iven/hms
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(ai): AI 提示词模板添加安全检查

Browse Source
This commit is contained in:
iven
2026-05-06 10:21:35 +08:00
parent c452ae81d1
commit d9818c263e
1 changed files with 23 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
crates/erp-ai/src/handler/mod.rs
View File

@@ -426,6 +426,8 @@ where
S: Clone + Send + Sync + 'static, S: Clone + Send + Sync + 'static,
{ {
require_permission(&ctx, "ai.prompt.manage")?; require_permission(&ctx, "ai.prompt.manage")?;
validate_prompt_safety(&body.system_prompt)?;
validate_prompt_safety(&body.user_prompt_template)?;
let prompt = state let prompt = state
.prompt .prompt
.create_prompt( .create_prompt(
@@ -683,3 +685,24 @@ fn build_sse_stream(
yield Ok(Event::default().event("done").data(data)); yield Ok(Event::default().event("done").data(data));
} }
} }
/// 检查提示词内容是否包含可疑注入模式
fn validate_prompt_safety(content: &str) -> Result<(), erp_core::error::AppError> {
let suspicious = [
"ignore previous",
"ignore all previous",
"ignore above",
"disregard previous",
"you are now",
"new instructions:",
];
let lower = content.to_lowercase();
for pattern in &suspicious {
if lower.contains(pattern) {
return Err(erp_core::error::AppError::Validation(
format!("提示词内容包含不安全模式: {}", pattern),
));
}
}
Ok(())
}