mirror/nanobot
1
0
Fork 0
mirror of https://github.com/HKUDS/nanobot.git synced 2026-06-13 14:23:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(msteams): trust official Teams service hosts

Browse Source
This commit is contained in:
Xubin Ren 2026-05-29 16:35:04 +08:00
parent 5734c17ee0
commit 232df45126
2 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
nanobot/channels/msteams.py
View File

@ -55,6 +55,9 @@ MSTEAMS_REF_TTL_DAYS = 30
MSTEAMS_WEBCHAT_HOST = "webchat.botframework.com" MSTEAMS_WEBCHAT_HOST = "webchat.botframework.com"
MSTEAMS_DEFAULT_TRUSTED_SERVICE_URL_HOSTS = [ MSTEAMS_DEFAULT_TRUSTED_SERVICE_URL_HOSTS = [
"smba.trafficmanager.net", "smba.trafficmanager.net",
"smba.infra.gcc.teams.microsoft.com",
"smba.infra.gov.teams.microsoft.us",
"smba.infra.dod.teams.microsoft.us",
"*.botframework.com", "*.botframework.com",
] ]
MSTEAMS_REF_META_FILENAME = "msteams_conversations_meta.json" MSTEAMS_REF_META_FILENAME = "msteams_conversations_meta.json"

12
tests/test_msteams.py
View File

@ -186,6 +186,18 @@ def test_init_prunes_stale_and_unsupported_conversation_refs(make_channel, tmp_p
assert set(persisted.keys()) == {"conv-valid", "conv-missing-ts"} assert set(persisted.keys()) == {"conv-valid", "conv-missing-ts"}
def test_default_trusted_service_urls_cover_official_teams_clouds(make_channel):
ch = make_channel()
assert ch._is_trusted_service_url("https://smba.trafficmanager.net/amer/")
assert ch._is_trusted_service_url("https://smba.infra.gcc.teams.microsoft.com/amer/")
assert ch._is_trusted_service_url("https://smba.infra.gov.teams.microsoft.us/amer/")
assert ch._is_trusted_service_url("https://smba.infra.dod.teams.microsoft.us/amer/")
assert ch._is_trusted_service_url("https://westus-api.botframework.com/")
assert not ch._is_trusted_service_url("http://smba.trafficmanager.net/amer/")
assert not ch._is_trusted_service_url("https://smba.trafficmanager.net.evil.example/")
def test_save_prunes_unsupported_conversation_refs(make_channel, tmp_path, monkeypatch): def test_save_prunes_unsupported_conversation_refs(make_channel, tmp_path, monkeypatch):
now = 1_800_000_000.0 now = 1_800_000_000.0
monkeypatch.setattr(msteams_module.time, "time", lambda: now) monkeypatch.setattr(msteams_module.time, "time", lambda: now)