feat: v1.11.0

2026-05-19 17:35:20 +08:00 · 2026-05-13 20:01:05 +08:00
parent f23b243fc5
commit 847f5c7c90
80 changed files with 2507 additions and 1961 deletions
--- a/server/internal/ai/tools/machinetool/command_exec_test.go
+++ b/server/internal/ai/tools/machinetool/command_exec_test.go
@@ -4,202 +4,127 @@ import (
 	"testing"
 )

-func TestIsDangerousCommand(t *testing.T) {
+func TestIsWhitelistCommand(t *testing.T) {
 	tests := []struct {
 		name     string
 		command  string
-		expected bool
+		expected bool // true表示在白名单中，可以自动执行
 	}{
-		// 危险命令测试
-		{
-			name:     "rm -rf 根目录",
-			command:  "rm -rf /",
-			expected: true,
-		},
-		{
-			name:     "rm -fr 目录",
-			command:  "rm -fr /tmp/test",
-			expected: true,
-		},
-		{
-			name:     "rm -Rf 目录",
-			command:  "rm -Rf /tmp/test",
-			expected: true,
-		},
-		{
-			name:     "组合命令中的rm -rf",
-			command:  "ls -la && rm -rf /tmp/test",
-			expected: true,
-		},
-		{
-			name:     "管道符后的危险命令",
-			command:  "echo test | rm -rf /",
-			expected: true,
-		},
-		{
-			name:     "分号分隔的危险命令",
-			command:  "cd /tmp; rm -rf *",
-			expected: true,
-		},
-		{
-			name:     "mkfs格式化命令",
-			command:  "mkfs.ext4 /dev/sdb1",
-			expected: true,
-		},
-		{
-			name:     "mkfs命令",
-			command:  "mkfs -t ext4 /dev/sdb1",
-			expected: true,
-		},
-		{
-			name:     "dd磁盘写入",
-			command:  "dd if=/dev/zero of=/dev/sda",
-			expected: true,
-		},
-		{
-			name:     "dd of参数",
-			command:  "dd of=/dev/sda bs=1M",
-			expected: true,
-		},
-		{
-			name:     "shutdown关机",
-			command:  "shutdown -h now",
-			expected: true,
-		},
-		{
-			name:     "reboot重启",
-			command:  "reboot",
-			expected: true,
-		},
-		{
-			name:     "halt停机",
-			command:  "halt",
-			expected: true,
-		},
-		{
-			name:     "poweroff关机",
-			command:  "poweroff",
-			expected: true,
-		},
-		{
-			name:     "chmod 777 根目录",
-			command:  "chmod 777 /",
-			expected: true,
-		},
-		{
-			name:     "chmod 0777 根目录",
-			command:  "chmod 0777 /",
-			expected: true,
-		},
-		{
-			name:     "写入磁盘设备",
-			command:  "echo test > /dev/sda",
-			expected: true,
-		},
-		{
-			name:     "追加重定向到磁盘",
-			command:  "echo test >> /dev/sdb1",
-			expected: true,
-		},
-		{
-			name:     "重定向到nvme设备",
-			command:  "cat file > /dev/nvme0n1",
-			expected: true,
-		},
-		{
-			name:     "fdisk分区操作",
-			command:  "fdisk /dev/sda",
-			expected: true,
-		},
-
-		// 安全命令测试（不应被拦截）
-		{
-			name:     "普通rm删除单个文件",
-			command:  "rm /tmp/test.txt",
-			expected: false,
-		},
-		{
-			name:     "rm -i交互式删除",
-			command:  "rm -i /tmp/test.txt",
-			expected: false,
-		},
-		{
-			name:     "rm -r不带f参数",
-			command:  "rm -r /tmp/test",
-			expected: false,
-		},
+		// 白名单命令测试（不应被拦截）
 		{
 			name:     "ls命令",
 			command:  "ls -la",
-			expected: false,
+			expected: true,
 		},
 		{
-			name:     "包含firmware文本",
-			command:  "echo 'firmware update'",
-			expected: false,
+			name:     "free命令",
+			command:  "free -m",
+			expected: true,
 		},
 		{
-			name:     "grep查找rm相关日志",
-			command:  "grep 'rm process' /var/log/syslog",
-			expected: false,
+			name:     "df命令",
+			command:  "df -h",
+			expected: true,
 		},
 		{
-			name:     "chmod设置合理权限",
-			command:  "chmod 755 /usr/local/bin/app",
-			expected: false,
+			name:     "cat查看文件",
+			command:  "cat /etc/passwd",
+			expected: true,
 		},
 		{
-			name:     "chmod 777非根目录",
-			command:  "chmod 777 /tmp/test",
-			expected: false,
+			name:     "ps查看进程",
+			command:  "ps aux",
+			expected: true,
 		},
 		{
 			name:     "组合安全命令",
 			command:  "ls -la && cat file.txt | grep test",
-			expected: false,
+			expected: true,
 		},
 		{
 			name:     "查看系统状态",
 			command:  "ps aux | grep nginx",
-			expected: false,
+			expected: true,
 		},
 		{
 			name:     "查看磁盘使用",
 			command:  "df -h && du -sh /var/log",
-			expected: false,
-		},
-		{
-			name:     "重定向到普通文件",
-			command:  "echo test > /tmp/output.txt",
-			expected: false,
-		},
-		{
-			name:     "dd不带if参数",
-			command:  "dd status=progress",
-			expected: false,
+			expected: true,
 		},
 		{
 			name:     "带引号的命令",
-			command:  "echo \"rm -rf / is dangerous\"",
-			expected: false,
+			command:  "echo \"hello world\"",
+			expected: true,
 		},
 		{
 			name:     "复杂管道命令",
 			command:  "cat /var/log/syslog | grep error | wc -l",
+			expected: true,
+		},
+		{
+			name:     "uname系统信息",
+			command:  "uname -a",
+			expected: true,
+		},
+		{
+			name:     "ping网络测试",
+			command:  "ping -c 4 google.com",
+			expected: true,
+		},
+
+		// 非白名单命令测试（需要审批）
+		{
+			name:     "rm删除命令",
+			command:  "rm /tmp/test.txt",
 			expected: false,
 		},
 		{
-			name:     "带转义字符的命令",
-			command:  "echo \"hello world\"",
+			name:     "rm -rf强制删除",
+			command:  "rm -rf /tmp/test",
 			expected: false,
 		},
+		{
+			name:     "shutdown关机",
+			command:  "shutdown -h now",
+			expected: false,
+		},
+		{
+			name:     "reboot重启",
+			command:  "reboot",
+			expected: false,
+		},
+		{
+			name:     "dd磁盘写入",
+			command:  "dd if=/dev/zero of=/dev/sda",
+			expected: false,
+		},
+		{
+			name:     "mkfs格式化",
+			command:  "mkfs.ext4 /dev/sda1",
+			expected: false,
+		},
+		{
+			name:     "fdisk分区",
+			command:  "fdisk /dev/sda",
+			expected: false,
+		},
+		{
+			name:     "chmod修改权限",
+			command:  "chmod 755 /usr/local/bin/app",
+			expected: false,
+		},
+		{
+			name:     "echo重定向",
+			command:  "echo test > /tmp/output.txt",
+			expected: true, // echo在白名单中，重定向到普通文件是允许的
+		},
 	}

 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			result := isDangerousCommand(tt.command)
+			result := isWhitelistCommand(tt.command)
 			if result != tt.expected {
-				t.Errorf("isDangerousCommand(%q) = %v, expected %v", tt.command, result, tt.expected)
+				t.Errorf("isWhitelistCommand(%q) = %v, expected %v", tt.command, result, tt.expected)
 			}
 		})
 	}