codepy安全性升级
This commit is contained in:
@@ -22,20 +22,31 @@ __plugin_meta__ = {
|
|||||||
"usage": "/code_py - 进入交互模式,等待输入代码块\n/code_py [单行代码] - 快速执行单行代码",
|
"usage": "/code_py - 进入交互模式,等待输入代码块\n/code_py [单行代码] - 快速执行单行代码",
|
||||||
}
|
}
|
||||||
|
|
||||||
# --- 安全配置:危险模块黑名单 ---
|
# --- 安全配置:危险模块和内置函数黑名单 ---
|
||||||
DANGEROUS_MODULES = [
|
DANGEROUS_MODULES = [
|
||||||
"os", "sys", "subprocess", "shutil", "socket", "requests", "urllib",
|
"os", "sys", "subprocess", "shutil", "socket", "requests", "urllib",
|
||||||
"http", "ftplib", "telnetlib", "ctypes", "_thread", "multiprocessing",
|
"http", "ftplib", "telnetlib", "ctypes", "_thread", "multiprocessing",
|
||||||
"asyncio",
|
"asyncio",
|
||||||
]
|
]
|
||||||
|
DANGEROUS_BUILTINS = [
|
||||||
|
"__import__", "open", "exec", "eval", "compile", "input", "breakpoint"
|
||||||
|
]
|
||||||
|
|
||||||
# 编译后的正则表达式,用于分割语句
|
# 编译后的正则表达式,用于分割语句
|
||||||
STATEMENT_SPLIT_PATTERN = re.compile(r'[;\n]')
|
STATEMENT_SPLIT_PATTERN = re.compile(r'[;\n]')
|
||||||
|
# 编译后的正则表达式,用于查找危险的内置函数调用
|
||||||
|
BUILTIN_CALL_PATTERN = re.compile(r'\b(' + '|'.join(DANGEROUS_BUILTINS) + r')\s*\(')
|
||||||
|
|
||||||
def is_code_safe(code: str) -> Tuple[bool, str]:
|
def is_code_safe(code: str) -> Tuple[bool, str]:
|
||||||
"""
|
"""
|
||||||
检查代码中是否包含危险的模块导入。
|
检查代码中是否包含危险的模块导入或内置函数调用。
|
||||||
"""
|
"""
|
||||||
|
# 1. 检查危险的内置函数
|
||||||
|
found_builtins = BUILTIN_CALL_PATTERN.search(code)
|
||||||
|
if found_builtins:
|
||||||
|
return False, f"检测到不允许的内置函数调用:'{found_builtins.group(1)}'"
|
||||||
|
|
||||||
|
# 2. 检查危险的模块导入
|
||||||
statements = STATEMENT_SPLIT_PATTERN.split(code)
|
statements = STATEMENT_SPLIT_PATTERN.split(code)
|
||||||
for statement in statements:
|
for statement in statements:
|
||||||
statement = statement.strip()
|
statement = statement.strip()
|
||||||
|
|||||||
Reference in New Issue
Block a user