-
Notifications
You must be signed in to change notification settings - Fork 541
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Optimize AI security guard plugin #1473
Conversation
rinfx
commented
Nov 5, 2024
- 代码重构:1)gjson解析json string改为json.unmarshal方式;2)denyMessage优先级统一调整为用户自定义 > 阿里云内容安全返回建议 > 兜底内容;3)denyMessage统一进行一次序列化,防止response body错误
- 增加拦截等级设置,与内容安全对齐(high,medium,low),用户可以设置拦截阈值,默认只拦截high,同时风险分与风险等级可以在内容安全控制台进行设置
- 增加STS Token接入方式,开源用户仍需设置AK/SK,商业化用户可基于角色扮演进行授权而不是设置明文AK/SK,避免AK/SK泄漏风险
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #1473 +/- ##
==========================================
+ Coverage 35.91% 43.53% +7.62%
==========================================
Files 69 76 +7
Lines 11576 12320 +744
==========================================
+ Hits 4157 5364 +1207
+ Misses 7104 6621 -483
- Partials 315 335 +20 |
@@ -67,6 +99,7 @@ type AISecurityConfig struct { | |||
denyCode int64 | |||
denyMessage string | |||
protocolOriginal bool | |||
riskLevelBar string |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
文档需要同步更新
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
OpenAIStreamResponseFormat = OpenAIStreamResponseChunk + "\n\n" + OpenAIStreamResponseEnd + "\n\n" + `data: [DONE]` | ||
|
||
TracingPrefix = "trace_span_tag." | ||
// TracingPrefix = "trace_span_tag." |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
没用的话就直接删掉吧
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
"ServiceParameters": fmt.Sprintf(`{"content": "%s"}`, marshalStr(content, log)), | ||
} | ||
if config.token != "" { | ||
params["SecurityToken"] = config.token |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
在官网文档里没有找到这个参数诶,能提供一下出处吗?
另外 config.token 这个字段名字是不是用 securityToken 好一点?
https://help.aliyun.com/document_detail/2671445.html
https://help.aliyun.com/document_detail/108840.html
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
SecurityToken 这个不是内容安全官方文档提供的,属于是角色扮演才会用到的,内容安全那边对外没有提供api文档
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
那角色扮演是做什么用的呢,有说明吗?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
直接在插件里面填用户的AK/SK有风险,会直接暴露在控制台上,角色扮演可以避免用户在控制台填写AK/SK
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
是的
@@ -114,6 +113,8 @@ func (config *AISecurityConfig) incrementCounter(metricName string, inc uint64) | |||
|
|||
func riskLevelToInt(riskLevel string) int { | |||
switch riskLevel { | |||
case MaxRisk: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
嗯,因为有时候内容安全误拦截比较多,设置为max的话,就只记录检测结果,但是不会拦截请求,这样用户可以先设置为max观察一段时间,之后再调整等级
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM