Skip to content

GitLab

"backend/internal/vscode:/vscode.git/clone" did not exist on "7122b3b3b609d530199ff3490caa9b101142eef0"
Commit ed31c549 authored by yangjianbo's avatar yangjianbo
Browse files

fix(openai): 拒绝日志记录原始 User-Agent 便于攻击研判

parent 4bfa69bf
Hide whitespace changes
Inline Side-by-side
backend/internal/service/openai_gateway_service.go
View file @ ed31c549
......@@ -332,7 +332,7 @@ func appendCodexCLIOnlyRejectedRequestFields(fields []zap.Field, c *gin.Context,
zap.String("request_host", strings.TrimSpace(req.Host)),
zap.String("request_client_ip", strings.TrimSpace(c.ClientIP())),
zap.String("request_remote_addr", strings.TrimSpace(req.RemoteAddr)),
zap.String("request_user_agent", buildDetailedUserAgent(req.Header.Values("User-Agent"))),
zap.String("request_user_agent", strings.TrimSpace(req.Header.Get("User-Agent"))),
zap.String("request_content_type", strings.TrimSpace(req.Header.Get("Content-Type"))),
zap.Int64("request_content_length", req.ContentLength),
zap.Bool("request_stream", requestStream),
......@@ -351,21 +351,6 @@ func appendCodexCLIOnlyRejectedRequestFields(fields []zap.Field, c *gin.Context,
return fields
}
func buildDetailedUserAgent(values []string) string {
if len(values) == 0 {
return ""
}
result := make([]string, 0, len(values))
for _, value := range values {
v := strings.TrimSpace(value)
if v == "" {
continue
}
result = append(result, v)
}
return strings.Join(result, " | ")
}
func snapshotCodexCLIOnlyHeaders(header http.Header) map[string]string {
if len(header) == 0 {
return nil
......
backend/internal/service/openai_gateway_service_codex_cli_only_test.go
View file @ ed31c549
......@@ -131,8 +131,7 @@ func TestLogCodexCLIOnlyDetection_RejectedIncludesRequestDetails(t *testing.T) {
rec := httptest.NewRecorder()
c, _ := gin.CreateTestContext(rec)
c.Request = httptest.NewRequest(http.MethodPost, "/v1/responses?trace=1", bytes.NewReader(nil))
c.Request.Header.Add("User-Agent", "curl/8.0")
c.Request.Header.Add("User-Agent", "Codex/1.2.3 (cli)")
c.Request.Header.Set("User-Agent", "codex_cli_rs/0.98.0 (Windows 10.0.19045; x86_64) unknown")
c.Request.Header.Set("Content-Type", "application/json")
c.Request.Header.Set("OpenAI-Beta", "assistants=v2")
......@@ -144,7 +143,7 @@ func TestLogCodexCLIOnlyDetection_RejectedIncludesRequestDetails(t *testing.T) {
Reason: CodexClientRestrictionReasonNotMatchedUA,
}, body)
require.True(t, logSink.ContainsFieldValue("request_user_agent", "curl/8.0 | Codex/1.2.3 (cli)"))
require.True(t, logSink.ContainsFieldValue("request_user_agent", "codex_cli_rs/0.98.0 (Windows 10.0.19045; x86_64) unknown"))
require.True(t, logSink.ContainsFieldValue("request_model", "gpt-5.2"))
require.True(t, logSink.ContainsFieldValue("request_query", "trace=1"))
require.True(t, logSink.ContainsFieldValue("request_prompt_cache_key_sha256", hashSensitiveValueForLog("pc-123")))
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment