mirror of
https://github.com/pchuan98/codex.git
synced 2026-07-01 00:31:56 +08:00
33fa952426
## Summary This fixes a stale-environment path in shell snapshot restoration. A sandboxed command can source a shell snapshot that was captured while an older proxy process was running. If that proxy has died and come back on a different port, the snapshot can otherwise put old proxy values back into the command environment, which is how tools like `pip` end up talking to a dead proxy. The wrapper now captures the live process environment before sourcing the snapshot and then restores or clears every proxy env var from the proxy crate's canonical list. That makes proxy state after shell snapshot restoration match the current command environment, rather than whatever proxy values happened to be present in the snapshot. On macOS, the Codex-generated `GIT_SSH_COMMAND` is refreshed when the SOCKS listener changes, while custom SSH wrappers are still left alone. --------- Co-authored-by: Codex <noreply@openai.com>
63 lines
2.0 KiB
Rust
63 lines
2.0 KiB
Rust
#![deny(clippy::print_stdout, clippy::print_stderr)]
|
|
|
|
mod certs;
|
|
mod config;
|
|
mod http_proxy;
|
|
mod mitm;
|
|
mod network_policy;
|
|
mod policy;
|
|
mod proxy;
|
|
mod reasons;
|
|
mod responses;
|
|
mod runtime;
|
|
mod socks5;
|
|
mod state;
|
|
mod upstream;
|
|
|
|
pub use config::NetworkDomainPermission;
|
|
pub use config::NetworkDomainPermissionEntry;
|
|
pub use config::NetworkDomainPermissions;
|
|
pub use config::NetworkMode;
|
|
pub use config::NetworkProxyConfig;
|
|
pub use config::NetworkUnixSocketPermission;
|
|
pub use config::NetworkUnixSocketPermissions;
|
|
pub use config::host_and_port_from_network_addr;
|
|
pub use network_policy::NetworkDecision;
|
|
pub use network_policy::NetworkDecisionSource;
|
|
pub use network_policy::NetworkPolicyDecider;
|
|
pub use network_policy::NetworkPolicyDecision;
|
|
pub use network_policy::NetworkPolicyRequest;
|
|
pub use network_policy::NetworkPolicyRequestArgs;
|
|
pub use network_policy::NetworkProtocol;
|
|
pub use policy::normalize_host;
|
|
pub use proxy::ALL_PROXY_ENV_KEYS;
|
|
pub use proxy::ALLOW_LOCAL_BINDING_ENV_KEY;
|
|
pub use proxy::Args;
|
|
#[cfg(target_os = "macos")]
|
|
pub use proxy::CODEX_PROXY_GIT_SSH_COMMAND_MARKER;
|
|
pub use proxy::DEFAULT_NO_PROXY_VALUE;
|
|
pub use proxy::NO_PROXY_ENV_KEYS;
|
|
pub use proxy::NetworkProxy;
|
|
pub use proxy::NetworkProxyBuilder;
|
|
pub use proxy::NetworkProxyHandle;
|
|
pub use proxy::PROXY_ACTIVE_ENV_KEY;
|
|
pub use proxy::PROXY_ENV_KEYS;
|
|
#[cfg(target_os = "macos")]
|
|
pub use proxy::PROXY_GIT_SSH_COMMAND_ENV_KEY;
|
|
pub use proxy::PROXY_URL_ENV_KEYS;
|
|
pub use proxy::has_proxy_url_env_vars;
|
|
pub use proxy::proxy_url_env_value;
|
|
pub use runtime::BlockedRequest;
|
|
pub use runtime::BlockedRequestArgs;
|
|
pub use runtime::BlockedRequestObserver;
|
|
pub use runtime::ConfigReloader;
|
|
pub use runtime::ConfigState;
|
|
pub use runtime::NetworkProxyState;
|
|
pub use state::NetworkProxyAuditMetadata;
|
|
pub use state::NetworkProxyConstraintError;
|
|
pub use state::NetworkProxyConstraints;
|
|
pub use state::PartialNetworkConfig;
|
|
pub use state::PartialNetworkProxyConfig;
|
|
pub use state::build_config_state;
|
|
pub use state::validate_policy_against_constraints;
|