From 3a09b26b6da12ed7e9bb7d19434ecb2e0bf13e17 Mon Sep 17 00:00:00 2001
From: Eternity <1533512157@qq.com>
Date: Tue, 10 Feb 2026 17:46:38 +0800
Subject: [PATCH] fix(sandbox): fix potential preload injection issue

---
 sandbox/app/core/runners/python/prescript.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sandbox/app/core/runners/python/prescript.py b/sandbox/app/core/runners/python/prescript.py
index b694fe9b..dad78f9e 100644
--- a/sandbox/app/core/runners/python/prescript.py
+++ b/sandbox/app/core/runners/python/prescript.py
@@ -33,8 +33,6 @@ key = b64decode(key)
 
 os.chdir(running_path)
 
-# Preload code
-{{preload}}
 
 # Apply security if library is available
 init_status = lib.init_seccomp({{uid}}, {{gid}}, {{enable_network}})
@@ -42,6 +40,8 @@ if init_status != 0:
     raise Exception(f"code executor err - {str(init_status)}")
 del lib
 
+# Preload code
+{{preload}}
 # Decrypt and execute code
 code = b64decode("{{code}}")