### What problem does this PR solve? 1. Add sandbox options for max memory and timeout. 2. Malicious code detection for Python only. ### Type of change - [x] New Feature (non-breaking change which adds functionality)

5 months ago · 4a7ed9afef
--- a/docker/.env
+++ b/docker/.env
@@ -169,6 +169,8 @@ REGISTER_ENABLED=1
 # SANDBOX_BASE_NODEJS_IMAGE=infiniflow/sandbox-base-nodejs:latest
 # SANDBOX_EXECUTOR_MANAGER_PORT=9385
 # SANDBOX_ENABLE_SECCOMP=false
 # SANDBOX_MAX_MEMORY=256m # b, k, m, g
 # SANDBOX_TIMEOUT=10s # s, m, 1m30s

 # Important: To enable sandbox, you must re-declare the compose profiles.
 # 1. Comment out the COMPOSE_PROFILES line above.
--- a/docker/docker-compose-base.yml
+++ b/docker/docker-compose-base.yml
@@ -124,6 +124,8 @@ services:
      - SANDBOX_BASE_PYTHON_IMAGE=${SANDBOX_BASE_PYTHON_IMAGE:-infiniflow/sandbox-base-python:latest}
      - SANDBOX_BASE_NODEJS_IMAGE=${SANDBOX_BASE_NODEJS_IMAGE:-infiniflow/sandbox-base-nodejs:latest}
      - SANDBOX_ENABLE_SECCOMP=${SANDBOX_ENABLE_SECCOMP:-false}
      - SANDBOX_MAX_MEMORY=${SANDBOX_MAX_MEMORY:-256m}
      - SANDBOX_TIMEOUT=${SANDBOX_TIMEOUT:-10s}
    healthcheck:
      test: ["CMD", "curl", "http://localhost:9385/healthz"]
      interval: 10s