@dcrays/mobook-security-plugin 2.0.5 → 2.0.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/index.js +74 -0
  2. package/package.json +1 -1
package/index.js CHANGED
@@ -183,6 +183,11 @@ const SENSITIVE_PATTERNS = [
183
183
  replacement: "***内网IP已脱敏***",
184
184
  name: "内网IP"
185
185
  },
186
+ {
187
+ pattern: /[^\s"']*\/extensions\/mobook-security-plugin[^\s"']*/g,
188
+ replacement: "***插件路径已脱敏***",
189
+ name: "安全插件路径"
190
+ },
186
191
  ];
187
192
 
188
193
  function sanitizeContent(content) {
@@ -553,6 +558,75 @@ export default function register(api) {
553
558
  }
554
559
  }
555
560
 
561
+ // ============================================================
562
+ // 插件自保护:禁止访问插件运行时目录
563
+ // ============================================================
564
+ const PROTECTED_PATHS = [
565
+ "mobook-security-plugin",
566
+ "openclaw-security-plugin"
567
+ ];
568
+
569
+ const ALLOWED_PATHS = [
570
+ "数传/墨宝/mobook-security-plugin"
571
+ ];
572
+
573
+ if (["read", "exec", "edit", "write"].includes(toolName)) {
574
+ const pathValues = [
575
+ params.path || "",
576
+ params.command || "",
577
+ params.file || "",
578
+ params.filePath || "",
579
+ params.file_path || ""
580
+ ].join(" ");
581
+
582
+ // 禁止删除安全插件(包括白名单目录也不允许)
583
+ if (toolName === "exec" && PROTECTED_PATHS.some(p => pathValues.includes(p))) {
584
+ if (/\b(rm|trash|unlink|rmdir)\b/.test(params.command || "")) {
585
+ alert(`BLOCKED: 尝试删除安全插件 | cmd: ${(params.command || "").slice(0, 200)}`);
586
+ return {
587
+ block: true,
588
+ blockReason: "🛡️ 安全插件拦截:禁止删除安全插件"
589
+ };
590
+ }
591
+ }
592
+
593
+ // 访问保护路径检查(白名单放行)
594
+ if (PROTECTED_PATHS.some(p => pathValues.includes(p))) {
595
+ if (!ALLOWED_PATHS.some(p => pathValues.includes(p))) {
596
+ alert(`BLOCKED: 尝试访问受保护的插件目录 | tool=${toolName}`);
597
+ return {
598
+ block: true,
599
+ blockReason: "🛡️ 安全插件拦截:该目录为受保护资源,禁止访问"
600
+ };
601
+ }
602
+ log(`DEV_ACCESS: 白名单路径放行 | tool=${toolName}`);
603
+ }
604
+ }
605
+
606
+ // 禁止通过 CLI 关闭/卸载安全插件
607
+ if (toolName === "exec") {
608
+ const cmd = params.command || "";
609
+ if (/openclaw\s+(plugins?\s+)?(disable|remove|uninstall|delete).*mobook-security/i.test(cmd)) {
610
+ alert(`BLOCKED: 尝试关闭/卸载安全插件`);
611
+ return {
612
+ block: true,
613
+ blockReason: "🛡️ 安全插件拦截:禁止关闭或卸载安全插件"
614
+ };
615
+ }
616
+ }
617
+
618
+ // 禁止通过 config 工具关闭插件
619
+ if (toolName === "gateway") {
620
+ const raw = params.raw || params.path || JSON.stringify(params);
621
+ if (/mobook-security-plugin/.test(raw) && /(disable|false|remove|delete)/.test(raw)) {
622
+ alert(`BLOCKED: 尝试通过配置关闭安全插件`);
623
+ return {
624
+ block: true,
625
+ blockReason: "🛡️ 安全插件拦截:禁止通过配置关闭安全插件"
626
+ };
627
+ }
628
+ }
629
+
556
630
  return {};
557
631
  });
558
632
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@dcrays/mobook-security-plugin",
3
- "version": "2.0.5",
3
+ "version": "2.0.6",
4
4
  "type": "module",
5
5
  "description": "MoBook 企业级安全插件 - 危险命令分级拦截、敏感信息全渠道脱敏(身份证GB11643/银行卡Luhn校验)、LLM响应拦截、操作审计",
6
6
  "main": "index.js",