koishi-plugin-spawn-modified 1.2.3 → 1.2.5

package/lib/index.js

@@ -52,6 +52,7 @@ exports.inject = exports.name = exports.Config = void 0;
 exports.apply = apply;
 var child_process_1 = require("child_process");
 var koishi_1 = require("koishi");
+var os_1 = __importDefault(require("os"));
 var path_1 = __importDefault(require("path"));
 var url_1 = require("url");
 var ansi_to_html_1 = __importDefault(require("ansi-to-html"));
@@ -100,21 +101,130 @@ function isCommandBlocked(command, mode, list) {
     });
     return mode === 'blacklist' ? hit : !hit;
 }
+function stripQuotes(text) {
+    return text.replace(/^['"]|['"]$/g, '');
+}
+function tokenizeCommand(command) {
+    var tokens = [];
+    var current = '';
+    var quote = null;
+    for (var i = 0; i < command.length; i++) {
+        var char = command[i];
+        if ((char === '"' || char === "'") && (quote === null || quote === char)) {
+            quote = quote ? null : char;
+            continue;
+        }
+        if (!quote && /\s/.test(char)) {
+            if (current) {
+                tokens.push(current);
+                current = '';
+            }
+            continue;
+        }
+        current += char;
+    }
+    if (current)
+        tokens.push(current);
+    return tokens;
+}
+function isPathLike(token) {
+    var trimmed = token.trim();
+    if (!trimmed)
+        return false;
+    if (/^[|&><]+$/.test(trimmed))
+        return false;
+    if (/^-{1,2}[a-zA-Z0-9][\w-]*$/.test(trimmed))
+        return false;
+    if (/^\$[A-Za-z_][A-Za-z0-9_]*$/.test(trimmed))
+        return false;
+    var normalized = stripQuotes(trimmed);
+    return (/^[A-Za-z]:[\\/]/.test(normalized) ||
+        normalized.startsWith('/') ||
+        normalized.startsWith('~') ||
+        normalized.startsWith('..') ||
+        normalized.startsWith('./') ||
+        normalized.includes('/') ||
+        normalized.includes('\\'));
+}
+function resolveCandidatePath(candidate, currentDir) {
+    var _a;
+    var cleaned = stripQuotes(candidate.trim());
+    var homeDir = ((_a = os_1.default.homedir) === null || _a === void 0 ? void 0 : _a.call(os_1.default)) || '';
+    if (cleaned.startsWith('~')) {
+        var withoutTilde = cleaned.slice(1).replace(/^[/\\]/, '');
+        var homeResolved = homeDir ? path_1.default.join(homeDir, withoutTilde) : cleaned;
+        return path_1.default.resolve(homeResolved);
+    }
+    return path_1.default.resolve(currentDir, cleaned);
+}
+function extractPathCandidates(command) {
+    var tokens = tokenizeCommand(command);
+    var candidates = [];
+    for (var _i = 0, tokens_1 = tokens; _i < tokens_1.length; _i++) {
+        var token = tokens_1[_i];
+        var normalized = stripQuotes(token);
+        if (isPathLike(normalized)) {
+            candidates.push(normalized);
+            continue;
+        }
+        var eqIndex = normalized.indexOf('=');
+        if (eqIndex > 0) {
+            var value = normalized.slice(eqIndex + 1);
+            if (isPathLike(value)) {
+                candidates.push(value);
+            }
+        }
+    }
+    return candidates;
+}
 // 解析 cd 命令并验证路径
-function validateCdCommand(command, currentDir, rootDir, restrictDirectory) {
-    var cdMatch = command.trim().match(/^cd\s+(.+)$/i);
-    if (!cdMatch)
+function isWithinRoot(rootDir, targetPath) {
+    var relative = path_1.default.relative(rootDir, targetPath);
+    return relative === '' || (!relative.startsWith('..') && !path_1.default.isAbsolute(relative));
+}
+function validatePathAccess(command, currentDir, rootDir, restrictDirectory) {
+    if (!restrictDirectory)
         return { valid: true };
+    var normalizedRoot = path_1.default.resolve(rootDir);
+    var candidates = extractPathCandidates(command);
+    for (var _i = 0, candidates_1 = candidates; _i < candidates_1.length; _i++) {
+        var candidate = candidates_1[_i];
+        var resolved = resolveCandidatePath(candidate, currentDir);
+        if (!isWithinRoot(normalizedRoot, resolved)) {
+            return { valid: false, error: 'restricted-path' };
+        }
+    }
+    return { valid: true };
+}
+function validateCdCommand(command, currentDir, rootDir, restrictDirectory) {
     if (!restrictDirectory)
         return { valid: true };
-    var targetPath = cdMatch[1].trim().replace(/['"]/g, '');
-    var absolutePath = path_1.default.resolve(currentDir, targetPath);
     var normalizedRoot = path_1.default.resolve(rootDir);
-    // 检查目标路径是否在根目录内
-    if (!absolutePath.startsWith(normalizedRoot)) {
-        return { valid: false, error: 'restricted-directory' };
+    var cdMatches = [];
+    var cdRegex = /\bcd\s+([^;&|\n]+)/gi;
+    var m;
+    while ((m = cdRegex.exec(command)) !== null) {
+        cdMatches.push(m);
+    }
+    if (!cdMatches.length)
+        return { valid: true };
+    // 若命令被链式运算符分隔且包含 cd，则要求所有 cd 目标都在指定 root 下，否则拒绝
+    for (var _i = 0, cdMatches_1 = cdMatches; _i < cdMatches_1.length; _i++) {
+        var match = cdMatches_1[_i];
+        var target = match[1].trim().replace(/['"]/g, '');
+        var absolutePath = path_1.default.resolve(currentDir, target);
+        if (!isWithinRoot(normalizedRoot, absolutePath)) {
+            return { valid: false, error: 'restricted-directory' };
+        }
     }
-    return { valid: true, newDir: absolutePath };
+    // 仅当命令是单独的 cd 时才更新会话目录，避免链式命令切换目录后执行其他操作
+    var singleCdOnly = /^\s*cd\s+[^;&|\n]+\s*$/i.test(command);
+    if (singleCdOnly) {
+        var target = cdMatches[0][1].trim().replace(/['"]/g, '');
+        var absolutePath = path_1.default.resolve(currentDir, target);
+        return { valid: true, newDir: absolutePath };
+    }
+    return { valid: true };
 }
 // 渲染终端输出为图片
 function renderTerminalImage(ctx, workingDir, command, output) {
@@ -191,7 +301,7 @@ function apply(ctx, config) {
     ctx.i18n.define('zh-CN', require('./locales/zh-CN'));
     ctx.command('exec <command:text>', { authority: (_a = config.authority) !== null && _a !== void 0 ? _a : 4 })
         .action(function (_a, command_1) { return __awaiter(_this, [_a, command_1], void 0, function (_b, command) {
-        var filterList, filterMode, sessionId, rootDir, currentDir, cdValidation, timeout, state;
+        var filterList, filterMode, sessionId, rootDir, currentDir, cdValidation, pathValidation, timeout, state;
         var _this = this;
         var _c;
         var session = _b.session;
@@ -214,6 +324,10 @@ function apply(ctx, config) {
                     if (!cdValidation.valid) {
                         return [2 /*return*/, session.text('.restricted-directory')];
                     }
+                    pathValidation = validatePathAccess(command, currentDir, rootDir, config.restrictDirectory);
+                    if (!pathValidation.valid) {
+                        return [2 /*return*/, session.text('.restricted-path')];
+                    }
                     timeout = config.timeout;
                     state = { command: command, timeout: timeout, output: '' };
                     if (!!config.renderImage) return [3 /*break*/, 2];

package/lib/locales/zh-CN.json

@@ -7,7 +7,8 @@
         "started": "[运行开始] {command}",
         "finished": "[运行完毕] {command}\n{output}",
         "blocked-command": "该命令已被禁止执行。",
-        "restricted-directory": "不允许切换到上级或其他目录。"
+        "restricted-directory": "不允许切换到上级或其他目录。",
+        "restricted-path": "不允许访问配置目录以外的文件或目录。"
       }
     }
   }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "koishi-plugin-spawn-modified",
-  "version": "1.2.3",
+  "version": "1.2.5",
   "description": "Run shell commands with Koishi",
   "keywords": [
     "bot",

package/src/index.ts

@@ -1,5 +1,6 @@
 import { exec } from 'child_process'
 import { Context, h, Schema, Time } from 'koishi'
+import os from 'os'
 import path from 'path'
 import { pathToFileURL } from 'url'
 import AnsiToHtml from 'ansi-to-html'
@@ -83,23 +84,147 @@ function isCommandBlocked(command: string, mode: 'blacklist' | 'whitelist', list
   return mode === 'blacklist' ? hit : !hit
 }
 
+function stripQuotes(text: string): string {
+  return text.replace(/^['"]|['"]$/g, '')
+}
+
+function tokenizeCommand(command: string): string[] {
+  const tokens: string[] = []
+  let current = ''
+  let quote: string | null = null
+
+  for (let i = 0; i < command.length; i++) {
+    const char = command[i]
+
+    if ((char === '"' || char === "'") && (quote === null || quote === char)) {
+      quote = quote ? null : char
+      continue
+    }
+
+    if (!quote && /\s/.test(char)) {
+      if (current) {
+        tokens.push(current)
+        current = ''
+      }
+      continue
+    }
+
+    current += char
+  }
+
+  if (current) tokens.push(current)
+  return tokens
+}
+
+function isPathLike(token: string): boolean {
+  const trimmed = token.trim()
+  if (!trimmed) return false
+  if (/^[|&><]+$/.test(trimmed)) return false
+  if (/^-{1,2}[a-zA-Z0-9][\w-]*$/.test(trimmed)) return false
+  if (/^\$[A-Za-z_][A-Za-z0-9_]*$/.test(trimmed)) return false
+
+  const normalized = stripQuotes(trimmed)
+
+  return (
+    /^[A-Za-z]:[\\/]/.test(normalized) ||
+    normalized.startsWith('/') ||
+    normalized.startsWith('~') ||
+    normalized.startsWith('..') ||
+    normalized.startsWith('./') ||
+    normalized.includes('/') ||
+    normalized.includes('\\')
+  )
+}
+
+function resolveCandidatePath(candidate: string, currentDir: string): string {
+  const cleaned = stripQuotes(candidate.trim())
+  const homeDir = os.homedir?.() || ''
+
+  if (cleaned.startsWith('~')) {
+    const withoutTilde = cleaned.slice(1).replace(/^[/\\]/, '')
+    const homeResolved = homeDir ? path.join(homeDir, withoutTilde) : cleaned
+    return path.resolve(homeResolved)
+  }
+
+  return path.resolve(currentDir, cleaned)
+}
+
+function extractPathCandidates(command: string): string[] {
+  const tokens = tokenizeCommand(command)
+  const candidates: string[] = []
+
+  for (const token of tokens) {
+    const normalized = stripQuotes(token)
+    if (isPathLike(normalized)) {
+      candidates.push(normalized)
+      continue
+    }
+
+    const eqIndex = normalized.indexOf('=')
+    if (eqIndex > 0) {
+      const value = normalized.slice(eqIndex + 1)
+      if (isPathLike(value)) {
+        candidates.push(value)
+      }
+    }
+  }
+
+  return candidates
+}
+
 // 解析 cd 命令并验证路径
+function isWithinRoot(rootDir: string, targetPath: string): boolean {
+  const relative = path.relative(rootDir, targetPath)
+  return relative === '' || (!relative.startsWith('..') && !path.isAbsolute(relative))
+}
+
+function validatePathAccess(command: string, currentDir: string, rootDir: string, restrictDirectory: boolean): { valid: boolean; error?: string } {
+  if (!restrictDirectory) return { valid: true }
+
+  const normalizedRoot = path.resolve(rootDir)
+  const candidates = extractPathCandidates(command)
+
+  for (const candidate of candidates) {
+    const resolved = resolveCandidatePath(candidate, currentDir)
+    if (!isWithinRoot(normalizedRoot, resolved)) {
+      return { valid: false, error: 'restricted-path' }
+    }
+  }
+
+  return { valid: true }
+}
+
 function validateCdCommand(command: string, currentDir: string, rootDir: string, restrictDirectory: boolean): { valid: boolean; newDir?: string; error?: string } {
-  const cdMatch = command.trim().match(/^cd\s+(.+)$/i)
-  if (!cdMatch) return { valid: true }
-  
   if (!restrictDirectory) return { valid: true }
-  
-  const targetPath = cdMatch[1].trim().replace(/['"]/g, '')
-  const absolutePath = path.resolve(currentDir, targetPath)
+
   const normalizedRoot = path.resolve(rootDir)
-  
-  // 检查目标路径是否在根目录内
-  if (!absolutePath.startsWith(normalizedRoot)) {
-    return { valid: false, error: 'restricted-directory' }
+  const cdMatches: RegExpExecArray[] = []
+  const cdRegex = /\bcd\s+([^;&|\n]+)/gi
+  let m: RegExpExecArray | null
+  while ((m = cdRegex.exec(command)) !== null) {
+    cdMatches.push(m)
   }
-  
-  return { valid: true, newDir: absolutePath }
+
+  if (!cdMatches.length) return { valid: true }
+
+  // 若命令被链式运算符分隔且包含 cd，则要求所有 cd 目标都在指定 root 下，否则拒绝
+  for (const match of cdMatches) {
+    const target = match[1].trim().replace(/['"]/g, '')
+    const absolutePath = path.resolve(currentDir, target)
+    if (!isWithinRoot(normalizedRoot, absolutePath)) {
+      return { valid: false, error: 'restricted-directory' }
+    }
+  }
+
+  // 仅当命令是单独的 cd 时才更新会话目录，避免链式命令切换目录后执行其他操作
+  const singleCdOnly = /^\s*cd\s+[^;&|\n]+\s*$/i.test(command)
+  if (singleCdOnly) {
+    const target = cdMatches[0][1].trim().replace(/['"]/g, '')
+    const absolutePath = path.resolve(currentDir, target)
+    return { valid: true, newDir: absolutePath }
+  }
+
+  return { valid: true }
 }
 
 // 渲染终端输出为图片
@@ -292,7 +417,7 @@ export function apply(ctx: Context, config: Config) {
       }
 
       command = h('', h.parse(command)).toString(true)
-      // 检查命令过滤（黑/白名单）
+      // 检查命令过滤（黑/白名单）；仅使用配置提供的正则
       const filterList = (config.commandList?.length ? config.commandList : config.blockedCommands) || []
       const filterMode = config.commandFilterMode || 'blacklist'
       if (isCommandBlocked(command, filterMode, filterList)) {
@@ -306,6 +431,10 @@ export function apply(ctx: Context, config: Config) {
       if (!cdValidation.valid) {
         return session.text('.restricted-directory')
       }
+      const pathValidation = validatePathAccess(command, currentDir, rootDir, config.restrictDirectory)
+      if (!pathValidation.valid) {
+        return session.text('.restricted-path')
+      }
       const { timeout } = config
       const state: State = { command, timeout, output: '' }
       if (!config.renderImage) {

package/src/locales/zh-CN.yml

@@ -9,3 +9,4 @@ commands:
         {output}
       blocked-command: 该命令已被禁止执行。
       restricted-directory: 不允许切换到上级或其他目录。
+      restricted-path: 不允许访问配置目录以外的文件或目录。