Feat/fix qq ssrf url list (#65788)

* fix: update qqbot media host allowlist

* fix: update qqbot media host allowlist

* fix: update qqbot media host allowlist

* fix: update qqbot media host allowlist

extensions/qqbot/src/utils/file-utils.test.ts

@@ -47,7 +47,16 @@ describe("qqbot file-utils downloadFile", () => {
       ssrfPolicy: QQBOT_MEDIA_SSRF_POLICY,
     });
     expect(QQBOT_MEDIA_SSRF_POLICY).toEqual({
-      hostnameAllowlist: ["*.myqcloud.com", "*.qpic.cn", "*.qq.com", "*.tencentcos.com"],
+      hostnameAllowlist: [
+        "*.qpic.cn",
+        "*.qq.com",
+        "*.weiyun.com",
+        "*.qq.com.cn",
+        "*.ugcimg.cn",
+        "*.myqcloud.com",
+        "*.tencentcos.cn",
+        "*.tencentcos.com",
+      ],
       allowRfc2544BenchmarkRange: true,
     });
   });

extensions/qqbot/src/utils/file-utils.ts

@@ -16,9 +16,18 @@ export const MAX_UPLOAD_SIZE = 20 * 1024 * 1024;
 export const LARGE_FILE_THRESHOLD = 5 * 1024 * 1024;
 
 const QQBOT_MEDIA_HOSTNAME_ALLOWLIST = [
-  "*.myqcloud.com",
+  // QQ富媒体
   "*.qpic.cn",
   "*.qq.com",
+  "*.weiyun.com",
+  "*.qq.com.cn",
+
+  // QQ机器人
+  "*.ugcimg.cn",
+
+  // 腾讯云COS
+  "*.myqcloud.com",
+  "*.tencentcos.cn",
   "*.tencentcos.com",
 ];