codepy安全性升级

2026-01-04 22:37:42 +08:00
parent bbdeecb89b
commit 80ae3f4b8f
1 changed files with 13 additions and 2 deletions
--- a/plugins/code_py.py
+++ b/plugins/code_py.py
@@ -22,20 +22,31 @@ __plugin_meta__ = {
    "usage": "/code_py - 进入交互模式，等待输入代码块\n/code_py [单行代码] - 快速执行单行代码",
 }

-# --- 安全配置：危险模块黑名单 ---
+# --- 安全配置：危险模块和内置函数黑名单 ---
 DANGEROUS_MODULES = [
    "os", "sys", "subprocess", "shutil", "socket", "requests", "urllib",
    "http", "ftplib", "telnetlib", "ctypes", "_thread", "multiprocessing",
    "asyncio",
 ]
+DANGEROUS_BUILTINS = [
+    "__import__", "open", "exec", "eval", "compile", "input", "breakpoint"
+]

 # 编译后的正则表达式，用于分割语句
 STATEMENT_SPLIT_PATTERN = re.compile(r'[;\n]')
+# 编译后的正则表达式，用于查找危险的内置函数调用
+BUILTIN_CALL_PATTERN = re.compile(r'\b(' + '|'.join(DANGEROUS_BUILTINS) + r')\s*\(')

 def is_code_safe(code: str) -> Tuple[bool, str]:
    """
-    检查代码中是否包含危险的模块导入。
+    检查代码中是否包含危险的模块导入或内置函数调用。
    """
+    # 1. 检查危险的内置函数
+    found_builtins = BUILTIN_CALL_PATTERN.search(code)
+    if found_builtins:
+        return False, f"检测到不允许的内置函数调用：'{found_builtins.group(1)}'"
+
+    # 2. 检查危险的模块导入
    statements = STATEMENT_SPLIT_PATTERN.split(code)
    for statement in statements:
        statement = statement.strip()