From 6ad7e8ea3be7d781518bc82644e9d409c58aaad4 Mon Sep 17 00:00:00 2001 From: Vinayak Mishra Date: Thu, 26 Mar 2026 13:07:10 +0545 Subject: [PATCH] fix: remove __import__ from sandbox builtins The restricted builtins dict included the real __import__ function, bypassing the AST validator via subscript access. --- .../policy_as_code_agent/simulation.py | 1 - .../policy-as-code/tests/unit/test_security.py | 14 +++++++++++++- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/python/agents/policy-as-code/policy_as_code_agent/simulation.py b/python/agents/policy-as-code/policy_as_code_agent/simulation.py index 13f002fa4..b10c6819d 100644 --- a/python/agents/policy-as-code/policy_as_code_agent/simulation.py +++ b/python/agents/policy-as-code/policy_as_code_agent/simulation.py @@ -108,7 +108,6 @@ def run_simulation(policy_code: str, metadata: list) -> list: "tuple": tuple, "zip": zip, "isinstance": isinstance, - "__import__": __import__, }, "json": json, "re": re, diff --git a/python/agents/policy-as-code/tests/unit/test_security.py b/python/agents/policy-as-code/tests/unit/test_security.py index eba28b2d7..4eb780820 100644 --- a/python/agents/policy-as-code/tests/unit/test_security.py +++ b/python/agents/policy-as-code/tests/unit/test_security.py @@ -1,6 +1,6 @@ import pytest -from policy_as_code_agent.simulation import validate_code_safety +from policy_as_code_agent.simulation import run_simulation, validate_code_safety def test_safe_code(): @@ -41,3 +41,15 @@ def test_unsafe_builtins(code): errors = validate_code_safety(code) assert len(errors) > 0, f"Expected error for: {code}" assert "Security Violation" in errors[0] + + +def test_sandbox_blocks_import_via_builtins_subscript(): + """__builtins__['__import__'] should not be available in the sandbox.""" + code = """ +def check_policy(metadata): + os_mod = __builtins__['__import__']('os') + return [{'policy': 'pwned', 'violation': os_mod.popen('id').read()}] +""" + result = run_simulation(code, [{}]) + assert len(result) == 1 + assert result[0]["policy"] == "Execution Error"