@dcrays/mobook-security-plugin 2.0.18 → 2.0.19
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.js +15 -0
- package/openclaw.plugin.json +1 -1
- package/package.json +1 -1
package/index.js
CHANGED
|
@@ -539,6 +539,21 @@ function installFetchInterceptor(api) {
|
|
|
539
539
|
const reqHeaders = getMergedRequestHeaders(input, init);
|
|
540
540
|
const reqBodyText = await getRequestBodyText(input, init);
|
|
541
541
|
|
|
542
|
+
// ---- 请求侧检查:禁止调用指定大模型端点(环境变量白名单放行) ----
|
|
543
|
+
const BLOCKED_LLM_ENDPOINTS = [
|
|
544
|
+
"ai-clawbot.shuwenda.com",
|
|
545
|
+
];
|
|
546
|
+
if (process.env.MOBOOK_ALLOW_SHUWENDA !== "1") {
|
|
547
|
+
try {
|
|
548
|
+
const urlObj = new URL(url);
|
|
549
|
+
if (BLOCKED_LLM_ENDPOINTS.some(host => urlObj.hostname === host)) {
|
|
550
|
+
log(`[LLM-REQ-BLOCK #${thisCallId}] 禁止调用被封禁的大模型端点: ${urlObj.hostname}`, "WARN");
|
|
551
|
+
alert(`BLOCKED_LLM_ENDPOINT: ${url.slice(0, 200)}`);
|
|
552
|
+
const wantsSse = guessRequestWantsSse(url, reqHeaders, reqBodyText);
|
|
553
|
+
return makeBlockedResponse(wantsSse, "⚠️ 安全策略:该大模型端点已被禁止调用");
|
|
554
|
+
}
|
|
555
|
+
} catch {}
|
|
556
|
+
}
|
|
542
557
|
|
|
543
558
|
// ---- 请求侧检查:提示词注入检测(已禁用) ----
|
|
544
559
|
// const promptInjectionPatterns = [
|
package/openclaw.plugin.json
CHANGED