npm - koishi-plugin-spawn-modified - Versions diffs - 1.2.2 → 1.2.4 - Mend

koishi-plugin-spawn-modified 1.2.2 → 1.2.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/lib/index.js CHANGED Viewed

@@ -66,7 +66,23 @@ exports.Config = koishi_1.Schema.object({
     restrictDirectory: koishi_1.Schema.boolean().description('是否限制在当前目录及子目录内执行命令（禁止 cd 到上级或其他目录）。').default(false),
     authority: koishi_1.Schema.number().description('exec 命令所需权限等级。').default(4),
     commandFilterMode: koishi_1.Schema.union(['blacklist', 'whitelist']).description('命令过滤模式：blacklist/whitelist').default('blacklist'),
-    commandList: koishi_1.Schema.array(String).description('命令过滤列表，配合过滤模式使用（为空则不限制）。').default([]),
+    commandList: koishi_1.Schema.array(String).description('命令过滤列表，配合过滤模式使用（为空则不限制）。').default([
+        '^(?:^|[;&|\\n])\\s*(?:\\.?\\.\\/[^;&|\\s]+\\.sh\\b|(?:sh|bash|zsh|ksh|dash)\\s+[^;&|\\s]+\\.sh\\b)',
+        '^(?:^|[;&|\\n])\\s*chmod\\s+\\+x\\b',
+        '^\\s*sudo\\s+rm\\s+-rf\\b',
+        '^\\s*rm\\s+-rf\\b',
+        '^\\s*rm\\s+-rf\\s+/',
+        '^\\s*rm\\s+-rf\\s+/\\*',
+        '^\\s*mkfs(\\.\\w+)?\\b',
+        '^\\s*dd\\b.*\\bof=\\/dev\\/(sd|nvme|mmcblk)',
+        '^\\s*wipefs\\b',
+        '^\\s*(parted|fdisk|cfdisk)\\b',
+        '^\\s*lvremove\\b|^\\s*vgremove\\b',
+        '^\\s*cryptsetup\\b.*(erase|format)',
+        '^\\s*shutdown\\b|^\\s*poweroff\\b|^\\s*reboot\\b',
+        '^\\s*chmod\\s+[-+]?(777|666)\\b',
+        '^\\s*echo\\s+.+\\s*>\\s*/etc/(passwd|shadow|sudoers)\\b',
+    ]),
 });
 exports.name = 'spawn';
 exports.inject = {
@@ -75,28 +91,65 @@ exports.inject = {
 // 当前工作目录状态管理
 var sessionDirs = new Map();
 // 命令过滤：支持黑名单/白名单模式
+function buildRegex(entry) {
+    try {
+        return new RegExp(entry, 'i');
+    }
+    catch (_) {
+        // 回退为逐字匹配，防止用户写了非法正则
+        var escaped = entry.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+        try {
+            return new RegExp(escaped, 'i');
+        }
+        catch (_) {
+            return null;
+        }
+    }
+}
 function isCommandBlocked(command, mode, list) {
     if (!(list === null || list === void 0 ? void 0 : list.length))
         return false;
-    var trimmedCommand = command.trim().toLowerCase();
-    var hit = list.some(function (entry) { return trimmedCommand.startsWith(entry.toLowerCase()); });
+    var trimmedCommand = command.trim();
+    var hit = list.some(function (entry) {
+        var regex = buildRegex(entry);
+        return regex ? regex.test(trimmedCommand) : false;
+    });
     return mode === 'blacklist' ? hit : !hit;
 }
 // 解析 cd 命令并验证路径
+function isWithinRoot(rootDir, targetPath) {
+    var relative = path_1.default.relative(rootDir, targetPath);
+    return relative === '' || (!relative.startsWith('..') && !path_1.default.isAbsolute(relative));
+}
 function validateCdCommand(command, currentDir, rootDir, restrictDirectory) {
-    var cdMatch = command.trim().match(/^cd\s+(.+)$/i);
-    if (!cdMatch)
-        return { valid: true };
     if (!restrictDirectory)
         return { valid: true };
-    var targetPath = cdMatch[1].trim().replace(/['"]/g, '');
-    var absolutePath = path_1.default.resolve(currentDir, targetPath);
     var normalizedRoot = path_1.default.resolve(rootDir);
-    // 检查目标路径是否在根目录内
-    if (!absolutePath.startsWith(normalizedRoot)) {
-        return { valid: false, error: 'restricted-directory' };
+    var cdMatches = [];
+    var cdRegex = /\bcd\s+([^;&|\n]+)/gi;
+    var m;
+    while ((m = cdRegex.exec(command)) !== null) {
+        cdMatches.push(m);
+    }
+    if (!cdMatches.length)
+        return { valid: true };
+    // 若命令被链式运算符分隔且包含 cd，则要求所有 cd 目标都在指定 root 下，否则拒绝
+    for (var _i = 0, cdMatches_1 = cdMatches; _i < cdMatches_1.length; _i++) {
+        var match = cdMatches_1[_i];
+        var target = match[1].trim().replace(/['"]/g, '');
+        var absolutePath = path_1.default.resolve(currentDir, target);
+        if (!isWithinRoot(normalizedRoot, absolutePath)) {
+            return { valid: false, error: 'restricted-directory' };
+        }
+    }
+    // 仅当命令是单独的 cd 时才更新会话目录，避免链式命令切换目录后执行其他操作
+    var singleCdOnly = /^\s*cd\s+[^;&|\n]+\s*$/i.test(command);
+    if (singleCdOnly) {
+        var target = cdMatches[0][1].trim().replace(/['"]/g, '');
+        var absolutePath = path_1.default.resolve(currentDir, target);
+        return { valid: true, newDir: absolutePath };
     }
-    return { valid: true, newDir: absolutePath };
+    return { valid: true };
 }
 // 渲染终端输出为图片
 function renderTerminalImage(ctx, workingDir, command, output) {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "koishi-plugin-spawn-modified",
-  "version": "1.2.2",
+  "version": "1.2.4",
   "description": "Run shell commands with Koishi",
   "keywords": [
     "bot",

package/src/index.ts CHANGED Viewed

@@ -37,7 +37,23 @@ export const Config: Schema<Config> = Schema.object({
   restrictDirectory: Schema.boolean().description('是否限制在当前目录及子目录内执行命令（禁止 cd 到上级或其他目录）。').default(false),
   authority: Schema.number().description('exec 命令所需权限等级。').default(4),
   commandFilterMode: Schema.union(['blacklist', 'whitelist']).description('命令过滤模式：blacklist/whitelist').default('blacklist'),
-  commandList: Schema.array(String).description('命令过滤列表，配合过滤模式使用（为空则不限制）。').default([]),
+  commandList: Schema.array(String).description('命令过滤列表，配合过滤模式使用（为空则不限制）。').default([
+    '^(?:^|[;&|\\n])\\s*(?:\\.?\\.\\/[^;&|\\s]+\\.sh\\b|(?:sh|bash|zsh|ksh|dash)\\s+[^;&|\\s]+\\.sh\\b)',
+    '^(?:^|[;&|\\n])\\s*chmod\\s+\\+x\\b',
+    '^\\s*sudo\\s+rm\\s+-rf\\b',
+    '^\\s*rm\\s+-rf\\b',
+    '^\\s*rm\\s+-rf\\s+/',
+    '^\\s*rm\\s+-rf\\s+/\\*',
+    '^\\s*mkfs(\\.\\w+)?\\b',
+    '^\\s*dd\\b.*\\bof=\\/dev\\/(sd|nvme|mmcblk)',
+    '^\\s*wipefs\\b',
+    '^\\s*(parted|fdisk|cfdisk)\\b',
+    '^\\s*lvremove\\b|^\\s*vgremove\\b',
+    '^\\s*cryptsetup\\b.*(erase|format)',
+    '^\\s*shutdown\\b|^\\s*poweroff\\b|^\\s*reboot\\b',
+    '^\\s*chmod\\s+[-+]?(777|666)\\b',
+    '^\\s*echo\\s+.+\\s*>\\s*/etc/(passwd|shadow|sudoers)\\b',
+  ]),
 })
 export interface State {
@@ -59,30 +75,67 @@ export const inject = {
 const sessionDirs = new Map<string, string>()
 // 命令过滤：支持黑名单/白名单模式
+function buildRegex(entry: string): RegExp | null {
+  try {
+    return new RegExp(entry, 'i')
+  } catch (_) {
+    // 回退为逐字匹配，防止用户写了非法正则
+    const escaped = entry.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')
+    try {
+      return new RegExp(escaped, 'i')
+    } catch (_) {
+      return null
+    }
+  }
+}
 function isCommandBlocked(command: string, mode: 'blacklist' | 'whitelist', list: string[]): boolean {
   if (!list?.length) return false
-  const trimmedCommand = command.trim().toLowerCase()
-  const hit = list.some(entry => trimmedCommand.startsWith(entry.toLowerCase()))
+  const trimmedCommand = command.trim()
+  const hit = list.some(entry => {
+    const regex = buildRegex(entry)
+    return regex ? regex.test(trimmedCommand) : false
+  })
   return mode === 'blacklist' ? hit : !hit
 }
 // 解析 cd 命令并验证路径
+function isWithinRoot(rootDir: string, targetPath: string): boolean {
+  const relative = path.relative(rootDir, targetPath)
+  return relative === '' || (!relative.startsWith('..') && !path.isAbsolute(relative))
+}
 function validateCdCommand(command: string, currentDir: string, rootDir: string, restrictDirectory: boolean): { valid: boolean; newDir?: string; error?: string } {
-  const cdMatch = command.trim().match(/^cd\s+(.+)$/i)
-  if (!cdMatch) return { valid: true }
   if (!restrictDirectory) return { valid: true }
-  const targetPath = cdMatch[1].trim().replace(/['"]/g, '')
-  const absolutePath = path.resolve(currentDir, targetPath)
   const normalizedRoot = path.resolve(rootDir)
-  // 检查目标路径是否在根目录内
-  if (!absolutePath.startsWith(normalizedRoot)) {
-    return { valid: false, error: 'restricted-directory' }
+  const cdMatches: RegExpExecArray[] = []
+  const cdRegex = /\bcd\s+([^;&|\n]+)/gi
+  let m: RegExpExecArray | null
+  while ((m = cdRegex.exec(command)) !== null) {
+    cdMatches.push(m)
   }
-  return { valid: true, newDir: absolutePath }
+  if (!cdMatches.length) return { valid: true }
+  // 若命令被链式运算符分隔且包含 cd，则要求所有 cd 目标都在指定 root 下，否则拒绝
+  for (const match of cdMatches) {
+    const target = match[1].trim().replace(/['"]/g, '')
+    const absolutePath = path.resolve(currentDir, target)
+    if (!isWithinRoot(normalizedRoot, absolutePath)) {
+      return { valid: false, error: 'restricted-directory' }
+    }
+  }
+  // 仅当命令是单独的 cd 时才更新会话目录，避免链式命令切换目录后执行其他操作
+  const singleCdOnly = /^\s*cd\s+[^;&|\n]+\s*$/i.test(command)
+  if (singleCdOnly) {
+    const target = cdMatches[0][1].trim().replace(/['"]/g, '')
+    const absolutePath = path.resolve(currentDir, target)
+    return { valid: true, newDir: absolutePath }
+  }
+  return { valid: true }
 }
 // 渲染终端输出为图片
@@ -275,7 +328,7 @@ export function apply(ctx: Context, config: Config) {
       }
       command = h('', h.parse(command)).toString(true)
-      // 检查命令过滤（黑/白名单）
+      // 检查命令过滤（黑/白名单）；仅使用配置提供的正则
       const filterList = (config.commandList?.length ? config.commandList : config.blockedCommands) || []
       const filterMode = config.commandFilterMode || 'blacklist'
       if (isCommandBlocked(command, filterMode, filterList)) {