From 433041c44e9a9f516365149a7b9f9d4201a23679 Mon Sep 17 00:00:00 2001 From: lbo728 Date: Wed, 18 Mar 2026 20:36:47 +0900 Subject: [PATCH 1/2] =?UTF-8?q?fix(feishu):=20@=E6=89=80=E6=9C=89=E4=BA=BA?= =?UTF-8?q?=20(@all)=20no=20longer=20triggers=20every=20bot=20unconditiona?= =?UTF-8?q?lly?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Previously checkBotMentioned() returned true for any message containing '@_all', causing ALL bots in a Feishu group to respond simultaneously whenever a user broadcast to @所有人 (#49761). Fix: remove the unconditional @_all -> true early-return from checkBotMentioned(). Opt-in is now controlled by a new respondToAtAll config flag (boolean, default false) that can be set at the account level (channels.feishu.respondToAtAll or channels.feishu.accounts..respondToAtAll) or per-group (channels.feishu.groups..respondToAtAll). The check is applied in handleFeishuMessage after groupConfig is resolved so that per-group and per-account settings are both honoured. Bots that do not opt in remain silent when @所有人 is used, preserving the pre-existing behaviour for single-bot deployments and groups that do not want broadcast responses. Changes: - extensions/feishu/src/bot-content.ts: drop @_all -> true, add comment - extensions/feishu/src/bot.ts: add respondToAtAll opt-in check after groupConfig is resolved, before the requireMention gate - extensions/feishu/src/config-schema.ts: add respondToAtAll?:boolean to FeishuSharedConfigShape (account+global level) and FeishuGroupSchema - extensions/feishu/src/bot.checkBotMentioned.test.ts: two new tests confirming mentionedBot=false for @_all via parseFeishuMessageEvent --- extensions/feishu/src/bot-content.ts | 8 ++++--- .../feishu/src/bot.checkBotMentioned.test.ts | 21 +++++++++++++++++++ extensions/feishu/src/bot.ts | 11 ++++++++++ extensions/feishu/src/config-schema.ts | 2 ++ 4 files changed, 39 insertions(+), 3 deletions(-) diff --git a/extensions/feishu/src/bot-content.ts b/extensions/feishu/src/bot-content.ts index d8dcc1c0aa2..7b6fa38ac02 100644 --- a/extensions/feishu/src/bot-content.ts +++ b/extensions/feishu/src/bot-content.ts @@ -248,9 +248,11 @@ export function checkBotMentioned(event: FeishuMessageLike, botOpenId?: string): if (!botOpenId) { return false; } - if ((event.message.content ?? "").includes("@_all")) { - return true; - } + // @_all (@所有人) is intentionally NOT treated as mentioning every bot here. + // Whether to respond to @所有人 is an opt-in decision controlled by the + // respondToAtAll config flag; the check is applied in handleFeishuMessage + // after the group config is resolved so that per-group and per-account + // settings are both honoured. const mentions = event.message.mentions ?? []; if (mentions.length > 0) { return mentions.some((mention) => mention.id.open_id === botOpenId); diff --git a/extensions/feishu/src/bot.checkBotMentioned.test.ts b/extensions/feishu/src/bot.checkBotMentioned.test.ts index a7ea6792275..3d9edc8515d 100644 --- a/extensions/feishu/src/bot.checkBotMentioned.test.ts +++ b/extensions/feishu/src/bot.checkBotMentioned.test.ts @@ -190,4 +190,25 @@ describe("parseFeishuMessageEvent – mentionedBot", () => { const ctx = parseFeishuMessageEvent(event as any, "ou_bot_123"); expect(ctx.content).toBe("[Forwarded message: sc_abc123]"); }); + + // @_all (@所有人) behaviour — opt-in is controlled by respondToAtAll config + // and resolved later in handleFeishuMessage; parseFeishuMessageEvent itself + // no longer unconditionally sets mentionedBot=true for @_all. + it("returns mentionedBot=false for @_all message (respondToAtAll opt-in not yet applied)", () => { + const event = makeEvent("group", [], "@_all hello everyone"); + const ctx = parseFeishuMessageEvent(event as any, BOT_OPEN_ID); + expect(ctx.mentionedBot).toBe(false); + }); + + it("returns mentionedBot=false for @_all even when bot is also in mentions list (opt-in path takes precedence)", () => { + // Explicit bot mention still wins via the mentions array path + const event = makeEvent( + "group", + [{ key: "@_user_1", name: "Bot", id: { open_id: BOT_OPEN_ID } }], + "@_all hello", + ); + const ctx = parseFeishuMessageEvent(event as any, BOT_OPEN_ID); + // Bot IS in the mentions array, so it should still be true via that path + expect(ctx.mentionedBot).toBe(true); + }); }); diff --git a/extensions/feishu/src/bot.ts b/extensions/feishu/src/bot.ts index 63b898a23fb..34a6d169644 100644 --- a/extensions/feishu/src/bot.ts +++ b/extensions/feishu/src/bot.ts @@ -418,6 +418,17 @@ export async function handleFeishuMessage(params: { groupConfig, })); + // @_all (@所有人) opt-in: if the message targets all group members and the + // account or group is explicitly configured with respondToAtAll:true, treat + // it as mentioning this bot. Default is false so bots that do not opt in + // stay silent when a user broadcasts to the whole group. + if (!ctx.mentionedBot && (event.message.content ?? "").includes("@_all")) { + const respondToAtAll = groupConfig?.respondToAtAll ?? feishuCfg?.respondToAtAll ?? false; + if (respondToAtAll) { + ctx = { ...ctx, mentionedBot: true }; + } + } + if (requireMention && !ctx.mentionedBot) { log(`feishu[${account.accountId}]: message in group ${ctx.chatId} did not mention bot`); // Record to pending history for non-broadcast groups only. For broadcast groups, diff --git a/extensions/feishu/src/config-schema.ts b/extensions/feishu/src/config-schema.ts index db1714f173f..26a779d3ae7 100644 --- a/extensions/feishu/src/config-schema.ts +++ b/extensions/feishu/src/config-schema.ts @@ -141,6 +141,7 @@ const ReplyInThreadSchema = z.enum(["disabled", "enabled"]).optional(); export const FeishuGroupSchema = z .object({ requireMention: z.boolean().optional(), + respondToAtAll: z.boolean().optional(), tools: ToolPolicySchema, skills: z.array(z.string()).optional(), enabled: z.boolean().optional(), @@ -164,6 +165,7 @@ const FeishuSharedConfigShape = { groupAllowFrom: z.array(z.union([z.string(), z.number()])).optional(), groupSenderAllowFrom: z.array(z.union([z.string(), z.number()])).optional(), requireMention: z.boolean().optional(), + respondToAtAll: z.boolean().optional(), groups: z.record(z.string(), FeishuGroupSchema.optional()).optional(), historyLimit: z.number().int().min(0).optional(), dmHistoryLimit: z.number().int().min(0).optional(), From 10551a093781b2b29c2761eb0786019632d347e1 Mon Sep 17 00:00:00 2001 From: lbo728 Date: Thu, 19 Mar 2026 18:29:06 +0900 Subject: [PATCH 2/2] =?UTF-8?q?fix(feishu):=20use=20structured=20mention?= =?UTF-8?q?=20metadata=20to=20detect=20@=E6=89=80=E6=9C=89=E4=BA=BA=20(CWE?= =?UTF-8?q?-807)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The respondToAtAll check in handleFeishuMessage was using a raw substring match on event.message.content to detect @所有人 (@_all): if (!ctx.mentionedBot && (event.message.content ?? "").includes("@_all")) This allows spoofing: any user who types the literal text "@_all" in a normal message (in a code block, quote, or plain text) will have their message treated as a real @所有人 broadcast when respondToAtAll is enabled, bypassing the requireMention gate (CWE-807 — decision via unverified data). Fix: - Extract a new exported helper hasAtAllMention() in bot-content.ts that checks the structured event.message.mentions array for an entry with key === "@_all" or id.user_id/open_id === "all". Feishu only inserts a mention entry with key "@_all" when the sender actually used the @所有人 mention button — unlike raw message content which is user-controlled. - Update handleFeishuMessage to call hasAtAllMention(event) instead of the raw content substring check. - Add 4 focused unit tests for hasAtAllMention() covering: key match, user_id match, empty mentions (raw text cannot spoof), and non-@all regular user mentions. Total tests: 21/21 (17 existing + 4 new) --- extensions/feishu/src/bot-content.ts | 16 ++++++++ .../feishu/src/bot.checkBotMentioned.test.ts | 40 +++++++++++++++++++ extensions/feishu/src/bot.ts | 8 +++- 3 files changed, 63 insertions(+), 1 deletion(-) diff --git a/extensions/feishu/src/bot-content.ts b/extensions/feishu/src/bot-content.ts index 7b6fa38ac02..74735eb26ae 100644 --- a/extensions/feishu/src/bot-content.ts +++ b/extensions/feishu/src/bot-content.ts @@ -263,6 +263,22 @@ export function checkBotMentioned(event: FeishuMessageLike, botOpenId?: string): return false; } +/** + * Returns true when the Feishu message contains a real @所有人 (@_all) mention + * according to the structured mention metadata in `event.message.mentions`. + * + * Using the `mentions` array (rather than a raw substring search on + * `message.content`) prevents spoofing: a user can type the literal text + * "@_all" in a normal message without triggering an @所有人 broadcast — the + * Feishu server only inserts a `mentions` entry with `key === "@_all"` when + * the sender actually used the @所有人 mention (CWE-807). + */ +export function hasAtAllMention(event: FeishuMessageLike): boolean { + return (event.message.mentions ?? []).some( + (m) => m.key === "@_all" || m.id?.user_id === "all" || m.id?.open_id === "all", + ); +} + export function normalizeMentions( text: string, mentions?: FeishuMention[], diff --git a/extensions/feishu/src/bot.checkBotMentioned.test.ts b/extensions/feishu/src/bot.checkBotMentioned.test.ts index 3d9edc8515d..150143d7069 100644 --- a/extensions/feishu/src/bot.checkBotMentioned.test.ts +++ b/extensions/feishu/src/bot.checkBotMentioned.test.ts @@ -1,4 +1,5 @@ import { describe, it, expect } from "vitest"; +import { hasAtAllMention } from "./bot-content.js"; import { parseFeishuMessageEvent } from "./bot.js"; // Helper to build a minimal FeishuMessageEvent for testing @@ -212,3 +213,42 @@ describe("parseFeishuMessageEvent – mentionedBot", () => { expect(ctx.mentionedBot).toBe(true); }); }); + +// hasAtAllMention — structured @所有人 detection (CWE-807 spoofing prevention) +describe("hasAtAllMention", () => { + function makeRawEvent( + mentions: Array<{ key: string; name: string; id: Record }>, + ) { + return { + message: { + content: '{"text":"hello"}', + message_type: "text", + mentions, + chat_id: "oc_group1", + message_id: "om_msg1", + }, + sender: { sender_id: { open_id: "ou_sender1", user_id: "u_sender1" }, sender_type: "user" }, + }; + } + + it("returns true when mentions contains key @_all", () => { + const event = makeRawEvent([{ key: "@_all", name: "所有人", id: {} }]); + expect(hasAtAllMention(event as any)).toBe(true); + }); + + it("returns true when mentions contains id.user_id === 'all'", () => { + const event = makeRawEvent([{ key: "@_all", name: "所有人", id: { user_id: "all" } }]); + expect(hasAtAllMention(event as any)).toBe(true); + }); + + it("returns false when mentions is empty (raw @_all text does NOT trigger)", () => { + // A user typing the literal text "@_all" should not be detected as @所有人 + const event = makeRawEvent([]); + expect(hasAtAllMention(event as any)).toBe(false); + }); + + it("returns false when mentions only contain regular user mentions", () => { + const event = makeRawEvent([{ key: "@_user_1", name: "Alice", id: { open_id: "ou_alice" } }]); + expect(hasAtAllMention(event as any)).toBe(false); + }); +}); diff --git a/extensions/feishu/src/bot.ts b/extensions/feishu/src/bot.ts index 34a6d169644..9ee0569abfd 100644 --- a/extensions/feishu/src/bot.ts +++ b/extensions/feishu/src/bot.ts @@ -23,6 +23,7 @@ import { import { resolveFeishuAccount } from "./accounts.js"; import { checkBotMentioned, + hasAtAllMention, normalizeFeishuCommandProbeBody, normalizeMentions, parseMergeForwardContent, @@ -422,7 +423,12 @@ export async function handleFeishuMessage(params: { // account or group is explicitly configured with respondToAtAll:true, treat // it as mentioning this bot. Default is false so bots that do not opt in // stay silent when a user broadcasts to the whole group. - if (!ctx.mentionedBot && (event.message.content ?? "").includes("@_all")) { + // + // Detection uses the structured mention metadata (event.message.mentions) + // rather than a raw substring check on message.content to prevent spoofing + // (a user typing the literal text "@_all" in a normal message would otherwise + // bypass the requireMention gate — CWE-807). + if (!ctx.mentionedBot && hasAtAllMention(event)) { const respondToAtAll = groupConfig?.respondToAtAll ?? feishuCfg?.respondToAtAll ?? false; if (respondToAtAll) { ctx = { ...ctx, mentionedBot: true };