judge: add message to inform sandbox upgrade

[criyle]

• Add notification to inform sandbox upgrade to mitigate the symlink escape issue

Summary by CodeRabbit

• Bug Fixes
  • Added sandbox security validation to detect symlink escape vulnerabilities. If a user's sandbox is identified as vulnerable, a clear error message will notify them and recommend upgrading their sandbox version to address the issue.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

This change adds a new internal flag fixSymlinkEscape read from config.fixSymlinkEscape (default false) inside versionCheck in the sandbox module. After existing sandbox capability validations and before returning, the function now reports an error ("Your sandbox version is vulnerable to symlink escape issue, please upgrade!") when fixSymlinkEscape is false. No exported or public signatures were changed and control flow remains the same aside from the additional check.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: adding a message to inform users about sandbox upgrade due to symlink escape vulnerability.

✨ Finishing touches

• 📝 Generate docstrings

---

📜 Recent review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between fd00239 and 420ef15.

📒 Files selected for processing (1)

• packages/hydrojudge/src/sandbox.ts

🧰 Additional context used

🧬 Code graph analysis (1)

packages/hydrojudge/src/sandbox.ts (1)

packages/hydrojudge/src/sandbox/client.ts (2)

• version (111-114)
• config (115-118)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: build
• GitHub Check: Analyze (javascript)

🔇 Additional comments (2)

packages/hydrojudge/src/sandbox.ts (2)

222-222: LGTM!

The variable declaration is clear and appropriately typed.

---

229-229: LGTM!

The config read with secure-by-default behavior (defaulting to false to trigger the vulnerability warning) is appropriate.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4dda4fe and fd00239.

📒 Files selected for processing (1)

• packages/hydrojudge/src/sandbox.ts

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: build
• GitHub Check: Analyze (javascript)

🔇 Additional comments (2)

packages/hydrojudge/src/sandbox.ts (2)

222-222: LGTM!

Variable declaration follows the established pattern in the function and is appropriately typed.

---

229-229: LGTM!

The default value of false ensures that sandboxes without this config property will be flagged as vulnerable, which is appropriate for a security-critical feature (fail-safe approach).

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

# First, run the provided script to find versionCheck usages
rg -nP -A5 -B2 '\bversionCheck\s*\(' --type=ts

Repository: hydro-dev/Hydro

Length of output: 1965

---

🏁 Script executed:

# Also, let's examine the sandbox.ts file to see the actual code at lines 231-250
wc -l packages/hydrojudge/src/sandbox.ts

Repository: hydro-dev/Hydro

Length of output: 97

---

🏁 Script executed:

# Read the relevant section of sandbox.ts
sed -n '225,260p' packages/hydrojudge/src/sandbox.ts

Repository: hydro-dev/Hydro

Length of output: 1491

---

Return false when symlink escape vulnerability is detected to halt execution safely.

The function reports a critical security error when fixSymlinkEscape is false but still returns true, inconsistent with lines 231-233 where false is returned after reporting other errors. In daemon.ts:49, the caller checks this return value and exits if false; returning true despite the vulnerability allows the system to proceed unsafely.

🤖 Prompt for AI Agents

In packages/hydrojudge/src/sandbox.ts around lines 247 to 250, the code reports
a symlink escape vulnerability when fixSymlinkEscape is false but still returns
true; change the control flow to return false after calling reportError so
execution halts consistently with other error cases (lines 231–233) and the
caller in daemon.ts can safely exit; ensure reportError is called first and then
return false.