npm - koishi-plugin-spawn-modified - Versions diffs - 1.2.5 → 1.2.7 - Mend

koishi-plugin-spawn-modified 1.2.5 → 1.2.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/lib/index.d.ts CHANGED Viewed

@@ -13,6 +13,7 @@ export interface Config {
     encoding?: typeof encodings[number];
     timeout?: number;
     renderImage?: boolean;
+    exemptUsers?: string[];
     blockedCommands?: string[];
     restrictDirectory?: boolean;
     authority?: number;

package/lib/index.js CHANGED Viewed

@@ -63,6 +63,7 @@ exports.Config = koishi_1.Schema.object({
     encoding: koishi_1.Schema.union(encodings).description('输出内容编码。').default('utf8'),
     timeout: koishi_1.Schema.number().description('最长运行时间。').default(koishi_1.Time.minute),
     renderImage: koishi_1.Schema.boolean().description('是否将命令执行结果渲染为图片（需要安装 puppeteer 插件）。').default(false),
+    exemptUsers: koishi_1.Schema.array(String).description('例外用户列表，格式为 "群组ID:用户ID"。私聊时群组ID为0。匹配的用户将无视一切过滤器。').default([]),
     blockedCommands: koishi_1.Schema.array(String).description('违禁命令列表（命令的开头部分）。').default([]),
     restrictDirectory: koishi_1.Schema.boolean().description('是否限制在当前目录及子目录内执行命令（禁止 cd 到上级或其他目录）。').default(false),
     authority: koishi_1.Schema.number().description('exec 命令所需权限等级。').default(4),
@@ -226,6 +227,33 @@ function validateCdCommand(command, currentDir, rootDir, restrictDirectory) {
     }
     return { valid: true };
 }
+function maskCurlOutput(command, output) {
+    if (!output)
+        return output;
+    if (!/\bcurl\b/i.test(command))
+        return output;
+    var ipv4Regex = /\b(?:(?:25[0-5]|2[0-4]\d|1?\d?\d)\.){3}(?:25[0-5]|2[0-4]\d|1?\d?\d)\b/g;
+    return output.replace(ipv4Regex, function (ip) { return (isPrivateIpv4(ip) ? ip : '*.*.*.*'); });
+}
+function isPrivateIpv4(ip) {
+    var octets = ip.split('.').map(Number);
+    if (octets.length !== 4)
+        return false;
+    if (octets.some(function (octet) { return Number.isNaN(octet) || octet < 0 || octet > 255; }))
+        return false;
+    var a = octets[0], b = octets[1];
+    if (a === 10)
+        return true;
+    if (a === 172 && b >= 16 && b <= 31)
+        return true;
+    if (a === 192 && b === 168)
+        return true;
+    if (a === 127)
+        return true;
+    if (a === 169 && b === 254)
+        return true;
+    return false;
+}
 // 渲染终端输出为图片
 function renderTerminalImage(ctx, workingDir, command, output) {
     return __awaiter(this, void 0, void 0, function () {
@@ -301,30 +329,34 @@ function apply(ctx, config) {
     ctx.i18n.define('zh-CN', require('./locales/zh-CN'));
     ctx.command('exec <command:text>', { authority: (_a = config.authority) !== null && _a !== void 0 ? _a : 4 })
         .action(function (_a, command_1) { return __awaiter(_this, [_a, command_1], void 0, function (_b, command) {
-        var filterList, filterMode, sessionId, rootDir, currentDir, cdValidation, pathValidation, timeout, state;
+        var guildId, userId, userKey, isExempt, filterList, filterMode, sessionId, rootDir, currentDir, cdValidation, pathValidation, timeout, state;
         var _this = this;
-        var _c;
+        var _c, _d, _e;
         var session = _b.session;
-        return __generator(this, function (_d) {
-            switch (_d.label) {
+        return __generator(this, function (_f) {
+            switch (_f.label) {
                 case 0:
                     if (!command) {
                         return [2 /*return*/, session.text('.expect-text')];
                     }
                     command = (0, koishi_1.h)('', koishi_1.h.parse(command)).toString(true);
-                    filterList = (((_c = config.commandList) === null || _c === void 0 ? void 0 : _c.length) ? config.commandList : config.blockedCommands) || [];
+                    guildId = session.guildId || '0';
+                    userId = session.userId || '';
+                    userKey = "".concat(guildId, ":").concat(userId);
+                    isExempt = (_d = (_c = config.exemptUsers) === null || _c === void 0 ? void 0 : _c.some(function (entry) { return entry === userKey; })) !== null && _d !== void 0 ? _d : false;
+                    filterList = (((_e = config.commandList) === null || _e === void 0 ? void 0 : _e.length) ? config.commandList : config.blockedCommands) || [];
                     filterMode = config.commandFilterMode || 'blacklist';
-                    if (isCommandBlocked(command, filterMode, filterList)) {
+                    if (!isExempt && isCommandBlocked(command, filterMode, filterList)) {
                         return [2 /*return*/, session.text('.blocked-command')];
                     }
                     sessionId = session.uid || session.channelId;
                     rootDir = path_1.default.resolve(ctx.baseDir, config.root);
                     currentDir = sessionDirs.get(sessionId) || rootDir;
-                    cdValidation = validateCdCommand(command, currentDir, rootDir, config.restrictDirectory);
+                    cdValidation = validateCdCommand(command, currentDir, rootDir, !isExempt && config.restrictDirectory);
                     if (!cdValidation.valid) {
                         return [2 /*return*/, session.text('.restricted-directory')];
                     }
-                    pathValidation = validatePathAccess(command, currentDir, rootDir, config.restrictDirectory);
+                    pathValidation = validatePathAccess(command, currentDir, rootDir, !isExempt && config.restrictDirectory);
                     if (!pathValidation.valid) {
                         return [2 /*return*/, session.text('.restricted-path')];
                     }
@@ -333,8 +365,8 @@ function apply(ctx, config) {
                     if (!!config.renderImage) return [3 /*break*/, 2];
                     return [4 /*yield*/, session.send(session.text('.started', state))];
                 case 1:
-                    _d.sent();
-                    _d.label = 2;
+                    _f.sent();
+                    _f.label = 2;
                 case 2: return [2 /*return*/, new Promise(function (resolve) {
                         var start = Date.now();
                         var child = (0, child_process_1.exec)(command, {
@@ -358,7 +390,7 @@ function apply(ctx, config) {
                                         state.code = code;
                                         state.signal = signal;
                                         state.timeUsed = Date.now() - start;
-                                        state.output = state.output.trim();
+                                        state.output = maskCurlOutput(command, state.output.trim());
                                         // 更新当前目录（如果是 cd 命令且执行成功）
                                         if (cdValidation.newDir && code === 0) {
                                             sessionDirs.set(sessionId, cdValidation.newDir);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "koishi-plugin-spawn-modified",
-  "version": "1.2.5",
+  "version": "1.2.7",
   "description": "Run shell commands with Koishi",
   "keywords": [
     "bot",

package/src/index.ts CHANGED Viewed

@@ -21,6 +21,7 @@ export interface Config {
   encoding?: typeof encodings[number]
   timeout?: number
   renderImage?: boolean
+  exemptUsers?: string[]
   blockedCommands?: string[]
   restrictDirectory?: boolean
   authority?: number
@@ -34,6 +35,7 @@ export const Config: Schema<Config> = Schema.object({
   encoding: Schema.union(encodings).description('输出内容编码。').default('utf8'),
   timeout: Schema.number().description('最长运行时间。').default(Time.minute),
   renderImage: Schema.boolean().description('是否将命令执行结果渲染为图片（需要安装 puppeteer 插件）。').default(false),
+  exemptUsers: Schema.array(String).description('例外用户列表，格式为 "群组ID:用户ID"。私聊时群组ID为0。匹配的用户将无视一切过滤器。').default([]),
   blockedCommands: Schema.array(String).description('违禁命令列表（命令的开头部分）。').default([]),
   restrictDirectory: Schema.boolean().description('是否限制在当前目录及子目录内执行命令（禁止 cd 到上级或其他目录）。').default(false),
   authority: Schema.number().description('exec 命令所需权限等级。').default(4),
@@ -227,6 +229,30 @@ function validateCdCommand(command: string, currentDir: string, rootDir: string,
   return { valid: true }
 }
+function maskCurlOutput(command: string, output: string): string {
+  if (!output) return output
+  if (!/\bcurl\b/i.test(command)) return output
+  const ipv4Regex = /\b(?:(?:25[0-5]|2[0-4]\d|1?\d?\d)\.){3}(?:25[0-5]|2[0-4]\d|1?\d?\d)\b/g
+  return output.replace(ipv4Regex, (ip) => (isPrivateIpv4(ip) ? ip : '*.*.*.*'))
+}
+function isPrivateIpv4(ip: string): boolean {
+  const octets = ip.split('.').map(Number)
+  if (octets.length !== 4) return false
+  if (octets.some(octet => Number.isNaN(octet) || octet < 0 || octet > 255)) return false
+  const [a, b] = octets
+  if (a === 10) return true
+  if (a === 172 && b >= 16 && b <= 31) return true
+  if (a === 192 && b === 168) return true
+  if (a === 127) return true
+  if (a === 169 && b === 254) return true
+  return false
+}
 // 渲染终端输出为图片
 async function renderTerminalImage(ctx: Context, workingDir: string, command: string, output: string): Promise<h> {
   if (!ctx.puppeteer) {
@@ -417,21 +443,28 @@ export function apply(ctx: Context, config: Config) {
       }
       command = h('', h.parse(command)).toString(true)
+      // 检查是否为例外用户（无视一切过滤器）
+      const guildId = session.guildId || '0'
+      const userId = session.userId || ''
+      const userKey = `${guildId}:${userId}`
+      const isExempt = config.exemptUsers?.some(entry => entry === userKey) ?? false
       // 检查命令过滤（黑/白名单）；仅使用配置提供的正则
       const filterList = (config.commandList?.length ? config.commandList : config.blockedCommands) || []
       const filterMode = config.commandFilterMode || 'blacklist'
-      if (isCommandBlocked(command, filterMode, filterList)) {
+      if (!isExempt && isCommandBlocked(command, filterMode, filterList)) {
         return session.text('.blocked-command')
       }
       const sessionId = session.uid || session.channelId
       const rootDir = path.resolve(ctx.baseDir, config.root)
       const currentDir = sessionDirs.get(sessionId) || rootDir
       // 验证 cd 命令
-      const cdValidation = validateCdCommand(command, currentDir, rootDir, config.restrictDirectory)
+      const cdValidation = validateCdCommand(command, currentDir, rootDir, !isExempt && config.restrictDirectory)
       if (!cdValidation.valid) {
         return session.text('.restricted-directory')
       }
-      const pathValidation = validatePathAccess(command, currentDir, rootDir, config.restrictDirectory)
+      const pathValidation = validatePathAccess(command, currentDir, rootDir, !isExempt && config.restrictDirectory)
       if (!pathValidation.valid) {
         return session.text('.restricted-path')
       }
@@ -459,7 +492,7 @@ export function apply(ctx: Context, config: Config) {
           state.code = code
           state.signal = signal
           state.timeUsed = Date.now() - start
-          state.output = state.output.trim()
+          state.output = maskCurlOutput(command, state.output.trim())
           // 更新当前目录（如果是 cd 命令且执行成功）
           if (cdValidation.newDir && code === 0) {
             sessionDirs.set(sessionId, cdValidation.newDir)