From 3b93c6137d22387afb50ca307fd745a09d785f37 Mon Sep 17 00:00:00 2001
From: MuziIsabel <785398289@qq.com>
Date: Sat, 25 Apr 2026 10:55:36 +0800
Subject: [PATCH] fix(sandbox): patch Popen + block startfile to prevent window
 leaks

subprocess.run was already patched with CREATE_NO_WINDOW, but Popen and
os.startfile were unprotected. Agent code could open visible GUI windows
via subprocess.Popen(['notepad.exe']) or os.startfile().
---
 assets/code_run_header.py | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/assets/code_run_header.py b/assets/code_run_header.py
index 52a5e5f..68bfc01 100644
--- a/assets/code_run_header.py
+++ b/assets/code_run_header.py
@@ -19,4 +19,12 @@ def _run(*a, **k):
         if r.stderr is not None: r.stderr = _d(r.stderr)
     return r
 subprocess.run = _run
+_Pi = subprocess.Popen.__init__
+def _pinit(self, *a, **k):
+    if os.name == 'nt': k['creationflags'] = (k.get('creationflags') or 0) | 0x08000000
+    _Pi(self, *a, **k)
+subprocess.Popen.__init__ = _pinit
+if hasattr(os, 'startfile'):
+    def _nosf(*a, **k): raise RuntimeError("startfile disabled in sandbox")
+    os.startfile = _nosf
 sys.excepthook = lambda t, v, tb: (sys.__excepthook__(t, v, tb), print(f"\n[Agent Hint]: NO GUESSING! You MUST probe first. If missing common package, pip.")) if issubclass(t, (ImportError, AttributeError)) else sys.__excepthook__(t, v, tb)