koishi-plugin-spawn-modified 1.2.2 → 1.2.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/lib/index.js +20 -2
  2. package/package.json +1 -1
  3. package/src/index.ts +19 -2
package/lib/index.js CHANGED
@@ -75,11 +75,29 @@ exports.inject = {
75
75
  // 当前工作目录状态管理
76
76
  var sessionDirs = new Map();
77
77
  // 命令过滤:支持黑名单/白名单模式
78
+ function buildRegex(entry) {
79
+ try {
80
+ return new RegExp(entry, 'i');
81
+ }
82
+ catch (_) {
83
+ // 回退为逐字匹配,防止用户写了非法正则
84
+ var escaped = entry.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
85
+ try {
86
+ return new RegExp(escaped, 'i');
87
+ }
88
+ catch (_) {
89
+ return null;
90
+ }
91
+ }
92
+ }
78
93
  function isCommandBlocked(command, mode, list) {
79
94
  if (!(list === null || list === void 0 ? void 0 : list.length))
80
95
  return false;
81
- var trimmedCommand = command.trim().toLowerCase();
82
- var hit = list.some(function (entry) { return trimmedCommand.startsWith(entry.toLowerCase()); });
96
+ var trimmedCommand = command.trim();
97
+ var hit = list.some(function (entry) {
98
+ var regex = buildRegex(entry);
99
+ return regex ? regex.test(trimmedCommand) : false;
100
+ });
83
101
  return mode === 'blacklist' ? hit : !hit;
84
102
  }
85
103
  // 解析 cd 命令并验证路径
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "koishi-plugin-spawn-modified",
3
- "version": "1.2.2",
3
+ "version": "1.2.3",
4
4
  "description": "Run shell commands with Koishi",
5
5
  "keywords": [
6
6
  "bot",
package/src/index.ts CHANGED
@@ -59,10 +59,27 @@ export const inject = {
59
59
  const sessionDirs = new Map<string, string>()
60
60
 
61
61
  // 命令过滤:支持黑名单/白名单模式
62
+ function buildRegex(entry: string): RegExp | null {
63
+ try {
64
+ return new RegExp(entry, 'i')
65
+ } catch (_) {
66
+ // 回退为逐字匹配,防止用户写了非法正则
67
+ const escaped = entry.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')
68
+ try {
69
+ return new RegExp(escaped, 'i')
70
+ } catch (_) {
71
+ return null
72
+ }
73
+ }
74
+ }
75
+
62
76
  function isCommandBlocked(command: string, mode: 'blacklist' | 'whitelist', list: string[]): boolean {
63
77
  if (!list?.length) return false
64
- const trimmedCommand = command.trim().toLowerCase()
65
- const hit = list.some(entry => trimmedCommand.startsWith(entry.toLowerCase()))
78
+ const trimmedCommand = command.trim()
79
+ const hit = list.some(entry => {
80
+ const regex = buildRegex(entry)
81
+ return regex ? regex.test(trimmedCommand) : false
82
+ })
66
83
  return mode === 'blacklist' ? hit : !hit
67
84
  }
68
85