koishi-plugin-spawn-modified 1.2.3 → 1.2.4

package/lib/index.js

@@ -66,7 +66,23 @@ exports.Config = koishi_1.Schema.object({
     restrictDirectory: koishi_1.Schema.boolean().description('是否限制在当前目录及子目录内执行命令（禁止 cd 到上级或其他目录）。').default(false),
     authority: koishi_1.Schema.number().description('exec 命令所需权限等级。').default(4),
     commandFilterMode: koishi_1.Schema.union(['blacklist', 'whitelist']).description('命令过滤模式：blacklist/whitelist').default('blacklist'),
-    commandList: koishi_1.Schema.array(String).description('命令过滤列表，配合过滤模式使用（为空则不限制）。').default([]),
+    commandList: koishi_1.Schema.array(String).description('命令过滤列表，配合过滤模式使用（为空则不限制）。').default([
+        '^(?:^|[;&|\\n])\\s*(?:\\.?\\.\\/[^;&|\\s]+\\.sh\\b|(?:sh|bash|zsh|ksh|dash)\\s+[^;&|\\s]+\\.sh\\b)',
+        '^(?:^|[;&|\\n])\\s*chmod\\s+\\+x\\b',
+        '^\\s*sudo\\s+rm\\s+-rf\\b',
+        '^\\s*rm\\s+-rf\\b',
+        '^\\s*rm\\s+-rf\\s+/',
+        '^\\s*rm\\s+-rf\\s+/\\*',
+        '^\\s*mkfs(\\.\\w+)?\\b',
+        '^\\s*dd\\b.*\\bof=\\/dev\\/(sd|nvme|mmcblk)',
+        '^\\s*wipefs\\b',
+        '^\\s*(parted|fdisk|cfdisk)\\b',
+        '^\\s*lvremove\\b|^\\s*vgremove\\b',
+        '^\\s*cryptsetup\\b.*(erase|format)',
+        '^\\s*shutdown\\b|^\\s*poweroff\\b|^\\s*reboot\\b',
+        '^\\s*chmod\\s+[-+]?(777|666)\\b',
+        '^\\s*echo\\s+.+\\s*>\\s*/etc/(passwd|shadow|sudoers)\\b',
+    ]),
 });
 exports.name = 'spawn';
 exports.inject = {
@@ -101,20 +117,39 @@ function isCommandBlocked(command, mode, list) {
     return mode === 'blacklist' ? hit : !hit;
 }
 // 解析 cd 命令并验证路径
+function isWithinRoot(rootDir, targetPath) {
+    var relative = path_1.default.relative(rootDir, targetPath);
+    return relative === '' || (!relative.startsWith('..') && !path_1.default.isAbsolute(relative));
+}
 function validateCdCommand(command, currentDir, rootDir, restrictDirectory) {
-    var cdMatch = command.trim().match(/^cd\s+(.+)$/i);
-    if (!cdMatch)
-        return { valid: true };
     if (!restrictDirectory)
         return { valid: true };
-    var targetPath = cdMatch[1].trim().replace(/['"]/g, '');
-    var absolutePath = path_1.default.resolve(currentDir, targetPath);
     var normalizedRoot = path_1.default.resolve(rootDir);
-    // 检查目标路径是否在根目录内
-    if (!absolutePath.startsWith(normalizedRoot)) {
-        return { valid: false, error: 'restricted-directory' };
+    var cdMatches = [];
+    var cdRegex = /\bcd\s+([^;&|\n]+)/gi;
+    var m;
+    while ((m = cdRegex.exec(command)) !== null) {
+        cdMatches.push(m);
+    }
+    if (!cdMatches.length)
+        return { valid: true };
+    // 若命令被链式运算符分隔且包含 cd，则要求所有 cd 目标都在指定 root 下，否则拒绝
+    for (var _i = 0, cdMatches_1 = cdMatches; _i < cdMatches_1.length; _i++) {
+        var match = cdMatches_1[_i];
+        var target = match[1].trim().replace(/['"]/g, '');
+        var absolutePath = path_1.default.resolve(currentDir, target);
+        if (!isWithinRoot(normalizedRoot, absolutePath)) {
+            return { valid: false, error: 'restricted-directory' };
+        }
+    }
+    // 仅当命令是单独的 cd 时才更新会话目录，避免链式命令切换目录后执行其他操作
+    var singleCdOnly = /^\s*cd\s+[^;&|\n]+\s*$/i.test(command);
+    if (singleCdOnly) {
+        var target = cdMatches[0][1].trim().replace(/['"]/g, '');
+        var absolutePath = path_1.default.resolve(currentDir, target);
+        return { valid: true, newDir: absolutePath };
     }
-    return { valid: true, newDir: absolutePath };
+    return { valid: true };
 }
 // 渲染终端输出为图片
 function renderTerminalImage(ctx, workingDir, command, output) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "koishi-plugin-spawn-modified",
-  "version": "1.2.3",
+  "version": "1.2.4",
   "description": "Run shell commands with Koishi",
   "keywords": [
     "bot",

package/src/index.ts

@@ -37,7 +37,23 @@ export const Config: Schema<Config> = Schema.object({
   restrictDirectory: Schema.boolean().description('是否限制在当前目录及子目录内执行命令（禁止 cd 到上级或其他目录）。').default(false),
   authority: Schema.number().description('exec 命令所需权限等级。').default(4),
   commandFilterMode: Schema.union(['blacklist', 'whitelist']).description('命令过滤模式：blacklist/whitelist').default('blacklist'),
-  commandList: Schema.array(String).description('命令过滤列表，配合过滤模式使用（为空则不限制）。').default([]),
+  commandList: Schema.array(String).description('命令过滤列表，配合过滤模式使用（为空则不限制）。').default([
+    '^(?:^|[;&|\\n])\\s*(?:\\.?\\.\\/[^;&|\\s]+\\.sh\\b|(?:sh|bash|zsh|ksh|dash)\\s+[^;&|\\s]+\\.sh\\b)',
+    '^(?:^|[;&|\\n])\\s*chmod\\s+\\+x\\b',
+    '^\\s*sudo\\s+rm\\s+-rf\\b',
+    '^\\s*rm\\s+-rf\\b',
+    '^\\s*rm\\s+-rf\\s+/',
+    '^\\s*rm\\s+-rf\\s+/\\*',
+    '^\\s*mkfs(\\.\\w+)?\\b',
+    '^\\s*dd\\b.*\\bof=\\/dev\\/(sd|nvme|mmcblk)',
+    '^\\s*wipefs\\b',
+    '^\\s*(parted|fdisk|cfdisk)\\b',
+    '^\\s*lvremove\\b|^\\s*vgremove\\b',
+    '^\\s*cryptsetup\\b.*(erase|format)',
+    '^\\s*shutdown\\b|^\\s*poweroff\\b|^\\s*reboot\\b',
+    '^\\s*chmod\\s+[-+]?(777|666)\\b',
+    '^\\s*echo\\s+.+\\s*>\\s*/etc/(passwd|shadow|sudoers)\\b',
+  ]),
 })
 
 export interface State {
@@ -84,22 +100,42 @@ function isCommandBlocked(command: string, mode: 'blacklist' | 'whitelist', list
 }
 
 // 解析 cd 命令并验证路径
+function isWithinRoot(rootDir: string, targetPath: string): boolean {
+  const relative = path.relative(rootDir, targetPath)
+  return relative === '' || (!relative.startsWith('..') && !path.isAbsolute(relative))
+}
+
 function validateCdCommand(command: string, currentDir: string, rootDir: string, restrictDirectory: boolean): { valid: boolean; newDir?: string; error?: string } {
-  const cdMatch = command.trim().match(/^cd\s+(.+)$/i)
-  if (!cdMatch) return { valid: true }
-  
   if (!restrictDirectory) return { valid: true }
-  
-  const targetPath = cdMatch[1].trim().replace(/['"]/g, '')
-  const absolutePath = path.resolve(currentDir, targetPath)
+
   const normalizedRoot = path.resolve(rootDir)
-  
-  // 检查目标路径是否在根目录内
-  if (!absolutePath.startsWith(normalizedRoot)) {
-    return { valid: false, error: 'restricted-directory' }
+  const cdMatches: RegExpExecArray[] = []
+  const cdRegex = /\bcd\s+([^;&|\n]+)/gi
+  let m: RegExpExecArray | null
+  while ((m = cdRegex.exec(command)) !== null) {
+    cdMatches.push(m)
   }
-  
-  return { valid: true, newDir: absolutePath }
+
+  if (!cdMatches.length) return { valid: true }
+
+  // 若命令被链式运算符分隔且包含 cd，则要求所有 cd 目标都在指定 root 下，否则拒绝
+  for (const match of cdMatches) {
+    const target = match[1].trim().replace(/['"]/g, '')
+    const absolutePath = path.resolve(currentDir, target)
+    if (!isWithinRoot(normalizedRoot, absolutePath)) {
+      return { valid: false, error: 'restricted-directory' }
+    }
+  }
+
+  // 仅当命令是单独的 cd 时才更新会话目录，避免链式命令切换目录后执行其他操作
+  const singleCdOnly = /^\s*cd\s+[^;&|\n]+\s*$/i.test(command)
+  if (singleCdOnly) {
+    const target = cdMatches[0][1].trim().replace(/['"]/g, '')
+    const absolutePath = path.resolve(currentDir, target)
+    return { valid: true, newDir: absolutePath }
+  }
+
+  return { valid: true }
 }
 
 // 渲染终端输出为图片
@@ -292,7 +328,7 @@ export function apply(ctx: Context, config: Config) {
       }
 
       command = h('', h.parse(command)).toString(true)
-      // 检查命令过滤（黑/白名单）
+      // 检查命令过滤（黑/白名单）；仅使用配置提供的正则
       const filterList = (config.commandList?.length ? config.commandList : config.blockedCommands) || []
       const filterMode = config.commandFilterMode || 'blacklist'
       if (isCommandBlocked(command, filterMode, filterList)) {