koishi-plugin-spawn-modified 1.2.4 → 1.2.6

package/lib/index.js

@@ -52,6 +52,7 @@ exports.inject = exports.name = exports.Config = void 0;
 exports.apply = apply;
 var child_process_1 = require("child_process");
 var koishi_1 = require("koishi");
+var os_1 = __importDefault(require("os"));
 var path_1 = __importDefault(require("path"));
 var url_1 = require("url");
 var ansi_to_html_1 = __importDefault(require("ansi-to-html"));
@@ -66,23 +67,7 @@ exports.Config = koishi_1.Schema.object({
     restrictDirectory: koishi_1.Schema.boolean().description('是否限制在当前目录及子目录内执行命令（禁止 cd 到上级或其他目录）。').default(false),
     authority: koishi_1.Schema.number().description('exec 命令所需权限等级。').default(4),
     commandFilterMode: koishi_1.Schema.union(['blacklist', 'whitelist']).description('命令过滤模式：blacklist/whitelist').default('blacklist'),
-    commandList: koishi_1.Schema.array(String).description('命令过滤列表，配合过滤模式使用（为空则不限制）。').default([
-        '^(?:^|[;&|\\n])\\s*(?:\\.?\\.\\/[^;&|\\s]+\\.sh\\b|(?:sh|bash|zsh|ksh|dash)\\s+[^;&|\\s]+\\.sh\\b)',
-        '^(?:^|[;&|\\n])\\s*chmod\\s+\\+x\\b',
-        '^\\s*sudo\\s+rm\\s+-rf\\b',
-        '^\\s*rm\\s+-rf\\b',
-        '^\\s*rm\\s+-rf\\s+/',
-        '^\\s*rm\\s+-rf\\s+/\\*',
-        '^\\s*mkfs(\\.\\w+)?\\b',
-        '^\\s*dd\\b.*\\bof=\\/dev\\/(sd|nvme|mmcblk)',
-        '^\\s*wipefs\\b',
-        '^\\s*(parted|fdisk|cfdisk)\\b',
-        '^\\s*lvremove\\b|^\\s*vgremove\\b',
-        '^\\s*cryptsetup\\b.*(erase|format)',
-        '^\\s*shutdown\\b|^\\s*poweroff\\b|^\\s*reboot\\b',
-        '^\\s*chmod\\s+[-+]?(777|666)\\b',
-        '^\\s*echo\\s+.+\\s*>\\s*/etc/(passwd|shadow|sudoers)\\b',
-    ]),
+    commandList: koishi_1.Schema.array(String).description('命令过滤列表，配合过滤模式使用（为空则不限制）。').default([]),
 });
 exports.name = 'spawn';
 exports.inject = {
@@ -116,11 +101,101 @@ function isCommandBlocked(command, mode, list) {
     });
     return mode === 'blacklist' ? hit : !hit;
 }
+function stripQuotes(text) {
+    return text.replace(/^['"]|['"]$/g, '');
+}
+function tokenizeCommand(command) {
+    var tokens = [];
+    var current = '';
+    var quote = null;
+    for (var i = 0; i < command.length; i++) {
+        var char = command[i];
+        if ((char === '"' || char === "'") && (quote === null || quote === char)) {
+            quote = quote ? null : char;
+            continue;
+        }
+        if (!quote && /\s/.test(char)) {
+            if (current) {
+                tokens.push(current);
+                current = '';
+            }
+            continue;
+        }
+        current += char;
+    }
+    if (current)
+        tokens.push(current);
+    return tokens;
+}
+function isPathLike(token) {
+    var trimmed = token.trim();
+    if (!trimmed)
+        return false;
+    if (/^[|&><]+$/.test(trimmed))
+        return false;
+    if (/^-{1,2}[a-zA-Z0-9][\w-]*$/.test(trimmed))
+        return false;
+    if (/^\$[A-Za-z_][A-Za-z0-9_]*$/.test(trimmed))
+        return false;
+    var normalized = stripQuotes(trimmed);
+    return (/^[A-Za-z]:[\\/]/.test(normalized) ||
+        normalized.startsWith('/') ||
+        normalized.startsWith('~') ||
+        normalized.startsWith('..') ||
+        normalized.startsWith('./') ||
+        normalized.includes('/') ||
+        normalized.includes('\\'));
+}
+function resolveCandidatePath(candidate, currentDir) {
+    var _a;
+    var cleaned = stripQuotes(candidate.trim());
+    var homeDir = ((_a = os_1.default.homedir) === null || _a === void 0 ? void 0 : _a.call(os_1.default)) || '';
+    if (cleaned.startsWith('~')) {
+        var withoutTilde = cleaned.slice(1).replace(/^[/\\]/, '');
+        var homeResolved = homeDir ? path_1.default.join(homeDir, withoutTilde) : cleaned;
+        return path_1.default.resolve(homeResolved);
+    }
+    return path_1.default.resolve(currentDir, cleaned);
+}
+function extractPathCandidates(command) {
+    var tokens = tokenizeCommand(command);
+    var candidates = [];
+    for (var _i = 0, tokens_1 = tokens; _i < tokens_1.length; _i++) {
+        var token = tokens_1[_i];
+        var normalized = stripQuotes(token);
+        if (isPathLike(normalized)) {
+            candidates.push(normalized);
+            continue;
+        }
+        var eqIndex = normalized.indexOf('=');
+        if (eqIndex > 0) {
+            var value = normalized.slice(eqIndex + 1);
+            if (isPathLike(value)) {
+                candidates.push(value);
+            }
+        }
+    }
+    return candidates;
+}
 // 解析 cd 命令并验证路径
 function isWithinRoot(rootDir, targetPath) {
     var relative = path_1.default.relative(rootDir, targetPath);
     return relative === '' || (!relative.startsWith('..') && !path_1.default.isAbsolute(relative));
 }
+function validatePathAccess(command, currentDir, rootDir, restrictDirectory) {
+    if (!restrictDirectory)
+        return { valid: true };
+    var normalizedRoot = path_1.default.resolve(rootDir);
+    var candidates = extractPathCandidates(command);
+    for (var _i = 0, candidates_1 = candidates; _i < candidates_1.length; _i++) {
+        var candidate = candidates_1[_i];
+        var resolved = resolveCandidatePath(candidate, currentDir);
+        if (!isWithinRoot(normalizedRoot, resolved)) {
+            return { valid: false, error: 'restricted-path' };
+        }
+    }
+    return { valid: true };
+}
 function validateCdCommand(command, currentDir, rootDir, restrictDirectory) {
     if (!restrictDirectory)
         return { valid: true };
@@ -151,6 +226,33 @@ function validateCdCommand(command, currentDir, rootDir, restrictDirectory) {
     }
     return { valid: true };
 }
+function maskCurlOutput(command, output) {
+    if (!output)
+        return output;
+    if (!/\bcurl\b/i.test(command))
+        return output;
+    var ipv4Regex = /\b(?:(?:25[0-5]|2[0-4]\d|1?\d?\d)\.){3}(?:25[0-5]|2[0-4]\d|1?\d?\d)\b/g;
+    return output.replace(ipv4Regex, function (ip) { return (isPrivateIpv4(ip) ? ip : '*.*.*.*'); });
+}
+function isPrivateIpv4(ip) {
+    var octets = ip.split('.').map(Number);
+    if (octets.length !== 4)
+        return false;
+    if (octets.some(function (octet) { return Number.isNaN(octet) || octet < 0 || octet > 255; }))
+        return false;
+    var a = octets[0], b = octets[1];
+    if (a === 10)
+        return true;
+    if (a === 172 && b >= 16 && b <= 31)
+        return true;
+    if (a === 192 && b === 168)
+        return true;
+    if (a === 127)
+        return true;
+    if (a === 169 && b === 254)
+        return true;
+    return false;
+}
 // 渲染终端输出为图片
 function renderTerminalImage(ctx, workingDir, command, output) {
     return __awaiter(this, void 0, void 0, function () {
@@ -226,7 +328,7 @@ function apply(ctx, config) {
     ctx.i18n.define('zh-CN', require('./locales/zh-CN'));
     ctx.command('exec <command:text>', { authority: (_a = config.authority) !== null && _a !== void 0 ? _a : 4 })
         .action(function (_a, command_1) { return __awaiter(_this, [_a, command_1], void 0, function (_b, command) {
-        var filterList, filterMode, sessionId, rootDir, currentDir, cdValidation, timeout, state;
+        var filterList, filterMode, sessionId, rootDir, currentDir, cdValidation, pathValidation, timeout, state;
         var _this = this;
         var _c;
         var session = _b.session;
@@ -249,6 +351,10 @@ function apply(ctx, config) {
                     if (!cdValidation.valid) {
                         return [2 /*return*/, session.text('.restricted-directory')];
                     }
+                    pathValidation = validatePathAccess(command, currentDir, rootDir, config.restrictDirectory);
+                    if (!pathValidation.valid) {
+                        return [2 /*return*/, session.text('.restricted-path')];
+                    }
                     timeout = config.timeout;
                     state = { command: command, timeout: timeout, output: '' };
                     if (!!config.renderImage) return [3 /*break*/, 2];
@@ -279,7 +385,7 @@ function apply(ctx, config) {
                                         state.code = code;
                                         state.signal = signal;
                                         state.timeUsed = Date.now() - start;
-                                        state.output = state.output.trim();
+                                        state.output = maskCurlOutput(command, state.output.trim());
                                         // 更新当前目录（如果是 cd 命令且执行成功）
                                         if (cdValidation.newDir && code === 0) {
                                             sessionDirs.set(sessionId, cdValidation.newDir);

package/lib/locales/zh-CN.json

@@ -7,7 +7,8 @@
         "started": "[运行开始] {command}",
         "finished": "[运行完毕] {command}\n{output}",
         "blocked-command": "该命令已被禁止执行。",
-        "restricted-directory": "不允许切换到上级或其他目录。"
+        "restricted-directory": "不允许切换到上级或其他目录。",
+        "restricted-path": "不允许访问配置目录以外的文件或目录。"
       }
     }
   }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "koishi-plugin-spawn-modified",
-  "version": "1.2.4",
+  "version": "1.2.6",
   "description": "Run shell commands with Koishi",
   "keywords": [
     "bot",

package/src/index.ts

@@ -1,5 +1,6 @@
 import { exec } from 'child_process'
 import { Context, h, Schema, Time } from 'koishi'
+import os from 'os'
 import path from 'path'
 import { pathToFileURL } from 'url'
 import AnsiToHtml from 'ansi-to-html'
@@ -37,23 +38,7 @@ export const Config: Schema<Config> = Schema.object({
   restrictDirectory: Schema.boolean().description('是否限制在当前目录及子目录内执行命令（禁止 cd 到上级或其他目录）。').default(false),
   authority: Schema.number().description('exec 命令所需权限等级。').default(4),
   commandFilterMode: Schema.union(['blacklist', 'whitelist']).description('命令过滤模式：blacklist/whitelist').default('blacklist'),
-  commandList: Schema.array(String).description('命令过滤列表，配合过滤模式使用（为空则不限制）。').default([
-    '^(?:^|[;&|\\n])\\s*(?:\\.?\\.\\/[^;&|\\s]+\\.sh\\b|(?:sh|bash|zsh|ksh|dash)\\s+[^;&|\\s]+\\.sh\\b)',
-    '^(?:^|[;&|\\n])\\s*chmod\\s+\\+x\\b',
-    '^\\s*sudo\\s+rm\\s+-rf\\b',
-    '^\\s*rm\\s+-rf\\b',
-    '^\\s*rm\\s+-rf\\s+/',
-    '^\\s*rm\\s+-rf\\s+/\\*',
-    '^\\s*mkfs(\\.\\w+)?\\b',
-    '^\\s*dd\\b.*\\bof=\\/dev\\/(sd|nvme|mmcblk)',
-    '^\\s*wipefs\\b',
-    '^\\s*(parted|fdisk|cfdisk)\\b',
-    '^\\s*lvremove\\b|^\\s*vgremove\\b',
-    '^\\s*cryptsetup\\b.*(erase|format)',
-    '^\\s*shutdown\\b|^\\s*poweroff\\b|^\\s*reboot\\b',
-    '^\\s*chmod\\s+[-+]?(777|666)\\b',
-    '^\\s*echo\\s+.+\\s*>\\s*/etc/(passwd|shadow|sudoers)\\b',
-  ]),
+  commandList: Schema.array(String).description('命令过滤列表，配合过滤模式使用（为空则不限制）。').default([]),
 })
 
 export interface State {
@@ -99,12 +84,116 @@ function isCommandBlocked(command: string, mode: 'blacklist' | 'whitelist', list
   return mode === 'blacklist' ? hit : !hit
 }
 
+function stripQuotes(text: string): string {
+  return text.replace(/^['"]|['"]$/g, '')
+}
+
+function tokenizeCommand(command: string): string[] {
+  const tokens: string[] = []
+  let current = ''
+  let quote: string | null = null
+
+  for (let i = 0; i < command.length; i++) {
+    const char = command[i]
+
+    if ((char === '"' || char === "'") && (quote === null || quote === char)) {
+      quote = quote ? null : char
+      continue
+    }
+
+    if (!quote && /\s/.test(char)) {
+      if (current) {
+        tokens.push(current)
+        current = ''
+      }
+      continue
+    }
+
+    current += char
+  }
+
+  if (current) tokens.push(current)
+  return tokens
+}
+
+function isPathLike(token: string): boolean {
+  const trimmed = token.trim()
+  if (!trimmed) return false
+  if (/^[|&><]+$/.test(trimmed)) return false
+  if (/^-{1,2}[a-zA-Z0-9][\w-]*$/.test(trimmed)) return false
+  if (/^\$[A-Za-z_][A-Za-z0-9_]*$/.test(trimmed)) return false
+
+  const normalized = stripQuotes(trimmed)
+
+  return (
+    /^[A-Za-z]:[\\/]/.test(normalized) ||
+    normalized.startsWith('/') ||
+    normalized.startsWith('~') ||
+    normalized.startsWith('..') ||
+    normalized.startsWith('./') ||
+    normalized.includes('/') ||
+    normalized.includes('\\')
+  )
+}
+
+function resolveCandidatePath(candidate: string, currentDir: string): string {
+  const cleaned = stripQuotes(candidate.trim())
+  const homeDir = os.homedir?.() || ''
+
+  if (cleaned.startsWith('~')) {
+    const withoutTilde = cleaned.slice(1).replace(/^[/\\]/, '')
+    const homeResolved = homeDir ? path.join(homeDir, withoutTilde) : cleaned
+    return path.resolve(homeResolved)
+  }
+
+  return path.resolve(currentDir, cleaned)
+}
+
+function extractPathCandidates(command: string): string[] {
+  const tokens = tokenizeCommand(command)
+  const candidates: string[] = []
+
+  for (const token of tokens) {
+    const normalized = stripQuotes(token)
+    if (isPathLike(normalized)) {
+      candidates.push(normalized)
+      continue
+    }
+
+    const eqIndex = normalized.indexOf('=')
+    if (eqIndex > 0) {
+      const value = normalized.slice(eqIndex + 1)
+      if (isPathLike(value)) {
+        candidates.push(value)
+      }
+    }
+  }
+
+  return candidates
+}
+
 // 解析 cd 命令并验证路径
 function isWithinRoot(rootDir: string, targetPath: string): boolean {
   const relative = path.relative(rootDir, targetPath)
   return relative === '' || (!relative.startsWith('..') && !path.isAbsolute(relative))
 }
 
+function validatePathAccess(command: string, currentDir: string, rootDir: string, restrictDirectory: boolean): { valid: boolean; error?: string } {
+  if (!restrictDirectory) return { valid: true }
+
+  const normalizedRoot = path.resolve(rootDir)
+  const candidates = extractPathCandidates(command)
+
+  for (const candidate of candidates) {
+    const resolved = resolveCandidatePath(candidate, currentDir)
+    if (!isWithinRoot(normalizedRoot, resolved)) {
+      return { valid: false, error: 'restricted-path' }
+    }
+  }
+
+  return { valid: true }
+}
+
 function validateCdCommand(command: string, currentDir: string, rootDir: string, restrictDirectory: boolean): { valid: boolean; newDir?: string; error?: string } {
   if (!restrictDirectory) return { valid: true }
 
@@ -138,6 +227,30 @@ function validateCdCommand(command: string, currentDir: string, rootDir: string,
   return { valid: true }
 }
 
+function maskCurlOutput(command: string, output: string): string {
+  if (!output) return output
+  if (!/\bcurl\b/i.test(command)) return output
+
+  const ipv4Regex = /\b(?:(?:25[0-5]|2[0-4]\d|1?\d?\d)\.){3}(?:25[0-5]|2[0-4]\d|1?\d?\d)\b/g
+  return output.replace(ipv4Regex, (ip) => (isPrivateIpv4(ip) ? ip : '*.*.*.*'))
+}
+
+function isPrivateIpv4(ip: string): boolean {
+  const octets = ip.split('.').map(Number)
+  if (octets.length !== 4) return false
+  if (octets.some(octet => Number.isNaN(octet) || octet < 0 || octet > 255)) return false
+
+  const [a, b] = octets
+
+  if (a === 10) return true
+  if (a === 172 && b >= 16 && b <= 31) return true
+  if (a === 192 && b === 168) return true
+  if (a === 127) return true
+  if (a === 169 && b === 254) return true
+
+  return false
+}
+
 // 渲染终端输出为图片
 async function renderTerminalImage(ctx: Context, workingDir: string, command: string, output: string): Promise<h> {
   if (!ctx.puppeteer) {
@@ -342,6 +455,10 @@ export function apply(ctx: Context, config: Config) {
       if (!cdValidation.valid) {
         return session.text('.restricted-directory')
       }
+      const pathValidation = validatePathAccess(command, currentDir, rootDir, config.restrictDirectory)
+      if (!pathValidation.valid) {
+        return session.text('.restricted-path')
+      }
       const { timeout } = config
       const state: State = { command, timeout, output: '' }
       if (!config.renderImage) {
@@ -366,7 +483,7 @@ export function apply(ctx: Context, config: Config) {
           state.code = code
           state.signal = signal
           state.timeUsed = Date.now() - start
-          state.output = state.output.trim()
+          state.output = maskCurlOutput(command, state.output.trim())
           // 更新当前目录（如果是 cd 命令且执行成功）
           if (cdValidation.newDir && code === 0) {
             sessionDirs.set(sessionId, cdValidation.newDir)

package/src/locales/zh-CN.yml

@@ -9,3 +9,4 @@ commands:
         {output}
       blocked-command: 该命令已被禁止执行。
       restricted-directory: 不允许切换到上级或其他目录。
+      restricted-path: 不允许访问配置目录以外的文件或目录。