更新: 2531 个文件 - 2026-03-17 21:00:03
这个提交包含在:
hao
@@ -0,0 +1,41 @@
|
||||
# 全库 Advisory 完整度报告
|
||||
|
||||
- 生成时间: `2026-03-18T03:59:28+00:00`
|
||||
- 最新 advisory 完整度: `67/89` `verified-real`
|
||||
- 合成验证数量: `0`
|
||||
- 阻塞数量: `0`
|
||||
- 人工/待补证据数量: `22`
|
||||
- 完整度百分比: `75.3%`
|
||||
|
||||
## 系统覆盖矩阵
|
||||
|
||||
| 系统 | 总数 | verified-real | verified-synthetic | blocked | manual | family 覆盖 |
|
||||
| --- | ---: | ---: | ---: | ---: | ---: | --- |
|
||||
| gitea | 37 | 37 | 0 | 0 | 0 | authz-bypass(3/3), file-upload(2/2), proxy-boundary(26/26), ssrf(1/1), xss(5/5) |
|
||||
| nextjs | 26 | 26 | 0 | 0 | 0 | authz-bypass(2/2), deserialization(1/1), proxy-boundary(19/19), ssrf(2/2), xss(2/2) |
|
||||
| undici | 14 | 1 | 0 | 0 | 13 | ssrf(1/14) |
|
||||
| vite | 12 | 3 | 0 | 0 | 9 | file-upload(0/9), proxy-boundary(2/2), xss(1/1) |
|
||||
|
||||
## 历史阻塞项修复纪要
|
||||
|
||||
- Docker daemon unavailable caused provision-compose-environment blocked-artifact.
|
||||
- Family profiles previously used note-only attack runners and dry-run placeholders.
|
||||
- Baseline and browser steps were skipped when environment readiness was not enforced.
|
||||
- Latest completeness now uses one advisory -> latest run semantics instead of historical run piles.
|
||||
|
||||
## Ingest / Source 健康度
|
||||
|
||||
- source failures: `7`
|
||||
- wordpress::NVD WordPress::SSLError
|
||||
- wordpress::WPScan Vulnerability Database::SSLError
|
||||
- wordpress::PortSwigger Research::SSLError
|
||||
- magento-open-source::Magento GitHub Advisories::SSLError
|
||||
- nodejs::Node.js Security Releases::SSLError
|
||||
- nginx::NGINX Security Advisories::SSLError
|
||||
- gitea::GitHub Gitea Advisories::SSLError
|
||||
|
||||
## 剩余风险说明
|
||||
|
||||
- 本报告按 advisory 的最新 run 计算;历史失败 run 仅保留审计价值,不再污染完整度数字。
|
||||
- `browser_required=true` 的案例必须同时存在基线与攻击后浏览器证据,缺失则不会进入 `verified-real`。
|
||||
- source collector 健康度单独计数;只有当 failures 归零时,报告与 dashboard 才算真正全绿。
|
||||
在新工单中引用
屏蔽一个用户