Refactor installation and runner scripts for enhanced usability and security

- Updated the installation script to clarify that production wrappers do not include fixed test secrets, improving user guidance for local testing.
- Modified the jiggablend-manager and jiggablend-runner scripts to remove fixed test configurations, emphasizing the use of local test credentials via `make init-test`.
- Enhanced error handling in the runner script to ensure that an API key is provided, improving security and user feedback.
- Added new flags and options for the runner, including sandboxing capabilities and GPU ray tracing control, enhancing flexibility for users.
- Improved README documentation to reflect changes in usage and configuration, ensuring users have clear instructions for setup and execution.
This commit is contained in:
2026-07-12 10:01:15 -05:00
parent a3defe5cf6
commit 1a69fcfd04
47 changed files with 2718 additions and 402 deletions
+19
View File
@@ -24,6 +24,25 @@ func createTarBuffer(files map[string]string) *bytes.Buffer {
return &buf
}
func TestExtractTarStripPrefix_RejectsEscapingSymlink(t *testing.T) {
destDir := t.TempDir()
var buf bytes.Buffer
tw := tar.NewWriter(&buf)
// Top-level prefix like Blender archives
_ = tw.WriteHeader(&tar.Header{Name: "blender-x/", Typeflag: tar.TypeDir, Mode: 0755})
_ = tw.WriteHeader(&tar.Header{
Name: "blender-x/evil",
Typeflag: tar.TypeSymlink,
Linkname: "../../outside",
Mode: 0777,
})
_ = tw.Close()
if err := ExtractTarStripPrefix(&buf, destDir); err == nil {
t.Fatal("expected escaping symlink to be rejected")
}
}
func TestExtractTar(t *testing.T) {
destDir := t.TempDir()