Improve anti-injection detection logging and text extraction

Added detailed debug logs for text extraction and LLM detection input in the anti-injector module. Refactored message processing to only use user-added content for detection, avoiding duplicate text. Fixed import paths for command_skip_list in plugin manager and anti_injector_manager to reflect new module structure.
2025-08-20 15:53:10 +08:00
parent d26dd0fb2a
commit 5265132cb6
5 changed files with 16 additions and 16 deletions
--- a/src/chat/antipromptinjector/anti_injector.py
+++ b/src/chat/antipromptinjector/anti_injector.py
@@ -81,9 +81,9 @@ class AntiPromptInjector:
            if whitelist_result is not None:
                return ProcessResult.ALLOWED, None, whitelist_result[2]
            
-            # 4. 命令跳过列表检测
-            message_text = self.message_processor.extract_text_content(message)
-            should_skip, skip_reason = should_skip_injection_detection(message_text)
+            # 4. 命令跳过列表检测 & 内容提取
+            text_to_detect = self.message_processor.extract_text_content(message)
+            should_skip, skip_reason = should_skip_injection_detection(text_to_detect)
            if should_skip:
                logger.debug(f"消息匹配跳过列表，跳过反注入检测: {skip_reason}")
                return ProcessResult.ALLOWED, None, f"命令跳过检测 - {skip_reason}"
@@ -91,6 +91,7 @@ class AntiPromptInjector:
            # 5. 内容检测
            # 提取用户新增内容（去除引用部分）
            text_to_detect = self.message_processor.extract_text_content(message)
+            logger.debug(f"提取的检测文本: '{text_to_detect}' (长度: {len(text_to_detect)})")
            
            # 如果是纯引用消息，直接允许通过
            if text_to_detect == "[纯引用消息]":
--- a/src/chat/antipromptinjector/core/detector.py
+++ b/src/chat/antipromptinjector/core/detector.py
@@ -153,6 +153,9 @@ class PromptInjectionDetector:
        """基于LLM的检测"""
        start_time = time.time()
        
+        # 添加调试日志
+        logger.debug(f"LLM检测输入消息: '{message}' (长度: {len(message)})")
+        
        try:
            # 获取可用的模型配置
            models = llm_api.get_available_models()
--- a/src/chat/antipromptinjector/processors/message_processor.py
+++ b/src/chat/antipromptinjector/processors/message_processor.py
@@ -32,17 +32,14 @@ class MessageProcessor:
        """
        # 主要检测处理后的纯文本
        processed_text = message.processed_plain_text
+        logger.debug(f"原始processed_plain_text: '{processed_text}'")
        
-        # 检查是否包含引用消息
+        # 检查是否包含引用消息，提取用户新增内容
        new_content = self.extract_new_content_from_reply(processed_text)
-        text_parts = [new_content]
+        logger.debug(f"提取的新内容: '{new_content}'")
        
-        # 如果有原始消息，也加入检测
-        if hasattr(message, 'raw_message') and message.raw_message:
-            text_parts.append(str(message.raw_message))
-        
-        # 合并所有文本内容
-        return " ".join(filter(None, text_parts))
+        # 只返回用户新增的内容，避免重复
+        return new_content
    
    def extract_new_content_from_reply(self, full_text: str) -> str:
        """从包含引用的完整消息中提取用户新增的内容