From 0ac250a035b2d93ac1a663cf08e6f43656df5814 Mon Sep 17 00:00:00 2001
From: Bowen Liang <liangbowen@gf.com.cn>
Date: Thu, 7 Mar 2024 15:51:06 +0800
Subject: [PATCH] fix: check webhook key of Wecom tool in valid UUID form and
 fix typo (#2719)

---
 .../provider/builtin/wecom/tools/wecom_group_bot.py      | 8 +++++---
 api/core/tools/provider/builtin/wecom/wecom.py           | 4 ++--
 api/core/tools/utils/uuid_utils.py                       | 9 +++++++++
 3 files changed, 16 insertions(+), 5 deletions(-)
 create mode 100644 api/core/tools/utils/uuid_utils.py

diff --git a/api/core/tools/provider/builtin/wecom/tools/wecom_group_bot.py b/api/core/tools/provider/builtin/wecom/tools/wecom_group_bot.py
index 5a536cca50..aca10e6a7f 100644
--- a/api/core/tools/provider/builtin/wecom/tools/wecom_group_bot.py
+++ b/api/core/tools/provider/builtin/wecom/tools/wecom_group_bot.py
@@ -4,9 +4,10 @@ import httpx
 
 from core.tools.entities.tool_entities import ToolInvokeMessage
 from core.tools.tool.builtin_tool import BuiltinTool
+from core.tools.utils.uuid_utils import is_valid_uuid
 
 
-class WecomRepositoriesTool(BuiltinTool):
+class WecomGroupBotTool(BuiltinTool):
     def _invoke(self, user_id: str, tool_parameters: dict[str, Any]
                 ) -> Union[ToolInvokeMessage, list[ToolInvokeMessage]]:
         """
@@ -17,8 +18,9 @@ class WecomRepositoriesTool(BuiltinTool):
             return self.create_text_message('Invalid parameter content')
 
         hook_key = tool_parameters.get('hook_key', '')
-        if not hook_key:
-            return self.create_text_message('Invalid parameter hook_key')
+        if not is_valid_uuid(hook_key):
+            return self.create_text_message(
+                f'Invalid parameter hook_key ${hook_key}, not a valid UUID')
 
         msgtype = 'text'
         api_url = 'https://qyapi.weixin.qq.com/cgi-bin/webhook/send'
diff --git a/api/core/tools/provider/builtin/wecom/wecom.py b/api/core/tools/provider/builtin/wecom/wecom.py
index 6380061b4f..7a2576b668 100644
--- a/api/core/tools/provider/builtin/wecom/wecom.py
+++ b/api/core/tools/provider/builtin/wecom/wecom.py
@@ -1,8 +1,8 @@
-from core.tools.provider.builtin.wecom.tools.wecom_group_bot import WecomRepositoriesTool
+from core.tools.provider.builtin.wecom.tools.wecom_group_bot import WecomGroupBotTool
 from core.tools.provider.builtin_tool_provider import BuiltinToolProviderController
 
 
 class WecomProvider(BuiltinToolProviderController):
     def _validate_credentials(self, credentials: dict) -> None:
-        WecomRepositoriesTool()
+        WecomGroupBotTool()
         pass
diff --git a/api/core/tools/utils/uuid_utils.py b/api/core/tools/utils/uuid_utils.py
new file mode 100644
index 0000000000..3046c08c89
--- /dev/null
+++ b/api/core/tools/utils/uuid_utils.py
@@ -0,0 +1,9 @@
+import uuid
+
+
+def is_valid_uuid(uuid_str: str) -> bool:
+    try:
+        uuid.UUID(uuid_str)
+        return True
+    except Exception:
+        return False