fix(feishu): use structured mention metadata to detect @所有人 (CWE-807)

The respondToAtAll check in handleFeishuMessage was using a raw substring match on event.message.content to detect @所有人 (@_all): if (!ctx.mentionedBot && (event.message.content ?? "").includes("@_all")) This allows spoofing: any user who types the literal text "@_all" in a normal message (in a code block, quote, or plain text) will have their message treated as a real @所有人 broadcast when respondToAtAll is enabled, bypassing the requireMention gate (CWE-807 — decision via unverified data). Fix: - Extract a new exported helper hasAtAllMention() in bot-content.ts that checks the structured event.message.mentions array for an entry with key === "@_all" or id.user_id/open_id === "all". Feishu only inserts a mention entry with key "@_all" when the sender actually used the @所有人 mention button — unlike raw message content which is user-controlled. - Update handleFeishuMessage to call hasAtAllMention(event) instead of the raw content substring check. - Add 4 focused unit tests for hasAtAllMention() covering: key match, user_id match, empty mentions (raw text cannot spoof), and non-@all regular user mentions. Total tests: 21/21 (17 existing + 4 new)
2026-03-19 18:29:06 +09:00 · 2026-03-19 18:29:06 +09:00 · 10551a0937
commit 10551a0937
parent 433041c44e
3 changed files with 63 additions and 1 deletions
--- a/extensions/feishu/src/bot-content.ts
+++ b/extensions/feishu/src/bot-content.ts
@ -263,6 +263,22 @@ export function checkBotMentioned(event: FeishuMessageLike, botOpenId?: string):
  return false;
 }

+/**
+ * Returns true when the Feishu message contains a real @所有人 (@_all) mention
+ * according to the structured mention metadata in `event.message.mentions`.
+ *
+ * Using the `mentions` array (rather than a raw substring search on
+ * `message.content`) prevents spoofing: a user can type the literal text
+ * "@_all" in a normal message without triggering an @所有人 broadcast — the
+ * Feishu server only inserts a `mentions` entry with `key === "@_all"` when
+ * the sender actually used the @所有人 mention (CWE-807).
+ */
+export function hasAtAllMention(event: FeishuMessageLike): boolean {
+  return (event.message.mentions ?? []).some(
+    (m) => m.key === "@_all" || m.id?.user_id === "all" || m.id?.open_id === "all",
+  );
+}
+
 export function normalizeMentions(
  text: string,
  mentions?: FeishuMention[],
--- a/extensions/feishu/src/bot.checkBotMentioned.test.ts
+++ b/extensions/feishu/src/bot.checkBotMentioned.test.ts
@ -1,4 +1,5 @@
 import { describe, it, expect } from "vitest";
+import { hasAtAllMention } from "./bot-content.js";
 import { parseFeishuMessageEvent } from "./bot.js";

 // Helper to build a minimal FeishuMessageEvent for testing
@ -212,3 +213,42 @@ describe("parseFeishuMessageEvent – mentionedBot", () => {
    expect(ctx.mentionedBot).toBe(true);
  });
 });
+
+// hasAtAllMention — structured @所有人 detection (CWE-807 spoofing prevention)
+describe("hasAtAllMention", () => {
+  function makeRawEvent(
+    mentions: Array<{ key: string; name: string; id: Record<string, string> }>,
+  ) {
+    return {
+      message: {
+        content: '{"text":"hello"}',
+        message_type: "text",
+        mentions,
+        chat_id: "oc_group1",
+        message_id: "om_msg1",
+      },
+      sender: { sender_id: { open_id: "ou_sender1", user_id: "u_sender1" }, sender_type: "user" },
+    };
+  }
+
+  it("returns true when mentions contains key @_all", () => {
+    const event = makeRawEvent([{ key: "@_all", name: "所有人", id: {} }]);
+    expect(hasAtAllMention(event as any)).toBe(true);
+  });
+
+  it("returns true when mentions contains id.user_id === 'all'", () => {
+    const event = makeRawEvent([{ key: "@_all", name: "所有人", id: { user_id: "all" } }]);
+    expect(hasAtAllMention(event as any)).toBe(true);
+  });
+
+  it("returns false when mentions is empty (raw @_all text does NOT trigger)", () => {
+    // A user typing the literal text "@_all" should not be detected as @所有人
+    const event = makeRawEvent([]);
+    expect(hasAtAllMention(event as any)).toBe(false);
+  });
+
+  it("returns false when mentions only contain regular user mentions", () => {
+    const event = makeRawEvent([{ key: "@_user_1", name: "Alice", id: { open_id: "ou_alice" } }]);
+    expect(hasAtAllMention(event as any)).toBe(false);
+  });
+});
--- a/extensions/feishu/src/bot.ts
+++ b/extensions/feishu/src/bot.ts
@ -23,6 +23,7 @@ import {
 import { resolveFeishuAccount } from "./accounts.js";
 import {
  checkBotMentioned,
+  hasAtAllMention,
  normalizeFeishuCommandProbeBody,
  normalizeMentions,
  parseMergeForwardContent,
@ -422,7 +423,12 @@ export async function handleFeishuMessage(params: {
    // account or group is explicitly configured with respondToAtAll:true, treat
    // it as mentioning this bot.  Default is false so bots that do not opt in
    // stay silent when a user broadcasts to the whole group.
-    if (!ctx.mentionedBot && (event.message.content ?? "").includes("@_all")) {
+    //
+    // Detection uses the structured mention metadata (event.message.mentions)
+    // rather than a raw substring check on message.content to prevent spoofing
+    // (a user typing the literal text "@_all" in a normal message would otherwise
+    // bypass the requireMention gate — CWE-807).
+    if (!ctx.mentionedBot && hasAtAllMention(event)) {
      const respondToAtAll = groupConfig?.respondToAtAll ?? feishuCfg?.respondToAtAll ?? false;
      if (respondToAtAll) {
        ctx = { ...ctx, mentionedBot: true };