Allow setting env variables dynamically and remove command restrictions (#22)

ghostwriternr · web-flow · commit f5fcd52025d1 · 2025-07-21T13:16:15.000+01:00
* Bump containers package version

* Remove rudimentary dangerous commands check

* Allow dynamically setting env vars

* Add changeset
diff --git a/.changeset/thin-plums-hammer.md b/.changeset/thin-plums-hammer.md
@@ -0,0 +1,5 @@
+---
+"@cloudflare/sandbox": patch
+---
+
+Allow setting env variables dynamically and remove command restrictions
diff --git a/package-lock.json b/package-lock.json
diff --git a/packages/sandbox/container_src/index.ts b/packages/sandbox/container_src/index.ts
@@ -400,34 +400,6 @@ async function handleExecuteRequest(
       );
     }
 
-    // Basic safety check - prevent dangerous commands
-    const dangerousCommands = [
-      "rm",
-      "rmdir",
-      "del",
-      "format",
-      "shutdown",
-      "reboot",
-    ];
-    const lowerCommand = command.toLowerCase();
-
-    if (
-      dangerousCommands.some((dangerous) => lowerCommand.includes(dangerous))
-    ) {
-      return new Response(
-        JSON.stringify({
-          error: "Dangerous command not allowed",
-        }),
-        {
-          headers: {
-            "Content-Type": "application/json",
-            ...corsHeaders,
-          },
-          status: 400,
-        }
-      );
-    }
-
     console.log(`[Server] Executing command: ${command} ${args.join(" ")}`);
 
     const result = await executeCommand(command, args, sessionId, background);
@@ -490,34 +462,6 @@ async function handleStreamingExecuteRequest(
       );
     }
 
-    // Basic safety check - prevent dangerous commands
-    const dangerousCommands = [
-      "rm",
-      "rmdir",
-      "del",
-      "format",
-      "shutdown",
-      "reboot",
-    ];
-    const lowerCommand = command.toLowerCase();
-
-    if (
-      dangerousCommands.some((dangerous) => lowerCommand.includes(dangerous))
-    ) {
-      return new Response(
-        JSON.stringify({
-          error: "Dangerous command not allowed",
-        }),
-        {
-          headers: {
-            "Content-Type": "application/json",
-            ...corsHeaders,
-          },
-          status: 400,
-        }
-      );
-    }
-
     console.log(
       `[Server] Executing streaming command: ${command} ${args.join(" ")}`
     );
diff --git a/packages/sandbox/package.json b/packages/sandbox/package.json
@@ -7,7 +7,7 @@
   },
   "description": "A sandboxed environment for running commands",
   "dependencies": {
-    "@cloudflare/containers": "^0.0.23"
+    "@cloudflare/containers": "^0.0.24"
   },
   "tags": [
     "sandbox",
diff --git a/packages/sandbox/src/sandbox.ts b/packages/sandbox/src/sandbox.ts
@@ -55,6 +55,12 @@ export class Sandbox<Env = unknown> extends Container<Env> {
     }
   }
 
+  // RPC method to set environment variables
+  async setEnvVars(envVars: Record<string, string>): Promise<void> {
+    this.envVars = { ...this.envVars, ...envVars };
+    console.log(`[Sandbox] Updated environment variables`);
+  }
+
   override onStart() {
     console.log("Sandbox successfully started");
   }

-Original file line number
+Diff line change
@@ @@ -0,0 +1,5 @@ @@
 +---
 +"@cloudflare/sandbox": patch
 +---
++
 +Allow setting env variables dynamically and remove command restrictions
Original file line number	Diff line number	Diff line change
`@@ -55,6 +55,12 @@ export class Sandbox<Env = unknown> extends Container<Env> {`
`55`	`55`	`}`
`56`	`56`	`}`
`57`	`57`
	`58`	`+ // RPC method to set environment variables`
	`59`	`+ async setEnvVars(envVars: Record<string, string>): Promise<void> {`
	`60`	`+ this.envVars = { ...this.envVars, ...envVars };`
	`61`	+ console.log(`[Sandbox] Updated environment variables`);
	`62`	`+ }`
	`63`	`+`
`58`	`64`	`override onStart() {`
`59`	`65`	`console.log("Sandbox successfully started");`
`60`	`66`	`}`