Merge remote-tracking branch 'upstream/v2' into feat/intent-node/config-output-reason

Author: wangliang181230

apps/common/utils/tool_code.py

@@ -71,6 +71,7 @@ def init_sandbox_dir():
             os.remove(sandbox_conf_file_path)
         banned_hosts = CONFIG.get("SANDBOX_PYTHON_BANNED_HOSTS", '').strip()
         allow_dl_paths = CONFIG.get("SANDBOX_PYTHON_ALLOW_DL_PATHS",'').strip()
+        allow_dl_open = CONFIG.get("SANDBOX_PYTHON_ALLOW_DL_OPEN",'0')
         allow_subprocess = CONFIG.get("SANDBOX_PYTHON_ALLOW_SUBPROCESS", '0')
         allow_syscall = CONFIG.get("SANDBOX_PYTHON_ALLOW_SYSCALL", '0')
         if banned_hosts:
@@ -81,6 +82,7 @@ def init_sandbox_dir():
         with open(sandbox_conf_file_path, "w") as f:
             f.write(f"SANDBOX_PYTHON_BANNED_HOSTS={banned_hosts}\n")
             f.write(f"SANDBOX_PYTHON_ALLOW_DL_PATHS={','.join(sorted(set(filter(None, sys.path + _sandbox_python_sys_path + allow_dl_paths.split(',')))))}\n")
+            f.write(f"SANDBOX_PYTHON_ALLOW_DL_OPEN={allow_dl_open}\n")
             f.write(f"SANDBOX_PYTHON_ALLOW_SUBPROCESS={allow_subprocess}\n")
             f.write(f"SANDBOX_PYTHON_ALLOW_SYSCALL={allow_syscall}\n")
         os.system(f"chmod -R 550 {_sandbox_path}")

installer/sandbox.c

@@ -22,15 +22,18 @@
 #include <pty.h>
 #include <stdint.h>
 #include <stdbool.h>
+#include <execinfo.h>
 
 #define CONFIG_FILE ".sandbox.conf"
 #define KEY_BANNED_HOSTS "SANDBOX_PYTHON_BANNED_HOSTS"
 #define KEY_ALLOW_DL_PATHS "SANDBOX_PYTHON_ALLOW_DL_PATHS"
+#define KEY_ALLOW_DL_OPEN "SANDBOX_PYTHON_ALLOW_DL_OPEN"
 #define KEY_ALLOW_SUBPROCESS "SANDBOX_PYTHON_ALLOW_SUBPROCESS"
 #define KEY_ALLOW_SYSCALL "SANDBOX_PYTHON_ALLOW_SYSCALL"
 
 static char *banned_hosts = NULL;
 static char *allow_dl_paths = NULL;
+static int allow_dl_open = 0;
 static int allow_subprocess = 0; // 默认禁止
 static int allow_syscall = 0;
 
@@ -39,6 +42,7 @@ static void load_sandbox_config() {
     if (dladdr((void *)load_sandbox_config, &info) == 0 || !info.dli_fname) {
         banned_hosts = strdup("");
         allow_dl_paths = strdup("");
+        allow_dl_open = 0;
         allow_subprocess = 0;
         allow_syscall = 0;
         return;
@@ -53,6 +57,7 @@ static void load_sandbox_config() {
     if (!fp) {
         banned_hosts = strdup("");
         allow_dl_paths = strdup("");
+        allow_dl_open = 0;
         allow_subprocess = 0;
         allow_syscall = 0;
         return;
@@ -62,6 +67,7 @@ static void load_sandbox_config() {
     if (allow_dl_paths) { free(allow_dl_paths); allow_dl_paths = NULL; }
     banned_hosts = strdup("");
     allow_dl_paths = strdup("");
+    allow_dl_open = 0;
     allow_subprocess = 0;
     allow_syscall = 0;
     while (fgets(line, sizeof(line), fp)) {
@@ -80,6 +86,8 @@ static void load_sandbox_config() {
         } else if (strcmp(key, KEY_ALLOW_DL_PATHS) == 0) {
             free(allow_dl_paths);
             allow_dl_paths = strdup(value);  // 逗号分隔字符串
+        } else if (strcmp(key, KEY_ALLOW_DL_OPEN) == 0) {
+            allow_dl_open = atoi(value);
         } else if (strcmp(key, KEY_ALLOW_SUBPROCESS) == 0) {
             allow_subprocess = atoi(value);
         } else if (strcmp(key, KEY_ALLOW_SYSCALL) == 0) {
@@ -519,6 +527,7 @@ long syscall(long number, ...) {
 #endif
         case SYS_fchmodat:
         case SYS_mprotect:
+        case SYS_pkey_mprotect:
 #ifdef SYS_open
         case SYS_open:
 #endif
@@ -543,7 +552,24 @@ long syscall(long number, ...) {
 /**
  * 限制加载动态链接库
  */
-static int is_in_allow_dl_paths(const char *filename) {
+static int called_from_python_import() {
+    if (allow_dl_open) return 1;
+    void *buf[32];
+    int n = backtrace(buf, 32);
+    for (int i = 0; i < n; i++) {
+        Dl_info info;
+        if (dladdr(buf[i], &info) && info.dli_sname) {
+            if (strstr(info.dli_sname, "PyImport") ||
+                strstr(info.dli_sname, "_PyImport")) {
+                return 1;
+            }
+        }
+    }
+    throw_permission_denied_err(true, "open dynamic link library");
+    return 0;
+}
+static int is_allow_dl(const char *filename) {
+    if (!called_from_python_import()) return 0;
     if (!filename || !*filename) return 1;
     ensure_config_loaded();
     if (!allow_dl_paths || !*allow_dl_paths) return 0;
@@ -570,7 +596,7 @@ static int is_in_allow_dl_paths(const char *filename) {
 }
 void *dlopen(const char *filename, int flag) {
     RESOLVE_REAL(dlopen);
-    if (is_sandbox_user() && !is_in_allow_dl_paths(filename)) {
+    if (is_sandbox_user() && !is_allow_dl(filename)) {
         throw_permission_denied_err(true, "access file %s", filename);
     }
     return real_dlopen(filename, flag);
@@ -580,7 +606,7 @@ void *__dlopen(const char *filename, int flag) {
 }
 void *dlmopen(Lmid_t lmid, const char *filename, int flags) {
     RESOLVE_REAL(dlmopen);
-    if (is_sandbox_user() && !is_in_allow_dl_paths(filename)) {
+    if (is_sandbox_user() && !is_allow_dl(filename)) {
         throw_permission_denied_err(true, "access file %s", filename);
     }
     return real_dlmopen(lmid, filename, flags);
@@ -602,7 +628,7 @@ void* mmap(void *addr, size_t len, int prot, int flags, int fd, off_t off) {
             throw_permission_denied_err(true, "mmap(readlink failed)");
         }
         real_path[n] = '\0';
-        if (!is_in_allow_dl_paths(real_path)) {
+        if (!is_allow_dl(real_path)) {
             throw_permission_denied_err(true, "mmap %s", real_path);
         }
     }

ui/src/components/ai-chat/index.vue

@@ -208,6 +208,14 @@ provide('getSelectModelList', (params: any) => {
     return loadSharedApi({ type: 'model', systemType: 'workspace' }).getSelectModelList(params)
   }
 })
+provide('chatUserProfile', () => {
+  if (props.type === 'ai-chat') {
+    if (chatUser.chat_profile?.authentication_type === 'login') {
+      return chatUser.getChatUserProfile()
+    }
+  }
+  return Promise.resolve(null)
+})
 
 const transcribing = ref<boolean>(false)
 defineOptions({ name: 'AiChat' })
@@ -798,16 +806,6 @@ const handleScroll = () => {
     }
   }
 }
-onBeforeMount(() => {
-  window.chatUserProfile = () => {
-    if (props.type === 'ai-chat') {
-      if (chatUser.chat_profile?.authentication_type === 'login') {
-        return chatUser.getChatUserProfile()
-      }
-    }
-    return Promise.resolve(null)
-  }
-})
 
 function parseTransform(transformStr: string) {
   const result = { scale: 1, translateX: 0, translateY: 0, translateZ: 0 }

ui/src/components/markdown/HtmlRander.vue

@@ -9,8 +9,8 @@
 </template>
 
 <script setup lang="ts">
-import { computed, ref, onMounted, onBeforeUnmount } from 'vue'
-
+import { computed, ref, onMounted, onBeforeUnmount, inject } from 'vue'
+const chatUserProfile = inject('chatUserProfile') as any
 const htmlRef = ref<HTMLIFrameElement>()
 const props = withDefaults(
   defineProps<{
@@ -37,6 +37,40 @@ function createIframeHtml(sourceHtml: string) {
 * { margin: 0; padding: 0; box-sizing: border-box; }
 html, body { margin: 0 !important; padding: 0 !important; overflow: hidden; }
 </style>
+<script>
+const _INSTANCE_ID = '${instanceId}';
+window.chatUserProfile=function chatUserProfile() {
+  return new Promise((resolve, reject) => {
+    const requestId = Date.now() + '_' + Math.random()
+
+    function handler(e) {
+      const data = e.data
+
+      if (
+        data?.type === 'chatUserProfile:response' &&
+        data.requestId === requestId
+      ) {
+        window.removeEventListener('message', handler)
+        resolve(data.data)
+      }
+    }
+    window.addEventListener('message', handler)
+    parent.postMessage(
+      {
+        type: 'chatUserProfile',
+        requestId,
+        instanceId: _INSTANCE_ID
+      },
+      '*'
+    )
+
+    setTimeout(() => {
+      window.removeEventListener('message', handler)
+      reject(new Error('timeout'))
+    }, 10000)
+  })
+}
+<\/script>
 </head>
 <body>
 ${sourceHtml}
@@ -46,7 +80,6 @@ const INSTANCE_ID = '${instanceId}';
 function sendMessage(message) {
   parent.postMessage({ type: 'chatMessage', instanceId: INSTANCE_ID, message }, '*');
 }
-
 let lastSentHeight = 0;
 let timer = null;
 
@@ -88,6 +121,20 @@ function onMessage(e: MessageEvent) {
   if (e.data.type === 'chatMessage') {
     props.sendMessage?.(e.data.message, 'new')
   }
+  if (e.data?.type === 'chatUserProfile') {
+    const iframe = htmlRef.value
+    if (!iframe) return
+    chatUserProfile().then((ok: any) => {
+      iframe.contentWindow?.postMessage(
+        {
+          type: 'chatUserProfile:response',
+          requestId: e.data.requestId,
+          data: ok,
+        },
+        '*',
+      )
+    })
+  }
 }
 
 onMounted(() => {