"https_proxy="+proxyURL,
)
return envVars
}
// EncodeSandboxedCommand encodes a command for sandbox monitoring.
func EncodeSandboxedCommand(command string) string {
if len(command) > 100 {
command = command[:100]
}
return base64.StdEncoding.EncodeToString([]byte(command))
}
// DecodeSandboxedCommand decodes a base64-encoded command.
func DecodeSandboxedCommand(encoded string) (string, error) {
data, err := base64.StdEncoding.DecodeString(encoded)
if err != nil {
return "", err
}
return string(data), nil
}
Reference in New Issue View Git Blame Copy Permalink