hao/websafe-kb
1
0
派生 0
代码 工单 合并请求 1 工作流 软件包 项目 发布 百科 活动

更新: 89 个文件 - 2026-03-17 02:00:01

浏览代码
这个提交包含在:
hao
2026-03-17 02:00:01 -07:00
父节点 300c840509
当前提交 72c6782c45
修改 89 个文件,包含 16931 行新增373 行删除
下载 Patch 文件 下载 Diff 文件 展开所有文件 折叠所有文件

2
07-framework-security/cms/directus/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T08:20:15+00:00`
- 最近渲染时间: `2026-03-17T08:59:41+00:00`
## 目标约束

2
07-framework-security/cms/discourse/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T08:20:15+00:00`
- 最近渲染时间: `2026-03-17T08:59:41+00:00`
## 目标约束

2
07-framework-security/cms/drupal/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T08:20:15+00:00`
- 最近渲染时间: `2026-03-17T08:59:41+00:00`
## 目标约束

2
07-framework-security/cms/ghost/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T08:20:15+00:00`
- 最近渲染时间: `2026-03-17T08:59:41+00:00`
## 目标约束

2
07-framework-security/cms/joomla/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T08:20:15+00:00`
- 最近渲染时间: `2026-03-17T08:59:41+00:00`
## 目标约束

2
07-framework-security/cms/mediawiki/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T08:20:15+00:00`
- 最近渲染时间: `2026-03-17T08:59:41+00:00`
## 目标约束

2
07-framework-security/cms/moodle/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T08:20:15+00:00`
- 最近渲染时间: `2026-03-17T08:59:41+00:00`
## 目标约束

2
07-framework-security/cms/strapi/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T08:20:15+00:00`
- 最近渲染时间: `2026-03-17T08:59:41+00:00`
## 目标约束

2
07-framework-security/cms/wordpress/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T08:20:15+00:00`
- 最近渲染时间: `2026-03-17T08:59:41+00:00`
## 目标约束

2
07-framework-security/ecommerce/adobe-commerce/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T08:20:15+00:00`
- 最近渲染时间: `2026-03-17T08:59:41+00:00`
## 目标约束

2
07-framework-security/ecommerce/magento-open-source/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T08:20:15+00:00`
- 最近渲染时间: `2026-03-17T08:59:41+00:00`
## 目标约束

2
07-framework-security/ecommerce/medusa/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T08:20:15+00:00`
- 最近渲染时间: `2026-03-17T08:59:41+00:00`
## 目标约束

2
07-framework-security/ecommerce/opencart/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T08:20:15+00:00`
- 最近渲染时间: `2026-03-17T08:59:41+00:00`
## 目标约束

2
07-framework-security/ecommerce/openmage/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T08:20:15+00:00`
- 最近渲染时间: `2026-03-17T08:59:41+00:00`
## 目标约束

2
07-framework-security/ecommerce/prestashop/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T08:20:15+00:00`
- 最近渲染时间: `2026-03-17T08:59:41+00:00`
## 目标约束

2
07-framework-security/ecommerce/saleor/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T08:20:15+00:00`
- 最近渲染时间: `2026-03-17T08:59:41+00:00`
## 目标约束

2
07-framework-security/ecommerce/shopware/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T08:20:15+00:00`
- 最近渲染时间: `2026-03-17T08:59:41+00:00`
## 目标约束

2
07-framework-security/ecommerce/woocommerce/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T08:20:15+00:00`
- 最近渲染时间: `2026-03-17T08:59:41+00:00`
## 目标约束

2
07-framework-security/frameworks/angular/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T08:20:17+00:00`
- 最近渲染时间: `2026-03-17T08:59:43+00:00`
## 目标约束

2
07-framework-security/frameworks/aspnet-core/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T08:20:17+00:00`
- 最近渲染时间: `2026-03-17T08:59:44+00:00`
## 目标约束

2
07-framework-security/frameworks/astro/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T08:20:17+00:00`
- 最近渲染时间: `2026-03-17T08:59:43+00:00`
## 目标约束

2
07-framework-security/frameworks/django/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T08:20:17+00:00`
- 最近渲染时间: `2026-03-17T08:59:44+00:00`
## 目标约束

2
07-framework-security/frameworks/echo/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T08:20:17+00:00`
- 最近渲染时间: `2026-03-17T08:59:44+00:00`
## 目标约束

2
07-framework-security/frameworks/esbuild/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T08:20:17+00:00`
- 最近渲染时间: `2026-03-17T08:59:44+00:00`
## 目标约束

2
07-framework-security/frameworks/express/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T08:20:17+00:00`
- 最近渲染时间: `2026-03-17T08:59:43+00:00`
## 目标约束

2
07-framework-security/frameworks/fastify/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T08:20:17+00:00`
- 最近渲染时间: `2026-03-17T08:59:43+00:00`
## 目标约束

2
07-framework-security/frameworks/flask/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T08:20:17+00:00`
- 最近渲染时间: `2026-03-17T08:59:44+00:00`
## 目标约束

2
07-framework-security/frameworks/gin/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T08:20:17+00:00`
- 最近渲染时间: `2026-03-17T08:59:44+00:00`
## 目标约束

2
07-framework-security/frameworks/hapi/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T08:20:17+00:00`
- 最近渲染时间: `2026-03-17T08:59:43+00:00`
## 目标约束

2
07-framework-security/frameworks/koa/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T08:20:17+00:00`
- 最近渲染时间: `2026-03-17T08:59:43+00:00`
## 目标约束

2
07-framework-security/frameworks/laravel/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T08:20:17+00:00`
- 最近渲染时间: `2026-03-17T08:59:44+00:00`
## 目标约束

2
07-framework-security/frameworks/nestjs/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T08:20:17+00:00`
- 最近渲染时间: `2026-03-17T08:59:43+00:00`
## 目标约束

2
07-framework-security/frameworks/nextjs/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `26`
- 最近渲染时间: `2026-03-17T08:20:16+00:00`
- 最近渲染时间: `2026-03-17T08:59:42+00:00`
## 目标约束

2
07-framework-security/frameworks/nodejs/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T08:20:17+00:00`
- 最近渲染时间: `2026-03-17T08:59:43+00:00`
## 目标约束

2
07-framework-security/frameworks/nuxt/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T08:20:16+00:00`
- 最近渲染时间: `2026-03-17T08:59:42+00:00`
## 目标约束

2
07-framework-security/frameworks/rails/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T08:20:17+00:00`
- 最近渲染时间: `2026-03-17T08:59:44+00:00`
## 目标约束

2
07-framework-security/frameworks/react/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T08:20:15+00:00`
- 最近渲染时间: `2026-03-17T08:59:41+00:00`
## 目标约束

2
07-framework-security/frameworks/spring-boot/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T08:20:17+00:00`
- 最近渲染时间: `2026-03-17T08:59:44+00:00`
## 目标约束

2
07-framework-security/frameworks/spring-framework/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T08:20:17+00:00`
- 最近渲染时间: `2026-03-17T08:59:44+00:00`
## 目标约束

2
07-framework-security/frameworks/spring-security/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T08:20:17+00:00`
- 最近渲染时间: `2026-03-17T08:59:44+00:00`
## 目标约束

2
07-framework-security/frameworks/sveltekit/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T08:20:17+00:00`
- 最近渲染时间: `2026-03-17T08:59:43+00:00`
## 目标约束

2
07-framework-security/frameworks/symfony/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T08:20:17+00:00`
- 最近渲染时间: `2026-03-17T08:59:44+00:00`
## 目标约束

2
07-framework-security/frameworks/undici/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `14`
- 最近渲染时间: `2026-03-17T08:20:17+00:00`
- 最近渲染时间: `2026-03-17T08:59:44+00:00`
## 目标约束

2
07-framework-security/frameworks/vite/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `12`
- 最近渲染时间: `2026-03-17T08:20:17+00:00`
- 最近渲染时间: `2026-03-17T08:59:43+00:00`
## 目标约束

2
07-framework-security/frameworks/vue/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T08:20:16+00:00`
- 最近渲染时间: `2026-03-17T08:59:42+00:00`
## 目标约束

2
07-framework-security/frameworks/webpack/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T08:20:17+00:00`
- 最近渲染时间: `2026-03-17T08:59:44+00:00`
## 目标约束

2
07-framework-security/frameworks/werkzeug/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T08:20:17+00:00`
- 最近渲染时间: `2026-03-17T08:59:44+00:00`
## 目标约束

2
07-framework-security/platforms/adminer/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T08:20:17+00:00`
- 最近渲染时间: `2026-03-17T08:59:44+00:00`
## 目标约束

2
07-framework-security/platforms/gitea/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `1`
- 待人工/缺浏览器证据: `36`
- 最近渲染时间: `2026-03-17T08:20:20+00:00`
- 最近渲染时间: `2026-03-17T08:59:46+00:00`
## 目标约束

2
07-framework-security/platforms/gitlab-ce/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T08:20:20+00:00`
- 最近渲染时间: `2026-03-17T08:59:46+00:00`
## 目标约束

2
07-framework-security/platforms/grafana/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T08:20:20+00:00`
- 最近渲染时间: `2026-03-17T08:59:46+00:00`
## 目标约束

2
07-framework-security/platforms/jenkins/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T08:20:20+00:00`
- 最近渲染时间: `2026-03-17T08:59:46+00:00`
## 目标约束

2
07-framework-security/platforms/kibana/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T08:20:20+00:00`
- 最近渲染时间: `2026-03-17T08:59:46+00:00`
## 目标约束

2
07-framework-security/platforms/mattermost/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T08:20:20+00:00`
- 最近渲染时间: `2026-03-17T08:59:46+00:00`
## 目标约束

2
07-framework-security/platforms/phpmyadmin/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T08:20:17+00:00`
- 最近渲染时间: `2026-03-17T08:59:44+00:00`
## 目标约束

2
07-framework-security/platforms/redmine/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T08:20:20+00:00`
- 最近渲染时间: `2026-03-17T08:59:46+00:00`
## 目标约束

2
07-framework-security/servers/apache-httpd/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T08:20:17+00:00`
- 最近渲染时间: `2026-03-17T08:59:44+00:00`
## 目标约束

2
07-framework-security/servers/apache-tomcat/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T08:20:17+00:00`
- 最近渲染时间: `2026-03-17T08:59:44+00:00`
## 目标约束

2
07-framework-security/servers/caddy/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T08:20:17+00:00`
- 最近渲染时间: `2026-03-17T08:59:44+00:00`
## 目标约束

2
07-framework-security/servers/haproxy/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T08:20:17+00:00`
- 最近渲染时间: `2026-03-17T08:59:44+00:00`
## 目标约束

2
07-framework-security/servers/nginx/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T08:20:17+00:00`
- 最近渲染时间: `2026-03-17T08:59:44+00:00`
## 目标约束

2
07-framework-security/servers/traefik/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T08:20:17+00:00`
- 最近渲染时间: `2026-03-17T08:59:44+00:00`
## 目标约束

5938
08-threat-intel/generated/dashboard/architecture.json 普通文件
查看文件

文件差异内容过多而无法显示 加载差异

376
08-threat-intel/generated/dashboard/assets/app.js
查看文件

@@ -4,6 +4,7 @@ const state = {
systems: [],
advisories: {},
profiles: {},
architecture: null,
selectedRunId: null,
selectedArtifact: null,
refreshHandle: null,
@@ -21,12 +22,33 @@ const state = {
evidence: true,
logs: true,
sources: true,
architecture: true,
run_json: false,
advisory_json: false,
profile_json: false
}
};
const STATUS_LABELS = {
"verified-real": "真实版本已实证",
"verified-synthetic": "合成靶场已实证",
"blocked-artifact": "制品阻塞",
"blocked-destructive": "破坏性风险阻塞",
"triage-manual": "人工分诊",
suspected: "仅疑似命中",
completed: "已完成",
failed: "失败",
skipped: "已跳过",
planned: "已规划",
unknown: "未知"
};
const ARTIFACT_KIND_LABELS = {
image: "图片",
text: "文本",
link: "链接"
};
const $ = (id) => document.getElementById(id);
const icon = (name, className = "icon") =>
`<svg class="${className}" aria-hidden="true"><use href="./assets/icons.svg#${name}"></use></svg>`;
@@ -37,7 +59,7 @@ const statusClass = (status) => ({
"blocked-artifact": "status-pill status-blocked-artifact",
"blocked-destructive": "status-pill status-blocked-destructive",
"triage-manual": "status-pill status-triage-manual",
"suspected": "status-pill status-suspected",
suspected: "status-pill status-suspected",
completed: "status-pill status-verified-real",
failed: "status-pill status-blocked-artifact",
skipped: "status-pill status-triage-manual"
@@ -52,21 +74,37 @@ function escapeHtml(value) {
}
function formatStatus(value) {
return String(value || "unknown").replaceAll("-", " ");
return STATUS_LABELS[value] || String(value || "unknown").replaceAll("-", " ");
}
function formatDateTime(value) {
if (!value) return "-";
const date = new Date(value);
if (Number.isNaN(date.getTime())) return String(value);
return date.toLocaleString("zh-CN", {
hour12: false,
year: "numeric",
month: "2-digit",
day: "2-digit",
hour: "2-digit",
minute: "2-digit",
second: "2-digit"
});
}
function timeAgo(value) {
if (!value) return "-";
const diff = Date.now() - new Date(value).getTime();
if (Number.isNaN(diff)) return value;
if (Number.isNaN(diff)) return String(value);
const seconds = Math.floor(diff / 1000);
if (seconds < 60) return `${seconds}s ago`;
if (seconds <= 5) return "刚刚";
if (seconds < 60) return `${seconds} 秒前`;
const minutes = Math.floor(seconds / 60);
if (minutes < 60) return `${minutes}m ago`;
if (minutes < 60) return `${minutes} 分钟前`;
const hours = Math.floor(minutes / 60);
if (hours < 24) return `${hours}h ago`;
if (hours < 24) return `${hours} 小时前`;
const days = Math.floor(hours / 24);
return `${days}d ago`;
return `${days} 天前`;
}
async function fetchJson(url) {
@@ -94,30 +132,30 @@ function metricCards() {
return [
{
label: "Total Runs",
label: "运行总数",
value: state.summary?.run_count || 0,
note: `${state.summary?.advisory_count || 0} advisories indexed`,
note: `已索引漏洞条目 ${state.summary?.advisory_count || 0} `,
color: "var(--accent-purple)",
iconName: "report"
},
{
label: "Success",
label: "实证成功",
value: successCount,
note: "verified-real + verified-synthetic",
note: "真实版本 + 合成靶场",
color: "var(--accent-green)",
iconName: "shield"
},
{
label: "Blocked",
label: "当前阻塞",
value: blockedCount,
note: "artifact or destructive blockers",
note: "制品阻塞或破坏性风险阻塞",
color: "var(--accent-red)",
iconName: "failure"
},
{
label: "In Progress",
label: "待处理 / 进行中",
value: inProgressCount,
note: "manual review or incomplete verification",
note: "人工分诊、待补证据或未完成实证",
color: "var(--accent-blue)",
iconName: "timeline"
}
@@ -149,11 +187,16 @@ function renderSyncState(kind, title, detail) {
$("syncState").dataset.kind = kind;
}
function optionLabel(kind, value) {
if (kind === "status") return formatStatus(value);
return value;
}
function hydrateFilters() {
const controls = [
["systemFilter", "system", state.runs.map((item) => item.system_id), "All systems"],
["statusFilter", "status", state.runs.map((item) => item.verification_status), "All statuses"],
["profileFilter", "profile", state.runs.map((item) => item.repro_profile_id), "All profiles"]
["systemFilter", "system", state.runs.map((item) => item.system_id), "全部系统"],
["statusFilter", "status", state.runs.map((item) => item.verification_status), "全部状态"],
["profileFilter", "profile", state.runs.map((item) => item.repro_profile_id), "全部复现档案"]
];
for (const [id, key, values, label] of controls) {
@@ -161,7 +204,7 @@ function hydrateFilters() {
const current = state.filters[key];
control.innerHTML = `<option value="">${label}</option>`;
control.innerHTML += distinct(values)
.map((value) => `<option value="${escapeHtml(value)}">${escapeHtml(value)}</option>`)
.map((value) => `<option value="${escapeHtml(value)}">${escapeHtml(optionLabel(key, value))}</option>`)
.join("");
control.value = current;
}
@@ -198,20 +241,20 @@ function renderSystems() {
<article class="system-card">
<div class="timeline-head">
<strong class="system-title">${escapeHtml(system.display_name || system.system_id)}</strong>
<span class="section-chip">${escapeHtml(system.browser_present || 0)}/${escapeHtml(system.browser_required || 0)} browser</span>
<span class="section-chip">${escapeHtml(system.browser_present || 0)}/${escapeHtml(system.browser_required || 0)} 浏览器证据</span>
</div>
<div class="muted">${escapeHtml(system.system_id)} · latest ${escapeHtml(system.latest_update || "-")}</div>
<div class="muted">${escapeHtml(system.system_id)} · 最近更新 ${escapeHtml(formatDateTime(system.latest_update || "-"))}</div>
<div class="tag-row" style="margin-top:10px;">
<span class="tag">real ${escapeHtml(system.verified_real || 0)}</span>
<span class="tag">synthetic ${escapeHtml(system.verified_synthetic || 0)}</span>
<span class="tag">blocked ${escapeHtml(system.blocked || 0)}</span>
<span class="tag">真实 ${escapeHtml(system.verified_real || 0)}</span>
<span class="tag">合成 ${escapeHtml(system.verified_synthetic || 0)}</span>
<span class="tag">阻塞 ${escapeHtml(system.blocked || 0)}</span>
</div>
<div class="meter"><span style="--fill:${coverage}%"></span></div>
</article>
`;
})
.join("")
: `<div class="empty-state">No system coverage data.</div>`;
: `<div class="empty-state">暂无系统覆盖数据。</div>`;
}
function renderRecentFailures() {
@@ -226,23 +269,24 @@ function renderRecentFailures() {
<span class="${statusClass(item.status)}">${escapeHtml(formatStatus(item.status))}</span>
</div>
<div class="muted" style="margin-top:8px;">${escapeHtml(item.title || item.advisory_id)}</div>
<div class="failure-reason" style="margin-top:8px;">${escapeHtml(item.blocked_reason || "-")}</div>
<div class="failure-reason" style="margin-top:8px;">${escapeHtml(item.blocked_reason || "未提供失败原因。")}</div>
</article>
`
)
.join("")
: `<div class="empty-state">No recent blockers.</div>`;
: `<div class="empty-state">当前没有最近失败记录。</div>`;
}
function renderRunQueue() {
const runs = filteredRuns();
$("runCount").textContent = `${runs.length} shown`;
$("runCount").textContent = `${runs.length} `;
$("runQueue").innerHTML = runs.length
? runs
.map((item) => {
const active = item.run_id === state.selectedRunId ? "is-active" : "";
const browserState = item.browser_evidence?.present ? "ready" : (item.browser_evidence?.required ? "required" : "optional");
const browserState = item.browser_evidence?.present ? "已采集" : (item.browser_evidence?.required ? "必需待补" : "可选");
const lead = item.reasoning_lines?.[0] || item.blocked_reason || item.advisory_meta?.summary || "";
const artifactCount = (item.artifact_groups || []).reduce((sum, group) => sum + Number(group.count || 0), 0);
return `
<button class="run-card ${active}" type="button" data-run-id="${escapeHtml(item.run_id)}">
<div class="run-topline">
@@ -256,15 +300,15 @@ function renderRunQueue() {
<span>${escapeHtml(timeAgo(item.finished_at))}</span>
</div>
<div class="tag-row" style="margin-top:10px;">
<span class="tag">artifacts ${escapeHtml((item.artifact_groups || []).reduce((sum, group) => sum + group.count, 0))}</span>
<span class="tag">browser ${escapeHtml(browserState)}</span>
<span class="tag">证据 ${escapeHtml(artifactCount)}</span>
<span class="tag">浏览器 ${escapeHtml(browserState)}</span>
</div>
<div class="muted" style="margin-top:10px;">${escapeHtml(lead)}</div>
</button>
`;
})
.join("")
: `<div class="empty-state">No runs match the current filters.</div>`;
: `<div class="empty-state">当前筛选条件下没有匹配的运行。</div>`;
document.querySelectorAll("[data-run-id]").forEach((button) => {
button.addEventListener("click", () => {
@@ -278,18 +322,18 @@ function renderRunQueue() {
function progressSegments(progress) {
const order = [
["completed", "Completed", "progress-completed"],
["blocked", "Blocked", "progress-blocked"],
["failed", "Failed", "progress-failed"],
["skipped", "Skipped", "progress-skipped"],
["planned", "Planned", "progress-planned"],
["other", "Other", "progress-other"]
["completed", "已完成", "progress-completed"],
["blocked", "已阻塞", "progress-blocked"],
["failed", "失败", "progress-failed"],
["skipped", "已跳过", "progress-skipped"],
["planned", "已规划", "progress-planned"],
["other", "其他", "progress-other"]
];
const total = order.reduce((sum, [key]) => sum + Number(progress?.[key] || 0), 0);
if (!total) {
return {
bar: `<div class="progress-segment progress-other" style="width:100%"></div>`,
legend: `<span class="tag"><span class="swatch progress-other"></span>no progress</span>`
legend: `<span class="tag"><span class="swatch progress-other"></span>暂无进度</span>`
};
}
const bar = order
@@ -379,7 +423,7 @@ async function openArtifact(href, label, kind) {
}
viewer.innerHTML = `<pre>${escapeHtml(formatted)}</pre>`;
} catch (error) {
viewer.innerHTML = `<pre>Artifact load failed: ${escapeHtml(error.message)}</pre>`;
viewer.innerHTML = `<pre>加载 artifact 失败:${escapeHtml(error.message)}</pre>`;
}
}
@@ -396,16 +440,147 @@ function bindPanelToggles() {
});
}
function renderArchitectureFields(fields = []) {
if (!fields.length) return "";
return `
<div class="arch-field-grid">
${fields
.map(
(field) => `
<article class="arch-field">
<span class="arch-field-label">${escapeHtml(field.label || "-")}</span>
<div class="arch-field-value">${escapeHtml(field.value || "-")}</div>
</article>
`
)
.join("")}
</div>
`;
}
function renderArchitectureStats(stats = []) {
if (!stats.length) return "";
return `
<div class="arch-stat-grid">
${stats
.map(
(item) => `
<article class="arch-stat">
<span class="arch-stat-label">${escapeHtml(item.label || "-")}</span>
<strong class="arch-stat-value">${escapeHtml(item.value || "-")}</strong>
</article>
`
)
.join("")}
</div>
`;
}
function renderArchitectureLinks(links = []) {
if (!links.length) return "";
return `
<div class="arch-link-grid">
${links
.map(
(linkItem) => `
<a class="arch-link-card" href="${escapeHtml(linkItem.href || "#")}" target="_blank" rel="noreferrer">
<span class="arch-link-label">${escapeHtml(linkItem.label || "打开链接")}</span>
<span class="arch-link-copy">${escapeHtml(linkItem.description || linkItem.href || "")}</span>
</a>
`
)
.join("")}
</div>
`;
}
function renderArchitectureNode(node, depth = 0) {
if (!node) return "";
const children = (node.items || []).map((item) => renderArchitectureNode(item, depth + 1)).join("");
const fields = renderArchitectureFields(node.fields || []);
const stats = renderArchitectureStats(node.stats || []);
const links = renderArchitectureLinks(node.links || []);
const badges = (node.badges || [])
.map((badge) => `<span class="tag">${escapeHtml(badge)}</span>`)
.join("");
const hasBody = Boolean(children || fields || stats || links || node.summary || badges);
const summaryBlock = `
<div class="arch-summary-main">
<strong class="arch-title">${escapeHtml(node.title || "未命名节点")}</strong>
${node.summary ? `<span class="arch-summary-copy">${escapeHtml(node.summary)}</span>` : ""}
</div>
<div class="arch-summary-meta">
${node.items?.length ? `<span class="section-chip">${escapeHtml(node.items.length)} 个子项</span>` : ""}
${node.fields?.length ? `<span class="section-chip">${escapeHtml(node.fields.length)} 个字段</span>` : ""}
${node.links?.length ? `<span class="section-chip">${escapeHtml(node.links.length)} 个链接</span>` : ""}
</div>
`;
if (!hasBody) {
return `
<article class="arch-leaf" data-depth="${escapeHtml(depth)}">
${summaryBlock}
</article>
`;
}
const openAttr = node.open === false ? "" : "open";
return `
<details class="arch-node" data-depth="${escapeHtml(depth)}" ${openAttr}>
<summary class="arch-summary">
${summaryBlock}
</summary>
<div class="arch-body">
${badges ? `<div class="tag-row arch-badges">${badges}</div>` : ""}
${stats}
${fields}
${links}
${children ? `<div class="arch-children">${children}</div>` : ""}
</div>
</details>
`;
}
function renderArchitecturePanel() {
const architecture = state.architecture;
if (!architecture) {
return renderPanel("architecture", "当前架构库", "未生成", "systems", `<div class="empty-state">尚未找到架构 JSON,请先执行渲染命令。</div>`);
}
const sections = architecture.sections || [];
const content = `
<div class="callout architecture-callout">
<strong>${escapeHtml(architecture.title || "当前架构库")}</strong>
<div class="plan-copy">${escapeHtml(architecture.summary || "当前工作台的结构化真值视图。")}</div>
<div class="tag-row" style="margin-top:10px;">
<span class="tag">生成时间 ${escapeHtml(formatDateTime(architecture.generated_at))}</span>
<a class="tag" href="./architecture.json" target="_blank" rel="noreferrer">架构 JSON</a>
<a class="tag" href="./docs/architecture-library.html" target="_blank" rel="noreferrer">镜像页</a>
<a class="tag" href="./docs/root-readme.html" target="_blank" rel="noreferrer">仓库入口镜像</a>
</div>
</div>
<div class="architecture-tree">
${sections.length ? sections.map((section) => renderArchitectureNode(section, 0)).join("") : `<div class="empty-state">架构库目前没有可展示的分区。</div>`}
</div>
`;
return renderPanel("architecture", "当前架构库", `${sections.length} 个分区`, "systems", content);
}
function renderEmptyWorkspace() {
$("detailWorkspace").innerHTML = `
<div class="workspace-empty">
${icon("shield", "icon icon-xl")}
<h2>选择一个运行</h2>
<p class="empty-copy">左侧队列用于切换 run。即使当前没有选中运行,你也可以直接展开下方“当前架构库”查看仓库控制面、数据层、系统分组、授权边界与本地入口。</p>
</div>
${renderArchitecturePanel()}
`;
bindPanelToggles();
}
function renderDetail() {
const run = state.runs.find((item) => item.run_id === state.selectedRunId);
if (!run) {
$("detailWorkspace").innerHTML = `
<div class="workspace-empty">
${icon("shield", "icon icon-xl")}
<h2>Select a run</h2>
<p class="empty-copy">Pick a run from the left queue to inspect timeline, evidence, logs and raw JSON.</p>
</div>
`;
renderEmptyWorkspace();
return;
}
@@ -413,7 +588,7 @@ function renderDetail() {
const profile = run.profile_meta || {};
const screenshotItems = ((run.artifact_groups || []).find((group) => group.key === "browser")?.items || []).filter((item) => item.kind === "image");
const segments = progressSegments(run.progress || {});
const browserStatus = run.browser_evidence?.present ? "Ready" : (run.browser_evidence?.required ? "Required" : "Optional");
const browserStatus = run.browser_evidence?.present ? "已采集" : (run.browser_evidence?.required ? "必需待补" : "可选");
const artifactCount = (run.artifact_groups || []).reduce((sum, group) => sum + Number(group.count || 0), 0);
const timelineContent = `
@@ -426,42 +601,42 @@ function renderDetail() {
<span class="timeline-dot"></span>
<div class="timeline-head">
<strong>${escapeHtml(item.step || "-")}</strong>
<span class="timeline-time">${escapeHtml(item.at || "-")}</span>
<span class="timeline-time">${escapeHtml(formatDateTime(item.at || "-"))}</span>
</div>
<div class="${statusClass(item.status || "default")}" style="margin-top:8px;">${escapeHtml(formatStatus(item.status || "unknown"))}</div>
<div class="timeline-detail">${escapeHtml(item.detail || "-")}</div>
</article>
`)
.join("") || `<div class="empty-state">No timeline items recorded.</div>`}
.join("") || `<div class="empty-state">当前运行没有记录时间线。</div>`}
</div>
`;
const reasoningCards = [
{
label: "Summary",
copy: advisory.summary || "No advisory summary available."
label: "概要",
copy: advisory.summary || "当前漏洞条目没有摘要。"
},
{
label: "Success Criteria",
copy: (profile.success_criteria || []).join(" | ") || "No success criteria defined."
label: "成功判据",
copy: (profile.success_criteria || []).join(" | ") || "当前 profile 没有定义成功判据。"
},
{
label: "Seed / Attack Notes",
copy: (run.reasoning_lines || []).join("\n\n") || "No reasoning lines recorded."
label: "Seed / 攻击思路",
copy: (run.reasoning_lines || []).join("\n\n") || "当前运行没有记录思路说明。"
},
{
label: "Allowed Targets",
copy: (profile.allowed_target_types || []).join(", ") || "No target scope declared."
label: "允许目标",
copy: (profile.allowed_target_types || []).join(", ") || "当前 profile 没有声明允许目标类型。"
}
];
const reasoningContent = `
${run.blocked_reason ? `<div class="callout"><strong>Failure reason</strong><div class="plan-copy">${escapeHtml(run.blocked_reason)}</div></div>` : ""}
${run.blocked_reason ? `<div class="callout"><strong>失败原因</strong><div class="plan-copy">${escapeHtml(run.blocked_reason)}</div></div>` : ""}
<div class="tag-row" style="margin-bottom:14px;">
<span class="tag">vuln family ${escapeHtml(profile.vuln_family || "unknown")}</span>
<span class="tag">cleanup ${escapeHtml(profile.cleanup_policy || "-")}</span>
<span class="tag">destructive risk ${escapeHtml(profile.destructive_risk || "-")}</span>
<span class="tag">artifact ${escapeHtml(run.artifact_mode || "-")}</span>
<span class="tag">漏洞家族 ${escapeHtml(profile.vuln_family || "未定义")}</span>
<span class="tag">清理策略 ${escapeHtml(profile.cleanup_policy || "-")}</span>
<span class="tag">破坏性风险 ${escapeHtml(profile.destructive_risk || "-")}</span>
<span class="tag">制品模式 ${escapeHtml(run.artifact_mode || "-")}</span>
</div>
<div class="plan-grid">
${reasoningCards
@@ -490,7 +665,7 @@ function renderDetail() {
(item) => `
<button class="artifact-button" type="button" data-artifact data-href="${escapeHtml(item.href)}" data-kind="${escapeHtml(item.kind)}" data-label="${escapeHtml(item.label)}">
<span>${escapeHtml(item.label)}</span>
<span class="artifact-kind">${escapeHtml(item.kind)}</span>
<span class="artifact-kind">${escapeHtml(ARTIFACT_KIND_LABELS[item.kind] || item.kind)}</span>
</button>
`
)
@@ -499,7 +674,7 @@ function renderDetail() {
</section>
`
)
.join("") || `<div class="empty-state">No artifact groups for this run.</div>`}
.join("") || `<div class="empty-state">当前运行没有可浏览的产物分组。</div>`}
${
screenshotItems.length
@@ -524,27 +699,31 @@ function renderDetail() {
<div class="viewer-card">
<div class="viewer-toolbar">
<div>
<div id="viewerLabel" class="viewer-label">${escapeHtml(state.selectedArtifact?.label || "Select an artifact")}</div>
<div id="viewerMeta" class="viewer-meta">${escapeHtml(state.selectedArtifact?.href || "Artifact preview will appear here.")}</div>
<div id="viewerLabel" class="viewer-label">${escapeHtml(state.selectedArtifact?.label || "选择一个产物")}</div>
<div id="viewerMeta" class="viewer-meta">${escapeHtml(state.selectedArtifact?.href || "这里会显示 JSON、文本、HTML 报告、截图和其他日志的预览。")}</div>
</div>
<div class="detail-actions">
<a id="viewerOpen" class="button button-secondary" href="${escapeHtml(state.selectedArtifact?.href || run.dashboard_refs.report_html)}" target="_blank" rel="noreferrer">${icon("link")}<span>Open artifact</span></a>
<button id="viewerRefresh" class="button button-secondary" type="button">${icon("refresh")}<span>Refresh preview</span></button>
<a id="viewerOpen" class="button button-secondary" href="${escapeHtml(state.selectedArtifact?.href || run.dashboard_refs.report_html)}" target="_blank" rel="noreferrer">${icon("link")}<span>打开产物</span></a>
<button id="viewerRefresh" class="button button-secondary" type="button">${icon("refresh")}<span>刷新预览</span></button>
</div>
</div>
<div id="viewerFrame" class="viewer-frame"><pre>Select a report, log, screenshot, JSON or HTML artifact to preview it here.</pre></div>
<div id="viewerFrame" class="viewer-frame"><pre>选择报告、日志、截图、JSON HTML 产物后,会在这里直接预览。</pre></div>
</div>
`;
const sourceLinks = [
advisory.official_source_url
? `<a href="${escapeHtml(advisory.official_source_url)}" target="_blank" rel="noreferrer">${escapeHtml(advisory.official_source_url)}</a>`
: `<span class="muted">当前漏洞条目没有关联官方来源。</span>`,
...(advisory.secondary_source_urls || []).map((url) => `<a href="${escapeHtml(url)}" target="_blank" rel="noreferrer">${escapeHtml(url)}</a>`)
].join("");
const sourcesContent = `
<div class="tag-row">
${(advisory.aliases || []).map((alias) => `<span class="tag">${escapeHtml(alias)}</span>`).join("")}
${(advisory.secure_code_topics || []).map((topic) => `<a class="tag" href="./docs/secure-code-index.html" target="_blank" rel="noreferrer">${escapeHtml(topic)}</a>`).join("")}
</div>
<div class="source-links">
${advisory.official_source_url ? `<a href="${escapeHtml(advisory.official_source_url)}" target="_blank" rel="noreferrer">${escapeHtml(advisory.official_source_url)}</a>` : `<span class="muted">No official source linked.</span>`}
${(advisory.secondary_source_urls || []).map((url) => `<a href="${escapeHtml(url)}" target="_blank" rel="noreferrer">${escapeHtml(url)}</a>`).join("")}
</div>
<div class="source-links">${sourceLinks}</div>
`;
const rawRunContent = `<article class="json-card"><pre>${escapeHtml(JSON.stringify(run, null, 2))}</pre></article>`;
@@ -563,42 +742,43 @@ function renderDetail() {
</div>
</div>
<h2 class="detail-title">${escapeHtml(advisory.title || run.advisory_id)}</h2>
<div class="detail-subtitle">${escapeHtml(advisory.summary || "No advisory summary available.")}</div>
<div class="detail-subtitle">${escapeHtml(advisory.summary || "当前漏洞条目没有摘要。")}</div>
<div class="detail-actions">
<a class="button button-primary" href="${escapeHtml(run.dashboard_refs.report_html)}" target="_blank" rel="noreferrer">${icon("report")}<span>HTML report</span></a>
<a class="button button-secondary" href="${escapeHtml(run.dashboard_refs.report_md)}" target="_blank" rel="noreferrer">${icon("markdown")}<span>Markdown</span></a>
<a class="button button-secondary" href="${escapeHtml(run.dashboard_refs.bundle)}" target="_blank" rel="noreferrer">${icon("json")}<span>Run JSON</span></a>
<a class="button button-primary" href="${escapeHtml(run.dashboard_refs.report_html)}" target="_blank" rel="noreferrer">${icon("report")}<span>HTML 报告</span></a>
<a class="button button-secondary" href="${escapeHtml(run.dashboard_refs.report_md)}" target="_blank" rel="noreferrer">${icon("markdown")}<span>Markdown 报告</span></a>
<a class="button button-secondary" href="${escapeHtml(run.dashboard_refs.bundle)}" target="_blank" rel="noreferrer">${icon("json")}<span>运行 JSON</span></a>
</div>
<div class="detail-stat-grid">
<article class="detail-stat">
<strong>Timeline Steps</strong>
<strong>时间线步骤</strong>
<span>${escapeHtml(run.timeline?.length || 0)}</span>
</article>
<article class="detail-stat">
<strong>Artifacts</strong>
<strong>Artifact</strong>
<span>${escapeHtml(artifactCount)}</span>
</article>
<article class="detail-stat">
<strong>Browser Evidence</strong>
<strong>浏览器证据</strong>
<span>${escapeHtml(browserStatus)}</span>
</article>
<article class="detail-stat">
<strong>Finished</strong>
<strong>完成时间</strong>
<span>${escapeHtml(timeAgo(run.finished_at))}</span>
</article>
</div>
</section>
${renderPanel("timeline", "Progress Timeline", `${escapeHtml(run.timeline?.length || 0)} steps`, "timeline", timelineContent)}
${renderPanel("reasoning", "Attack Plan & Reasoning", escapeHtml(profile.vuln_family || "unknown"), "reasoning", reasoningContent)}
${renderPanel("evidence", "Evidence Explorer", `${escapeHtml(run.artifact_groups?.length || 0)} groups`, "evidence", evidenceContent)}
${renderPanel("logs", "Live Log Viewer", state.selectedArtifact ? "active" : "idle", "logs", logContent)}
${renderPanel("sources", "Sources & Fix Topics", `${escapeHtml((advisory.secondary_source_urls || []).length + (advisory.official_source_url ? 1 : 0))} links`, "sources", sourcesContent)}
${renderPanel("run_json", "Run JSON", "raw", "json", rawRunContent)}
${renderPanel("advisory_json", "Advisory JSON", "raw", "json", rawAdvisoryContent)}
${renderPanel("profile_json", "Profile JSON", "raw", "json", rawProfileContent)}
${renderPanel("timeline", "进度时间线", `${escapeHtml(run.timeline?.length || 0)} `, "timeline", timelineContent)}
${renderPanel("reasoning", "攻击方案与推理", escapeHtml(profile.vuln_family || "未定义"), "reasoning", reasoningContent)}
${renderPanel("evidence", "证据浏览器", `${escapeHtml(run.artifact_groups?.length || 0)} `, "evidence", evidenceContent)}
${renderPanel("logs", "实时日志查看器", state.selectedArtifact ? "已选产物" : "等待选择", "logs", logContent)}
${renderPanel("sources", "来源与修复主题", `${escapeHtml((advisory.secondary_source_urls || []).length + (advisory.official_source_url ? 1 : 0))} 条链接`, "sources", sourcesContent)}
${renderArchitecturePanel()}
${renderPanel("run_json", "运行 JSON", "原始数据", "json", rawRunContent)}
${renderPanel("advisory_json", "漏洞条目 JSON", "原始数据", "json", rawAdvisoryContent)}
${renderPanel("profile_json", "复现档案 JSON", "原始数据", "json", rawProfileContent)}
`;
bindPanelToggles();
@@ -663,15 +843,16 @@ function startRefreshLoop() {
async function loadData(preserveSelection = true) {
const previous = state.selectedRunId;
renderSyncState("loading", "Refreshing", new Date().toLocaleTimeString());
renderSyncState("loading", "刷新中", `本地时间 ${new Date().toLocaleTimeString("zh-CN", { hour12: false })}`);
try {
const [summary, runs, systems, advisories, profiles] = await Promise.all([
const [summary, runs, systems, advisories, profiles, architecture] = await Promise.all([
fetchJson("./summary.json"),
fetchJson("./runs.json"),
fetchJson("./systems.json"),
fetchJson("./advisories.json"),
fetchJson("./profiles.json")
fetchJson("./profiles.json"),
fetchJson("./architecture.json")
]);
state.summary = summary;
@@ -679,6 +860,7 @@ async function loadData(preserveSelection = true) {
state.systems = systems;
state.advisories = advisories;
state.profiles = profiles;
state.architecture = architecture;
hydrateFilters();
const hashRun = location.hash.startsWith("#run=") ? location.hash.replace("#run=", "") : null;
@@ -690,11 +872,11 @@ async function loadData(preserveSelection = true) {
}
renderAll();
renderSyncState("live", "Live", summary.generated_at || new Date().toISOString());
renderSyncState("live", "实时同步", `最近生成 ${formatDateTime(summary.generated_at || new Date().toISOString())}`);
} catch (error) {
$("runQueue").innerHTML = `<div class="empty-state">Dashboard load failed: ${escapeHtml(error.message)}</div>`;
$("detailWorkspace").innerHTML = `<div class="workspace-empty"><h2>Load failed</h2><p class="empty-copy">${escapeHtml(error.message)}</p></div>`;
renderSyncState("error", "Load Failed", error.message);
$("runQueue").innerHTML = `<div class="empty-state">工作台加载失败:${escapeHtml(error.message)}</div>`;
$("detailWorkspace").innerHTML = `<div class="workspace-empty"><h2>加载失败</h2><p class="empty-copy">${escapeHtml(error.message)}</p></div>`;
renderSyncState("error", "加载失败", error.message);
}
}

168
08-threat-intel/generated/dashboard/assets/styles.css
查看文件

@@ -963,6 +963,171 @@ select {
text-underline-offset: 3px;
}
.architecture-tree {
display: grid;
gap: 14px;
}
.architecture-callout {
border-color: rgba(77, 141, 255, 0.28);
background: rgba(77, 141, 255, 0.08);
}
.arch-node,
.arch-leaf {
border: 1px solid rgba(148, 163, 184, 0.14);
border-radius: 16px;
background: rgba(255, 255, 255, 0.025);
}
.arch-node + .arch-node,
.arch-leaf + .arch-node,
.arch-node + .arch-leaf,
.arch-leaf + .arch-leaf {
margin-top: 12px;
}
.arch-node summary {
list-style: none;
}
.arch-node summary::-webkit-details-marker {
display: none;
}
.arch-summary {
display: flex;
justify-content: space-between;
gap: 14px;
padding: 15px 16px;
cursor: pointer;
}
.arch-summary::after {
content: "";
width: 9px;
height: 9px;
margin-top: 6px;
border-right: 2px solid rgba(255, 255, 255, 0.72);
border-bottom: 2px solid rgba(255, 255, 255, 0.72);
transform: rotate(45deg);
transition: transform 0.2s ease;
}
.arch-node[open] > .arch-summary::after {
transform: rotate(225deg);
}
.arch-summary-main {
display: grid;
gap: 6px;
min-width: 0;
}
.arch-title {
font-size: 0.98rem;
}
.arch-summary-copy {
color: var(--text-secondary);
line-height: 1.5;
font-size: 0.88rem;
}
.arch-summary-meta {
display: flex;
flex-wrap: wrap;
justify-content: flex-end;
gap: 8px;
}
.arch-body {
display: grid;
gap: 14px;
padding: 0 16px 16px;
}
.arch-badges {
margin-top: -2px;
}
.arch-stat-grid,
.arch-field-grid,
.arch-link-grid {
display: grid;
gap: 12px;
}
.arch-stat-grid {
grid-template-columns: repeat(auto-fit, minmax(150px, 1fr));
}
.arch-stat,
.arch-field,
.arch-link-card {
border: 1px solid rgba(148, 163, 184, 0.14);
border-radius: 14px;
background: rgba(255, 255, 255, 0.03);
}
.arch-stat,
.arch-field {
padding: 12px 14px;
}
.arch-stat-label,
.arch-field-label,
.arch-link-label {
display: block;
color: var(--text-secondary);
text-transform: uppercase;
letter-spacing: 0.06em;
font-size: 0.72rem;
}
.arch-stat-value {
display: block;
margin-top: 8px;
font-size: 1.1rem;
}
.arch-field-value,
.arch-link-copy {
margin-top: 8px;
color: var(--text-primary);
line-height: 1.58;
white-space: pre-wrap;
word-break: break-word;
font-size: 0.9rem;
}
.arch-link-grid {
grid-template-columns: repeat(auto-fit, minmax(220px, 1fr));
}
.arch-link-card {
display: block;
padding: 12px 14px;
transition: transform 0.18s ease, border-color 0.18s ease, background 0.18s ease;
}
.arch-link-card:hover {
transform: translateY(-1px);
border-color: rgba(77, 141, 255, 0.42);
background: rgba(77, 141, 255, 0.08);
}
.arch-children {
display: grid;
gap: 12px;
padding-left: 14px;
border-left: 1px solid rgba(148, 163, 184, 0.12);
}
.arch-leaf {
padding: 14px 16px;
}
.json-card pre {
margin: 0;
max-height: 420px;
@@ -1050,7 +1215,8 @@ select {
.tag-row,
.panel-meta,
.viewer-toolbar,
.dashboard-footer {
.dashboard-footer,
.arch-summary {
flex-direction: column;
align-items: stretch;
}

6030
08-threat-intel/generated/dashboard/docs/architecture-library.html 普通文件
查看文件

文件差异内容过多而无法显示 加载差异

123
08-threat-intel/generated/dashboard/docs/authorization-model.html 普通文件
查看文件

@@ -0,0 +1,123 @@
<!doctype html>
<html lang="zh-CN">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>授权模型镜像</title>
<style>
:root {
--bg: #08111f;
--panel: rgba(9, 18, 32, 0.9);
--border: rgba(137, 171, 214, 0.2);
--text: #f7fafc;
--muted: #9fb3ca;
--accent: #5eead4;
}
* { box-sizing: border-box; }
body {
margin: 0;
min-height: 100vh;
font-family: "IBM Plex Sans", "Segoe UI", sans-serif;
color: var(--text);
background:
radial-gradient(circle at top left, rgba(94, 234, 212, 0.12), transparent 26%),
linear-gradient(160deg, #050c16 0%, #091526 50%, #10233d 100%);
}
main {
max-width: 1080px;
margin: 0 auto;
padding: 32px 20px 40px;
}
.panel {
background: var(--panel);
border: 1px solid var(--border);
border-radius: 20px;
padding: 24px;
box-shadow: 0 24px 80px rgba(1, 7, 20, 0.45);
}
.actions {
display: flex;
flex-wrap: wrap;
gap: 12px;
margin-bottom: 18px;
}
.chip {
display: inline-flex;
align-items: center;
gap: 8px;
border-radius: 999px;
border: 1px solid var(--border);
padding: 10px 14px;
color: var(--text);
background: rgba(255,255,255,0.05);
text-decoration: none;
}
.chip:hover { border-color: rgba(94, 234, 212, 0.42); }
h1 {
margin: 0 0 12px;
font-family: "IBM Plex Serif", Georgia, serif;
font-size: clamp(1.8rem, 4vw, 3rem);
line-height: 1.08;
}
.meta {
color: var(--muted);
margin-bottom: 18px;
}
pre {
margin: 0;
padding: 20px;
overflow: auto;
border-radius: 16px;
border: 1px solid rgba(137, 171, 214, 0.12);
background: rgba(2, 8, 22, 0.84);
color: #d6e5f5;
font-family: "IBM Plex Mono", "SFMono-Regular", monospace;
font-size: 0.92rem;
line-height: 1.6;
white-space: pre-wrap;
}
</style>
</head>
<body>
<main>
<div class="panel">
<div class="actions">
<a class="chip" href="../index.html">返回工作台</a>
</div>
<h1>授权模型镜像</h1>
<div class="meta">工作台内置镜像页:目标范围、授权模型、最小化验证建议和记录要求。</div>
<pre># 授权模型
## 目标分类
| 类型 | 定义 | 允许动作 |
|------|------|----------|
| `lab-local` | 本地集群、Docker 靶场、隔离内网实验节点 | 完整实验、漏洞复现、修复对照 |
| `lab-public` | 你方自建且可公网访问的测试站点、服务器、设备 | 验证性探测、最小化注入、关联面分析 |
| `authorized-third-party` | 已明确授权的外部验证目标 | 以授权边界为准的最小必要实验 |
| `out-of-scope` | 无归属证明、无授权、公共知名站点、泛互联网目标 | 不允许使用本仓库内容发起验证 |
## 全局原则
1. 任何公网验证都必须先确认资产归属或授权关系。
2. 优先采用只读探测、最小化回显验证和低频实验。
3. 涉及账户、令牌、敏感数据和业务写入时,应选择最小必要动作并保留记录。
4. 不做泛互联网枚举,不做对无关公共站点的同类操作复用。
## 最小化验证建议
- 注入类: 先做上下文识别,再做无害回显或布尔差异,不直接进入破坏性利用。
- 认证类: 优先验证限速、锁定和失败处理,不以接管真实账户为目标。
- 端口与关联面类: 先缩到单主机、单证书、单代理边界,再扩展分析。
- 前端类: 优先验证敏感数据暴露和保护头缺失,不触碰真实用户数据。
## 记录要求
- 公网实验必须回填 [测试记录模板](/Users/x/websafe/09-scope-and-targeting/test-record-template.md)
- 目标资产必须登记在 [资产清单模板](/Users/x/websafe/09-scope-and-targeting/asset-inventory-template.md)
- 新工具和新案例应附带对应元数据模板
</pre>
</div>
</main>
</body>
</html>

159
08-threat-intel/generated/dashboard/docs/coverage-matrix.html 普通文件
查看文件

@@ -0,0 +1,159 @@
<!doctype html>
<html lang="zh-CN">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>覆盖矩阵镜像</title>
<style>
:root {
--bg: #08111f;
--panel: rgba(9, 18, 32, 0.9);
--border: rgba(137, 171, 214, 0.2);
--text: #f7fafc;
--muted: #9fb3ca;
--accent: #5eead4;
}
* { box-sizing: border-box; }
body {
margin: 0;
min-height: 100vh;
font-family: "IBM Plex Sans", "Segoe UI", sans-serif;
color: var(--text);
background:
radial-gradient(circle at top left, rgba(94, 234, 212, 0.12), transparent 26%),
linear-gradient(160deg, #050c16 0%, #091526 50%, #10233d 100%);
}
main {
max-width: 1080px;
margin: 0 auto;
padding: 32px 20px 40px;
}
.panel {
background: var(--panel);
border: 1px solid var(--border);
border-radius: 20px;
padding: 24px;
box-shadow: 0 24px 80px rgba(1, 7, 20, 0.45);
}
.actions {
display: flex;
flex-wrap: wrap;
gap: 12px;
margin-bottom: 18px;
}
.chip {
display: inline-flex;
align-items: center;
gap: 8px;
border-radius: 999px;
border: 1px solid var(--border);
padding: 10px 14px;
color: var(--text);
background: rgba(255,255,255,0.05);
text-decoration: none;
}
.chip:hover { border-color: rgba(94, 234, 212, 0.42); }
h1 {
margin: 0 0 12px;
font-family: "IBM Plex Serif", Georgia, serif;
font-size: clamp(1.8rem, 4vw, 3rem);
line-height: 1.08;
}
.meta {
color: var(--muted);
margin-bottom: 18px;
}
pre {
margin: 0;
padding: 20px;
overflow: auto;
border-radius: 16px;
border: 1px solid rgba(137, 171, 214, 0.12);
background: rgba(2, 8, 22, 0.84);
color: #d6e5f5;
font-family: "IBM Plex Mono", "SFMono-Regular", monospace;
font-size: 0.92rem;
line-height: 1.6;
white-space: pre-wrap;
}
</style>
</head>
<body>
<main>
<div class="panel">
<div class="actions">
<a class="chip" href="../index.html">返回工作台</a>
</div>
<h1>覆盖矩阵镜像</h1>
<div class="meta">工作台内置镜像页:当前覆盖矩阵生成结果。</div>
<pre># 覆盖矩阵
| 系统 | 分类 | 覆盖策略 | 历史全量 | 近两年全量 | 全量 registry | 重点案例 Markdown | secure-code 关联 | 自动同步状态 | 本地实证状态 | 浏览器证据 | run bundle | triage | 最近更新 |
|------|------|----------|----------|------------|--------------|--------------------|------------------|--------------|--------------|------------|-----------|--------|----------|
| Adminer | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Adobe Commerce | `ecommerce` | `history-full` | `yes` | `yes` | `0` | `0` | `4` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Angular | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Apache HTTP Server | `servers` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Apache Tomcat | `servers` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| ASP.NET Core | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Astro | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Caddy | `servers` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Directus | `cms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Discourse | `cms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Django | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Drupal | `cms` | `history-full` | `yes` | `yes` | `0` | `0` | `4` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Echo | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| esbuild | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Express | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Fastify | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Flask | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Ghost | `cms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Gin | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Gitea | `platforms` | `rolling-24m` | `-` | `yes` | `37` | `37` | `3` | `seeded` | `real:0/synthetic:0/blocked:1` | `0` | `1` | `0` | `2026-03-03T04:57:57.697708Z` |
| GitLab CE | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Grafana | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Hapi | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| HAProxy | `servers` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Jenkins | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Joomla | `cms` | `history-full` | `yes` | `yes` | `0` | `0` | `4` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Kibana | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Koa | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Laravel | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Magento Open Source | `ecommerce` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Mattermost | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| MediaWiki | `cms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Medusa | `ecommerce` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Moodle | `cms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| NestJS | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Next.js | `frameworks` | `history-full` | `yes` | `yes` | `26` | `26` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `1` | `0` | `2026-03-13T22:14:13.665535Z` |
| Nginx | `servers` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Node.js | `frameworks` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Nuxt | `frameworks` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| OpenCart | `ecommerce` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| OpenMage / Mage-OS | `ecommerce` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| phpMyAdmin | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| PrestaShop | `ecommerce` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Ruby on Rails | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| React | `frameworks` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Redmine | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Saleor | `ecommerce` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Shopware | `ecommerce` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Spring Boot | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Spring Framework | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Spring Security | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Strapi | `cms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| SvelteKit | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Symfony | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Traefik | `servers` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Undici | `frameworks` | `rolling-24m` | `-` | `yes` | `14` | `14` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-03-14T09:19:54.772219Z` |
| Vite | `frameworks` | `history-full` | `yes` | `yes` | `12` | `12` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-02-04T04:37:24.129476Z` |
| Vue | `frameworks` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| webpack | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Werkzeug | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| WooCommerce | `ecommerce` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| WordPress | `cms` | `history-full` | `yes` | `yes` | `0` | `0` | `4` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
</pre>
</div>
</main>
</body>
</html>

4
08-threat-intel/generated/dashboard/docs/design-source.html
查看文件

@@ -82,10 +82,10 @@
<main>
<div class="panel">
<div class="actions">
<a class="chip" href="../index.html">Back to dashboard</a>
<a class="chip" href="../index.html">返回工作台</a>
</div>
<h1>Lovart 设计来源与本地化清单</h1>
<div class="meta">Local vendor manifest for the Lovart-derived dashboard shell.</div>
<div class="meta">工作台内置镜像页Lovart 来源文件、本地 vendor 路径和本地化说明。</div>
<pre>{
&quot;template_id&quot;: &quot;lovart-authorized-lab-dashboard&quot;,
&quot;source_url&quot;: &quot;https://assets-persist.lovart.ai/agent_images/464011bb-fbbc-4bd4-98f8-90897dd43612.html&quot;,

12
08-threat-intel/generated/dashboard/docs/frontend-dashboard-design.html
查看文件

@@ -82,10 +82,10 @@
<main>
<div class="panel">
<div class="actions">
<a class="chip" href="../index.html">Back to dashboard</a>
<a class="chip" href="../index.html">返回工作台</a>
</div>
<h1>本地前端工作台设计文档</h1>
<div class="meta">Dashboard-local mirror of the UI and interaction specification.</div>
<div class="meta">工作台内置镜像页:前端交互、展示结构和视觉规范。</div>
<pre># 本地前端工作台设计文档
&gt; `LAB ONLY` | `AUTHORIZED TARGETS ONLY`
@@ -134,7 +134,8 @@ flowchart LR
D --&gt; G[&quot;Evidence Explorer&quot;]
D --&gt; H[&quot;Live Log Viewer&quot;]
D --&gt; I[&quot;Sources &amp; Fix Topics&quot;]
D --&gt; J[&quot;Raw JSON Panels&quot;]
D --&gt; J[&quot;当前架构库&quot;]
D --&gt; K[&quot;Raw JSON Panels&quot;]
```
## 4. 页面布局
@@ -207,6 +208,11 @@ flowchart LR
- secondary sources
- aliases
- secure code topics
- 当前架构库
- 项目定位、授权边界、控制面、数据层、地址入口
- source-map / repro-map 派生的系统分组与默认复现策略
- 当前生成态、状态分布、最近失败
- 可折叠查看任意层级信息并打开本地镜像页 / JSON
- Raw JSON
- run JSON
- advisory JSON

8
08-threat-intel/generated/dashboard/docs/project-features.html
查看文件

@@ -82,10 +82,10 @@
<main>
<div class="panel">
<div class="actions">
<a class="chip" href="../index.html">Back to dashboard</a>
<a class="chip" href="../index.html">返回工作台</a>
</div>
<h1>项目功能与特性总览</h1>
<div class="meta">Dashboard-local mirror of the repo feature guide.</div>
<div class="meta">工作台内置镜像页:仓库功能、目录和自动化链路说明。</div>
<pre># 项目功能与特性总览
&gt; `LAB ONLY` | `AUTHORIZED TARGETS ONLY`
@@ -151,7 +151,8 @@
- 静态前端工作台
- `/index.html` 为本地化 Lovart 正式 UI
- `/legacy/index.html` 为旧版工作台回退入口
- `/docs/*.html` 为本地可访问的说明与设计镜像页
- `/docs/*.html` 为本地可访问的说明、真值配置与设计镜像页
- `architecture.json` 为当前架构库结构化真值
- `07-framework-security/`
- 系统级 README、INDEX、案例页,自动显示本地实证状态
@@ -244,6 +245,7 @@ python3 /Users/x/websafe/scripts/lab/main.py serve-dashboard --port 8734
- 快速定位系统 / advisory / repro profile
- 折叠与展开 timeline、evidence、sources、raw JSON
- 折叠与展开“当前架构库”,查看控制面、数据层、地址入口、授权边界和系统分组
- 直接查看 compose、JSON、日志、截图、报告
- 高亮失败原因、当前 blocker、利用思路、成功判据
- 自动刷新生成数据,适配正在进行中的本地 run

838
08-threat-intel/generated/dashboard/docs/repro-map.html 普通文件
查看文件

@@ -0,0 +1,838 @@
<!doctype html>
<html lang="zh-CN">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>repro-map 真值镜像</title>
<style>
:root {
--bg: #08111f;
--panel: rgba(9, 18, 32, 0.9);
--border: rgba(137, 171, 214, 0.2);
--text: #f7fafc;
--muted: #9fb3ca;
--accent: #5eead4;
}
* { box-sizing: border-box; }
body {
margin: 0;
min-height: 100vh;
font-family: "IBM Plex Sans", "Segoe UI", sans-serif;
color: var(--text);
background:
radial-gradient(circle at top left, rgba(94, 234, 212, 0.12), transparent 26%),
linear-gradient(160deg, #050c16 0%, #091526 50%, #10233d 100%);
}
main {
max-width: 1080px;
margin: 0 auto;
padding: 32px 20px 40px;
}
.panel {
background: var(--panel);
border: 1px solid var(--border);
border-radius: 20px;
padding: 24px;
box-shadow: 0 24px 80px rgba(1, 7, 20, 0.45);
}
.actions {
display: flex;
flex-wrap: wrap;
gap: 12px;
margin-bottom: 18px;
}
.chip {
display: inline-flex;
align-items: center;
gap: 8px;
border-radius: 999px;
border: 1px solid var(--border);
padding: 10px 14px;
color: var(--text);
background: rgba(255,255,255,0.05);
text-decoration: none;
}
.chip:hover { border-color: rgba(94, 234, 212, 0.42); }
h1 {
margin: 0 0 12px;
font-family: "IBM Plex Serif", Georgia, serif;
font-size: clamp(1.8rem, 4vw, 3rem);
line-height: 1.08;
}
.meta {
color: var(--muted);
margin-bottom: 18px;
}
pre {
margin: 0;
padding: 20px;
overflow: auto;
border-radius: 16px;
border: 1px solid rgba(137, 171, 214, 0.12);
background: rgba(2, 8, 22, 0.84);
color: #d6e5f5;
font-family: "IBM Plex Mono", "SFMono-Regular", monospace;
font-size: 0.92rem;
line-height: 1.6;
white-space: pre-wrap;
}
</style>
</head>
<body>
<main>
<div class="panel">
<div class="actions">
<a class="chip" href="../index.html">返回工作台</a>
</div>
<h1>repro-map 真值镜像</h1>
<div class="meta">工作台内置镜像页:默认漏洞家族、浏览器要求和日志策略真值。</div>
<pre>systems:
- system_id: wordpress
default_repro_family: xss-generic
provisioning_mode_preference:
- official-image
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: drupal
default_repro_family: xss-generic
provisioning_mode_preference:
- official-image
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: joomla
default_repro_family: xss-generic
provisioning_mode_preference:
- official-image
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: ghost
default_repro_family: xss-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: strapi
default_repro_family: file-upload-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: directus
default_repro_family: file-upload-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: mediawiki
default_repro_family: xss-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: moodle
default_repro_family: xss-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: discourse
default_repro_family: xss-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: adobe-commerce
default_repro_family: xss-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: magento-open-source
default_repro_family: file-upload-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: openmage
default_repro_family: plugin-extension-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: woocommerce
default_repro_family: xss-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: prestashop
default_repro_family: file-upload-generic
provisioning_mode_preference:
- official-image
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: shopware
default_repro_family: file-upload-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: opencart
default_repro_family: file-upload-generic
provisioning_mode_preference:
- official-image
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: saleor
default_repro_family: session-token-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: medusa
default_repro_family: session-token-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: react
default_repro_family: xss-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: nextjs
default_repro_family: proxy-boundary-generic
provisioning_mode_preference:
- official-source
- synthetic
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: vue
default_repro_family: xss-generic
provisioning_mode_preference:
- official-source
- synthetic
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: nuxt
default_repro_family: proxy-boundary-generic
provisioning_mode_preference:
- official-source
- synthetic
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: vite
default_repro_family: proxy-boundary-generic
provisioning_mode_preference:
- official-source
- synthetic
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: angular
default_repro_family: xss-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: sveltekit
default_repro_family: session-token-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: astro
default_repro_family: authz-bypass-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: express
default_repro_family: xss-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: nestjs
default_repro_family: ssrf-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: koa
default_repro_family: proxy-boundary-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: fastify
default_repro_family: xss-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: hapi
default_repro_family: proxy-boundary-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: nodejs
default_repro_family: ssrf-generic
provisioning_mode_preference:
- official-source
- synthetic
- synthetic
browser_required_default: false
seed_strategy: minimal-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: undici
default_repro_family: proxy-boundary-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: webpack
default_repro_family: file-upload-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: esbuild
default_repro_family: file-upload-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: spring-framework
default_repro_family: deserialization-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: spring-security
default_repro_family: proxy-boundary-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: spring-boot
default_repro_family: proxy-boundary-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: laravel
default_repro_family: xss-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: symfony
default_repro_family: xss-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: django
default_repro_family: xss-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: flask
default_repro_family: xss-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: werkzeug
default_repro_family: proxy-boundary-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: rails
default_repro_family: xss-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: aspnet-core
default_repro_family: xss-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: gin
default_repro_family: xss-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: echo
default_repro_family: proxy-boundary-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: nginx
default_repro_family: proxy-boundary-generic
provisioning_mode_preference:
- official-image
- official-source
- synthetic
browser_required_default: false
seed_strategy: minimal-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: apache-httpd
default_repro_family: proxy-boundary-generic
provisioning_mode_preference:
- official-image
- official-source
- synthetic
browser_required_default: false
seed_strategy: minimal-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: apache-tomcat
default_repro_family: authz-bypass-generic
provisioning_mode_preference:
- official-image
- official-source
- synthetic
browser_required_default: false
seed_strategy: minimal-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: caddy
default_repro_family: proxy-boundary-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: false
seed_strategy: minimal-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: traefik
default_repro_family: proxy-boundary-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: false
seed_strategy: minimal-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: haproxy
default_repro_family: proxy-boundary-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: false
seed_strategy: minimal-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: phpmyadmin
default_repro_family: xss-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: adminer
default_repro_family: xss-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: gitea
default_repro_family: proxy-boundary-generic
provisioning_mode_preference:
- official-image
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: gitlab-ce
default_repro_family: deserialization-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: jenkins
default_repro_family: deserialization-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: grafana
default_repro_family: xss-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: kibana
default_repro_family: xss-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: mattermost
default_repro_family: xss-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: redmine
default_repro_family: xss-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
</pre>
</div>
</main>
</body>
</html>

212
08-threat-intel/generated/dashboard/docs/root-readme.html 普通文件
查看文件

@@ -0,0 +1,212 @@
<!doctype html>
<html lang="zh-CN">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>仓库 README 镜像</title>
<style>
:root {
--bg: #08111f;
--panel: rgba(9, 18, 32, 0.9);
--border: rgba(137, 171, 214, 0.2);
--text: #f7fafc;
--muted: #9fb3ca;
--accent: #5eead4;
}
* { box-sizing: border-box; }
body {
margin: 0;
min-height: 100vh;
font-family: "IBM Plex Sans", "Segoe UI", sans-serif;
color: var(--text);
background:
radial-gradient(circle at top left, rgba(94, 234, 212, 0.12), transparent 26%),
linear-gradient(160deg, #050c16 0%, #091526 50%, #10233d 100%);
}
main {
max-width: 1080px;
margin: 0 auto;
padding: 32px 20px 40px;
}
.panel {
background: var(--panel);
border: 1px solid var(--border);
border-radius: 20px;
padding: 24px;
box-shadow: 0 24px 80px rgba(1, 7, 20, 0.45);
}
.actions {
display: flex;
flex-wrap: wrap;
gap: 12px;
margin-bottom: 18px;
}
.chip {
display: inline-flex;
align-items: center;
gap: 8px;
border-radius: 999px;
border: 1px solid var(--border);
padding: 10px 14px;
color: var(--text);
background: rgba(255,255,255,0.05);
text-decoration: none;
}
.chip:hover { border-color: rgba(94, 234, 212, 0.42); }
h1 {
margin: 0 0 12px;
font-family: "IBM Plex Serif", Georgia, serif;
font-size: clamp(1.8rem, 4vw, 3rem);
line-height: 1.08;
}
.meta {
color: var(--muted);
margin-bottom: 18px;
}
pre {
margin: 0;
padding: 20px;
overflow: auto;
border-radius: 16px;
border: 1px solid rgba(137, 171, 214, 0.12);
background: rgba(2, 8, 22, 0.84);
color: #d6e5f5;
font-family: "IBM Plex Mono", "SFMono-Regular", monospace;
font-size: 0.92rem;
line-height: 1.6;
white-space: pre-wrap;
}
</style>
</head>
<body>
<main>
<div class="panel">
<div class="actions">
<a class="chip" href="../index.html">返回工作台</a>
</div>
<h1>仓库 README 镜像</h1>
<div class="meta">工作台内置镜像页:仓库定位、能力矩阵、入口和自动化入口。</div>
<pre># 授权攻防实验与研究知识库
&gt; `LAB ONLY` | `AUTHORIZED TARGETS ONLY` | `非生产安全基线`
本仓库定位为“授权攻防实验库”,覆盖本地靶场、自建公网测试资产和已明确授权的验证目标。内容允许出现验证性攻击演示、测试性注入、同服务器站点排查、真实漏洞映射和自动化订阅,但所有语境都绑定到自有或授权目标,不面向无关第三方站点或公共知名网站。
## 入口
- [项目文档总览](/Users/x/websafe/docs/README.md)
- [目标边界与授权模型](/Users/x/websafe/09-scope-and-targeting/authorization-model.md)
- [主流开源 Web 系统安全总览](/Users/x/websafe/07-framework-security/README.md)
- [漏洞情报与自动入库总览](/Users/x/websafe/08-threat-intel/README.md)
- [覆盖矩阵](/Users/x/websafe/08-threat-intel/generated/coverage-matrix.md)
- [最新同步摘要](/Users/x/websafe/08-threat-intel/generated/latest-ingest.md)
- [唯一真值配置 `source-map.yaml`](/Users/x/websafe/08-threat-intel/source-map.yaml)
## 仓库结构
```text
websafe/
├── 00-environments/ # 系统 catalog、真实版本/当前版本 profile、synthetic 模板
├── 01-sql-injection/ # SQL 注入实验
├── 02-xss/ # XSS 与浏览器端注入实验
├── 03-authentication/ # 认证、会话与 JWT 实验
├── 04-server-security/ # 服务器、TLS、暴露面与关联面实验
├── 05-defense/ # 检测、观测、实验对照与代码修复示例
├── 06-case-studies/ # 授权案例与 run bundle / 报告归档
├── 07-framework-security/ # CMS、电商、框架、服务器、平台系统安全
├── 08-threat-intel/ # source-map、repro-map、registry、dashboard、订阅规则、自动入库
├── 09-scope-and-targeting/ # 授权模型、资产模板、测试记录模板
├── docs/ # 项目功能文档、前端设计文档与展示规范
├── requirements-intel.txt # intel + lab 自动化依赖(含 Playwright Python 包)
├── scripts/intel/ # hotlane / ingest / reconcile / backfill / open-pr CLI
└── scripts/lab/ # provision / baseline / attack / browser / evidence / render / queue CLI
```
## 能力矩阵
| 覆盖域 | 历史全量策略 | 近两年策略 | 全量 registry | 重点案例 Markdown | secure-code 关联 | 本地实证状态 | 浏览器证据 | run bundle | 看板展示 | 自动同步状态 |
|--------|--------------|------------|---------------|--------------------|------------------|--------------|------------|-----------|----------|--------------|
| CMS / 内容平台 | `WordPress`, `Drupal`, `Joomla` | `Ghost`, `Strapi`, `Directus`, `MediaWiki`, `Moodle`, `Discourse` | `registry/advisories + registry/systems` | `core 全量 + 高价值 extension` | `yes` | `verified-real / verified-synthetic / blocked-* / triage-manual` | `前端类强制` | `06-case-studies/generated-runs` | `dashboard + report` | `render / ingest / hotlane / reconcile ready` |
| 电商系统 | `Adobe Commerce`, `Magento Open Source`, `WooCommerce`, `PrestaShop`, `Shopware`, `OpenCart` | `OpenMage`, `Saleor`, `Medusa` | `registry/advisories + registry/systems` | `core 全量 + 高价值 module` | `yes` | `同上` | `前台/后台面板类强制` | `run bundle + logs` | `dashboard + report` | `render / ingest / hotlane / reconcile ready` |
| Web 框架与运行时 | `React`, `Next.js`, `Vue`, `Nuxt`, `Vite`, `Node.js`, `Nginx`, `Apache HTTP Server`, `Apache Tomcat` | 其余主流框架与运行时按 `rolling-24m` | `registry/advisories + registry/systems` | `core 全量 + 高价值 package` | `yes` | `family runner + advisory profile` | `浏览器/HTTP 混合` | `run bundle + timeline` | `dashboard + report` | `render / ingest / hotlane / reconcile ready` |
| 开源平台与后台系统 | `history-full` 不强制 | `phpMyAdmin`, `Adminer`, `Gitea`, `GitLab CE`, `Jenkins`, `Grafana`, `Kibana`, `Mattermost`, `Redmine` | `registry/advisories + registry/systems` | `高价值案例输出` | `yes` | `真实版本优先` | `Web 面板类强制` | `run bundle + screenshots` | `dashboard + report` | `render / ingest / hotlane / reconcile ready` |
| 修复示例库 | 不适用 | 不适用 | 不适用 | 由案例页反向链接 | `javascript-typescript`, `nodejs`, `java`, `php`, `python`, `ruby`, `csharp`, `go` | `由案例反向映射` | `不适用` | `不适用` | `索引页` | `render ready` |
| 自动化入库与实证 | `backfill --tier history-full` | `ingest --since`, `reconcile` | `registry + generated + registry/runs` | `基于 render_policy` | `front matter 反向链接` | `queue + run-case / run-batch` | `Playwright required for browser cases` | `report.md / report.html / timeline.mmd` | `serve-dashboard` | `open-pr / cron ready` |
## 当前覆盖对象
当前 `source-map.yaml` 已纳入 62 个主流开源 Web 系统,分为五组:
- CMS / 内容平台WordPress、Drupal、Joomla、Ghost、Strapi、Directus、MediaWiki、Moodle、Discourse
- 电商系统Adobe Commerce、Magento Open Source、OpenMage / Mage-OS、WooCommerce、PrestaShop、Shopware、OpenCart、Saleor、Medusa
- Web 框架与运行时React、Next.js、Vue、Nuxt、Vite、Angular、SvelteKit、Astro、Express、NestJS、Koa、Fastify、Hapi、Node.js、Undici、webpack、esbuild、Spring Framework、Spring Security、Spring Boot、Laravel、Symfony、Django、Flask、Werkzeug、Rails、ASP.NET Core、Gin、Echo
- 服务器与边界层Nginx、Apache HTTP Server、Apache Tomcat、Caddy、Traefik、HAProxy
- 常见开源平台phpMyAdmin、Adminer、Gitea、GitLab CE、Jenkins、Grafana、Kibana、Mattermost、Redmine
## 自动化入口
```bash
python3 /Users/x/websafe/scripts/intel/main.py render
python3 /Users/x/websafe/scripts/intel/main.py validate
python3 /Users/x/websafe/scripts/intel/main.py hotlane
python3 /Users/x/websafe/scripts/intel/main.py ingest --since last-success
python3 /Users/x/websafe/scripts/intel/main.py reconcile
python3 /Users/x/websafe/scripts/intel/main.py backfill --tier history-full --dry-run
python3 /Users/x/websafe/scripts/intel/main.py open-pr --dry-run
python3 /Users/x/websafe/scripts/lab/main.py catalog sync
python3 /Users/x/websafe/scripts/lab/main.py validate
python3 /Users/x/websafe/scripts/lab/main.py run-case --case nextjs--CVE-2025-29927 --dry-run
python3 /Users/x/websafe/scripts/lab/main.py run-batch --only-hotlane --limit 10
python3 /Users/x/websafe/scripts/lab/main.py serve-dashboard --port 8734
```
本地 dashboard 路由:
- `/index.html`
- 默认正式 UI,使用本地化 Lovart 视觉壳层
- `/legacy/index.html`
- 旧版工作台回退入口
- `/docs/design-source.html`
- 设计来源与本地化说明
- `/docs/architecture-library.html`
- 当前架构库结构化镜像页
计划中的本机 cron 入口:
- [run-hourly.sh](/Users/x/websafe/scripts/intel/run-hourly.sh) 处理 KEV / 在野利用 / 极高优先级更新,并触发 hotlane 实证队列
- [run-nightly.sh](/Users/x/websafe/scripts/intel/run-nightly.sh) 处理常规增量同步、批量实证、dashboard 渲染和 PR
- [run-weekly-reconcile.sh](/Users/x/websafe/scripts/intel/run-weekly-reconcile.sh) 对齐最近 30 天更新,并重跑失败/阻塞任务
## 本地实证链路
每条 advisory 的自动链路固定为:
1. `registry/advisories/*.json` 选中 case。
2. `repro-map.yaml + repro-profiles/` 解析到 repro family / advisory profile。
3. `00-environments/catalog + profiles` 生成 compose 拓扑和靶站参数。
4. `scripts/lab/main.py run-case` 拉起环境、收集 baseline、执行受控攻击链。
5. 前端类 case 强制走 Playwright 浏览器回放,生成截图、DOM、console、network 证据。
6. 生成 `06-case-studies/generated-runs/&lt;run-id&gt;/` 报告和 `08-threat-intel/registry/runs/&lt;run-id&gt;.json`。
7. 自动回写 registry、系统 INDEX、案例页和 dashboard。
## 实验边界
- `05-defense/` 下的配置样例用于实验观测、对抗演示、修复映射和反例说明,不应被误当成生产安全基线。
- `07-framework-security/` 下的系统页默认绑定 `lab-local`、`lab-public`、`authorized-third-party` 三类目标,并明确禁止未授权公网使用。
- `08-threat-intel/registry/` 是“所有具体 advisory”的正式载体;并非所有记录都强制生成独立 Markdown 页面。
- `08-threat-intel/generated/` 是人类可读摘要层,实际覆盖和路由以 `source-map.yaml` 与 `registry/` 为准。
## 使用前提
- 在运行任何工具前,先阅读 [授权模型](/Users/x/websafe/09-scope-and-targeting/authorization-model.md)。
- 对公网目标执行验证性测试时,必须能证明资产归属,或已获得明确授权。
- 优先采用只读探测、最小化注入、可回滚验证和可审计日志。
## 免责声明
本仓库仅用于授权安全测试、安全研究和教学实验。未经授权对第三方系统执行扫描、注入、爆破、绕过或枚举行为可能违法。
</pre>
</div>
</main>
</body>
</html>

4
08-threat-intel/generated/dashboard/docs/secure-code-index.html
查看文件

@@ -82,10 +82,10 @@
<main>
<div class="panel">
<div class="actions">
<a class="chip" href="../index.html">Back to dashboard</a>
<a class="chip" href="../index.html">返回工作台</a>
</div>
<h1>安全编码修复库索引</h1>
<div class="meta">Dashboard-local mirror of the secure-code library index.</div>
<div class="meta">工作台内置镜像页secure-code 修复主题索引。</div>
<pre># 安全编码修复库
&gt; `LAB ONLY` | 修复主题用于把实验发现映射回代码整改,不代表默认生产基线。

2096
08-threat-intel/generated/dashboard/docs/source-map.html 普通文件
查看文件

文件差异内容过多而无法显示 加载差异

59
08-threat-intel/generated/dashboard/index.html
查看文件

@@ -3,7 +3,7 @@
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Authorized Lab Dashboard</title>
<title>授权攻防实验工作台</title>
<link rel="stylesheet" href="./assets/styles.css">
</head>
<body>
@@ -17,22 +17,22 @@
<div class="hero-copy">
<div class="hero-eyebrow">
<svg class="icon"><use href="./assets/icons.svg#spark"></use></svg>
<span>Authorized Lab Dashboard</span>
<span>授权攻防实验工作台</span>
</div>
<h1>本地攻防实证工作台</h1>
<p>
Lovart 设计外壳已本地化并接入真实 run bundle 数据。页面只面向授权实验资产,
聚合 advisory、timeline、evidence、logs、sources、raw JSON 与失败原因。
聚合漏洞条目、时间线、证据、日志、来源、原始 JSON、当前架构库与失败原因。
</p>
</div>
<div class="hero-actions">
<button id="refreshDashboard" class="button button-primary" type="button">
<svg class="icon"><use href="./assets/icons.svg#refresh"></use></svg>
<span>Refresh</span>
<span>立即刷新</span>
</button>
<label class="toggle-card">
<span class="toggle-label">Auto Refresh</span>
<span class="toggle-label">自动刷新</span>
<span class="toggle-switch">
<input id="autoRefresh" type="checkbox" checked>
<span class="toggle-slider"></span>
@@ -41,22 +41,26 @@
<div id="syncState" class="sync-state">
<svg class="icon icon-sync"><use href="./assets/icons.svg#sync"></use></svg>
<div>
<strong>Booting</strong>
<span>Loading generated JSON</span>
<strong>启动中</strong>
<span>正在载入本地生成数据</span>
</div>
</div>
<div class="hero-links">
<a class="button button-secondary" href="./docs/project-features.html" target="_blank" rel="noreferrer">
<svg class="icon"><use href="./assets/icons.svg#docs"></use></svg>
<span>Feature Docs</span>
<span>功能文档</span>
</a>
<a class="button button-secondary" href="./docs/frontend-dashboard-design.html" target="_blank" rel="noreferrer">
<svg class="icon"><use href="./assets/icons.svg#playbook"></use></svg>
<span>UI Spec</span>
<span>前端设计</span>
</a>
<a class="button button-secondary" href="./docs/architecture-library.html" target="_blank" rel="noreferrer">
<svg class="icon"><use href="./assets/icons.svg#systems"></use></svg>
<span>架构镜像</span>
</a>
<a class="button button-secondary" href="./legacy/index.html" target="_blank" rel="noreferrer">
<svg class="icon"><use href="./assets/icons.svg#legacy"></use></svg>
<span>Legacy UI</span>
<span>旧版工作台</span>
</a>
</div>
</div>
@@ -71,38 +75,38 @@
<div class="section-header">
<span>
<svg class="icon"><use href="./assets/icons.svg#filter"></use></svg>
Filters
筛选器
</span>
<span id="runCount" class="section-badge">0 shown</span>
<span id="runCount" class="section-badge">0 </span>
</div>
<div class="filter-group">
<label class="field">
<span>Search</span>
<span>搜索</span>
<div class="search-box">
<svg class="icon"><use href="./assets/icons.svg#search"></use></svg>
<input id="searchInput" type="text" placeholder="Search run id, advisory, title">
<input id="searchInput" type="text" placeholder="搜索 run idadvisory、标题、概要">
</div>
</label>
<label class="field">
<span>System</span>
<span>系统</span>
<select id="systemFilter" class="filter-select">
<option value="">All systems</option>
<option value="">全部系统</option>
</select>
</label>
<label class="field">
<span>Status</span>
<span>状态</span>
<select id="statusFilter" class="filter-select">
<option value="">All statuses</option>
<option value="">全部状态</option>
</select>
</label>
<label class="field">
<span>Profile</span>
<select id="profileFilter" class="filter-select">
<option value="">All profiles</option>
<option value="">全部 Profile</option>
</select>
</label>
</div>
@@ -112,7 +116,7 @@
<div class="section-header">
<span>
<svg class="icon"><use href="./assets/icons.svg#systems"></use></svg>
Systems
系统概览
</span>
</div>
<div id="systemStats" class="system-stats"></div>
@@ -122,7 +126,7 @@
<div class="section-header">
<span>
<svg class="icon"><use href="./assets/icons.svg#failure"></use></svg>
Recent Failures
最近失败
</span>
</div>
<div id="recentFailures" class="failure-list"></div>
@@ -132,7 +136,7 @@
<div class="section-header">
<span>
<svg class="icon"><use href="./assets/icons.svg#queue"></use></svg>
Run Queue
运行队列
</span>
</div>
<div id="runQueue" class="run-list"></div>
@@ -142,8 +146,8 @@
<section id="detailWorkspace" class="workspace">
<div class="workspace-empty">
<svg class="icon icon-xl"><use href="./assets/icons.svg#shield"></use></svg>
<h2>Select a run</h2>
<p>Pick a run from the left queue to inspect timeline, evidence, logs, sources and raw JSON.</p>
<h2>选择一个运行</h2>
<p>从左侧队列选择 run,即可查看时间线、证据、日志、来源、原始 JSON 和当前架构库。</p>
</div>
</section>
</main>
@@ -152,13 +156,14 @@
<div class="footer-left">
<span class="footer-note">
<svg class="icon"><use href="./assets/icons.svg#source"></use></svg>
UI shell is vendorized from a local Lovart source copy, not an online runtime dependency.
当前 UI 壳层来自本地化 Lovart 模板副本,运行期不依赖任何远端 HTML、字体或图标 CDN。
</span>
</div>
<div class="footer-links">
<a href="./docs/design-source.html" target="_blank" rel="noreferrer">Design source</a>
<a href="./docs/design-source.html" target="_blank" rel="noreferrer">设计来源</a>
<a href="./assets/design-source.json" target="_blank" rel="noreferrer">Manifest JSON</a>
<a href="./summary.json" target="_blank" rel="noreferrer">Summary JSON</a>
<a href="./architecture.json" target="_blank" rel="noreferrer">架构 JSON</a>
<a href="./summary.json" target="_blank" rel="noreferrer">摘要 JSON</a>
</div>
</footer>
</div>

1
08-threat-intel/generated/dashboard/legacy/architecture.json 符号链接
查看文件

@@ -0,0 +1 @@
../architecture.json

14
08-threat-intel/generated/dashboard/runs.json
查看文件

@@ -197,7 +197,7 @@
"artifact_groups": [
{
"key": "reports",
"label": "Reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
@@ -224,7 +224,7 @@
},
{
"key": "compose",
"label": "Compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
@@ -378,7 +378,7 @@
"artifact_groups": [
{
"key": "reports",
"label": "Reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
@@ -405,7 +405,7 @@
},
{
"key": "requests",
"label": "Request Logs",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 2,
"items": [
{
@@ -576,7 +576,7 @@
"artifact_groups": [
{
"key": "reports",
"label": "Reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
@@ -603,7 +603,7 @@
},
{
"key": "baseline",
"label": "Baseline Snapshots",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
@@ -615,7 +615,7 @@
},
{
"key": "requests",
"label": "Request Logs",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{

2
08-threat-intel/generated/dashboard/summary.json
查看文件

@@ -1,5 +1,5 @@
{
"generated_at": "2026-03-17T08:20:30+00:00",
"generated_at": "2026-03-17T08:59:56+00:00",
"advisory_count": 89,
"run_count": 3,
"statuses": {

2
08-threat-intel/generated/latest-ingest.md
查看文件

@@ -1,6 +1,6 @@
# 最新同步摘要
- 渲染时间: `2026-03-17T08:20:30+00:00`
- 渲染时间: `2026-03-17T08:59:56+00:00`
- 系统数量: `62`
- Advisory 数量: `89`
- 重点 Markdown 数量: `89`

2
08-threat-intel/generated/run-summary.json
查看文件

@@ -1,5 +1,5 @@
{
"generated_at": "2026-03-17T08:20:30+00:00",
"generated_at": "2026-03-17T08:59:56+00:00",
"system_count": 62,
"advisory_count": 89,
"markdown_count": 89,

2
README.md
查看文件

@@ -80,6 +80,8 @@ python3 /Users/x/websafe/scripts/lab/main.py serve-dashboard --port 8734
- 旧版工作台回退入口
- `/docs/design-source.html`
- 设计来源与本地化说明
- `/docs/architecture-library.html`
- 当前架构库结构化镜像页
计划中的本机 cron 入口:

8
docs/frontend-dashboard-design.md
查看文件

@@ -46,7 +46,8 @@ flowchart LR
D --> G["Evidence Explorer"]
D --> H["Live Log Viewer"]
D --> I["Sources & Fix Topics"]
D --> J["Raw JSON Panels"]
D --> J["当前架构库"]
D --> K["Raw JSON Panels"]
```
## 4. 页面布局
@@ -119,6 +120,11 @@ flowchart LR
- secondary sources
- aliases
- secure code topics
- 当前架构库
- 项目定位、授权边界、控制面、数据层、地址入口
- source-map / repro-map 派生的系统分组与默认复现策略
- 当前生成态、状态分布、最近失败
- 可折叠查看任意层级信息并打开本地镜像页 / JSON
- Raw JSON
- run JSON
- advisory JSON

4
docs/project-features.md
查看文件

@@ -63,7 +63,8 @@
- 静态前端工作台
- `/index.html` 为本地化 Lovart 正式 UI
- `/legacy/index.html` 为旧版工作台回退入口
- `/docs/*.html` 为本地可访问的说明与设计镜像页
- `/docs/*.html` 为本地可访问的说明、真值配置与设计镜像页
- `architecture.json` 为当前架构库结构化真值
- `07-framework-security/`
- 系统级 README、INDEX、案例页,自动显示本地实证状态
@@ -156,6 +157,7 @@ python3 /Users/x/websafe/scripts/lab/main.py serve-dashboard --port 8734
- 快速定位系统 / advisory / repro profile
- 折叠与展开 timeline、evidence、sources、raw JSON
- 折叠与展开“当前架构库”,查看控制面、数据层、地址入口、授权边界和系统分组
- 直接查看 compose、JSON、日志、截图、报告
- 高亮失败原因、当前 blocker、利用思路、成功判据
- 自动刷新生成数据,适配正在进行中的本地 run

7
scripts/intel/validators.py
查看文件

@@ -96,6 +96,7 @@ def validate(source_map: Dict[str, Any]) -> List[str]:
GENERATED_DIR / "dashboard" / "runs.json",
GENERATED_DIR / "dashboard" / "advisories.json",
GENERATED_DIR / "dashboard" / "profiles.json",
GENERATED_DIR / "dashboard" / "architecture.json",
GENERATED_DIR / "dashboard" / "assets" / "app.js",
GENERATED_DIR / "dashboard" / "assets" / "styles.css",
GENERATED_DIR / "dashboard" / "assets" / "icons.svg",
@@ -105,7 +106,13 @@ def validate(source_map: Dict[str, Any]) -> List[str]:
GENERATED_DIR / "dashboard" / "docs" / "project-features.html",
GENERATED_DIR / "dashboard" / "docs" / "frontend-dashboard-design.html",
GENERATED_DIR / "dashboard" / "docs" / "secure-code-index.html",
GENERATED_DIR / "dashboard" / "docs" / "root-readme.html",
GENERATED_DIR / "dashboard" / "docs" / "authorization-model.html",
GENERATED_DIR / "dashboard" / "docs" / "source-map.html",
GENERATED_DIR / "dashboard" / "docs" / "repro-map.html",
GENERATED_DIR / "dashboard" / "docs" / "coverage-matrix.html",
GENERATED_DIR / "dashboard" / "docs" / "design-source.html",
GENERATED_DIR / "dashboard" / "docs" / "architecture-library.html",
ROOT / "08-threat-intel" / "registry" / "source-confidence.md",
]:
if not path.exists():

376
scripts/lab/dashboard_templates/lovart/assets/app.js
查看文件

@@ -4,6 +4,7 @@ const state = {
systems: [],
advisories: {},
profiles: {},
architecture: null,
selectedRunId: null,
selectedArtifact: null,
refreshHandle: null,
@@ -21,12 +22,33 @@ const state = {
evidence: true,
logs: true,
sources: true,
architecture: true,
run_json: false,
advisory_json: false,
profile_json: false
}
};
const STATUS_LABELS = {
"verified-real": "真实版本已实证",
"verified-synthetic": "合成靶场已实证",
"blocked-artifact": "制品阻塞",
"blocked-destructive": "破坏性风险阻塞",
"triage-manual": "人工分诊",
suspected: "仅疑似命中",
completed: "已完成",
failed: "失败",
skipped: "已跳过",
planned: "已规划",
unknown: "未知"
};
const ARTIFACT_KIND_LABELS = {
image: "图片",
text: "文本",
link: "链接"
};
const $ = (id) => document.getElementById(id);
const icon = (name, className = "icon") =>
`<svg class="${className}" aria-hidden="true"><use href="./assets/icons.svg#${name}"></use></svg>`;
@@ -37,7 +59,7 @@ const statusClass = (status) => ({
"blocked-artifact": "status-pill status-blocked-artifact",
"blocked-destructive": "status-pill status-blocked-destructive",
"triage-manual": "status-pill status-triage-manual",
"suspected": "status-pill status-suspected",
suspected: "status-pill status-suspected",
completed: "status-pill status-verified-real",
failed: "status-pill status-blocked-artifact",
skipped: "status-pill status-triage-manual"
@@ -52,21 +74,37 @@ function escapeHtml(value) {
}
function formatStatus(value) {
return String(value || "unknown").replaceAll("-", " ");
return STATUS_LABELS[value] || String(value || "unknown").replaceAll("-", " ");
}
function formatDateTime(value) {
if (!value) return "-";
const date = new Date(value);
if (Number.isNaN(date.getTime())) return String(value);
return date.toLocaleString("zh-CN", {
hour12: false,
year: "numeric",
month: "2-digit",
day: "2-digit",
hour: "2-digit",
minute: "2-digit",
second: "2-digit"
});
}
function timeAgo(value) {
if (!value) return "-";
const diff = Date.now() - new Date(value).getTime();
if (Number.isNaN(diff)) return value;
if (Number.isNaN(diff)) return String(value);
const seconds = Math.floor(diff / 1000);
if (seconds < 60) return `${seconds}s ago`;
if (seconds <= 5) return "刚刚";
if (seconds < 60) return `${seconds} 秒前`;
const minutes = Math.floor(seconds / 60);
if (minutes < 60) return `${minutes}m ago`;
if (minutes < 60) return `${minutes} 分钟前`;
const hours = Math.floor(minutes / 60);
if (hours < 24) return `${hours}h ago`;
if (hours < 24) return `${hours} 小时前`;
const days = Math.floor(hours / 24);
return `${days}d ago`;
return `${days} 天前`;
}
async function fetchJson(url) {
@@ -94,30 +132,30 @@ function metricCards() {
return [
{
label: "Total Runs",
label: "运行总数",
value: state.summary?.run_count || 0,
note: `${state.summary?.advisory_count || 0} advisories indexed`,
note: `已索引漏洞条目 ${state.summary?.advisory_count || 0} `,
color: "var(--accent-purple)",
iconName: "report"
},
{
label: "Success",
label: "实证成功",
value: successCount,
note: "verified-real + verified-synthetic",
note: "真实版本 + 合成靶场",
color: "var(--accent-green)",
iconName: "shield"
},
{
label: "Blocked",
label: "当前阻塞",
value: blockedCount,
note: "artifact or destructive blockers",
note: "制品阻塞或破坏性风险阻塞",
color: "var(--accent-red)",
iconName: "failure"
},
{
label: "In Progress",
label: "待处理 / 进行中",
value: inProgressCount,
note: "manual review or incomplete verification",
note: "人工分诊、待补证据或未完成实证",
color: "var(--accent-blue)",
iconName: "timeline"
}
@@ -149,11 +187,16 @@ function renderSyncState(kind, title, detail) {
$("syncState").dataset.kind = kind;
}
function optionLabel(kind, value) {
if (kind === "status") return formatStatus(value);
return value;
}
function hydrateFilters() {
const controls = [
["systemFilter", "system", state.runs.map((item) => item.system_id), "All systems"],
["statusFilter", "status", state.runs.map((item) => item.verification_status), "All statuses"],
["profileFilter", "profile", state.runs.map((item) => item.repro_profile_id), "All profiles"]
["systemFilter", "system", state.runs.map((item) => item.system_id), "全部系统"],
["statusFilter", "status", state.runs.map((item) => item.verification_status), "全部状态"],
["profileFilter", "profile", state.runs.map((item) => item.repro_profile_id), "全部复现档案"]
];
for (const [id, key, values, label] of controls) {
@@ -161,7 +204,7 @@ function hydrateFilters() {
const current = state.filters[key];
control.innerHTML = `<option value="">${label}</option>`;
control.innerHTML += distinct(values)
.map((value) => `<option value="${escapeHtml(value)}">${escapeHtml(value)}</option>`)
.map((value) => `<option value="${escapeHtml(value)}">${escapeHtml(optionLabel(key, value))}</option>`)
.join("");
control.value = current;
}
@@ -198,20 +241,20 @@ function renderSystems() {
<article class="system-card">
<div class="timeline-head">
<strong class="system-title">${escapeHtml(system.display_name || system.system_id)}</strong>
<span class="section-chip">${escapeHtml(system.browser_present || 0)}/${escapeHtml(system.browser_required || 0)} browser</span>
<span class="section-chip">${escapeHtml(system.browser_present || 0)}/${escapeHtml(system.browser_required || 0)} 浏览器证据</span>
</div>
<div class="muted">${escapeHtml(system.system_id)} · latest ${escapeHtml(system.latest_update || "-")}</div>
<div class="muted">${escapeHtml(system.system_id)} · 最近更新 ${escapeHtml(formatDateTime(system.latest_update || "-"))}</div>
<div class="tag-row" style="margin-top:10px;">
<span class="tag">real ${escapeHtml(system.verified_real || 0)}</span>
<span class="tag">synthetic ${escapeHtml(system.verified_synthetic || 0)}</span>
<span class="tag">blocked ${escapeHtml(system.blocked || 0)}</span>
<span class="tag">真实 ${escapeHtml(system.verified_real || 0)}</span>
<span class="tag">合成 ${escapeHtml(system.verified_synthetic || 0)}</span>
<span class="tag">阻塞 ${escapeHtml(system.blocked || 0)}</span>
</div>
<div class="meter"><span style="--fill:${coverage}%"></span></div>
</article>
`;
})
.join("")
: `<div class="empty-state">No system coverage data.</div>`;
: `<div class="empty-state">暂无系统覆盖数据。</div>`;
}
function renderRecentFailures() {
@@ -226,23 +269,24 @@ function renderRecentFailures() {
<span class="${statusClass(item.status)}">${escapeHtml(formatStatus(item.status))}</span>
</div>
<div class="muted" style="margin-top:8px;">${escapeHtml(item.title || item.advisory_id)}</div>
<div class="failure-reason" style="margin-top:8px;">${escapeHtml(item.blocked_reason || "-")}</div>
<div class="failure-reason" style="margin-top:8px;">${escapeHtml(item.blocked_reason || "未提供失败原因。")}</div>
</article>
`
)
.join("")
: `<div class="empty-state">No recent blockers.</div>`;
: `<div class="empty-state">当前没有最近失败记录。</div>`;
}
function renderRunQueue() {
const runs = filteredRuns();
$("runCount").textContent = `${runs.length} shown`;
$("runCount").textContent = `${runs.length} `;
$("runQueue").innerHTML = runs.length
? runs
.map((item) => {
const active = item.run_id === state.selectedRunId ? "is-active" : "";
const browserState = item.browser_evidence?.present ? "ready" : (item.browser_evidence?.required ? "required" : "optional");
const browserState = item.browser_evidence?.present ? "已采集" : (item.browser_evidence?.required ? "必需待补" : "可选");
const lead = item.reasoning_lines?.[0] || item.blocked_reason || item.advisory_meta?.summary || "";
const artifactCount = (item.artifact_groups || []).reduce((sum, group) => sum + Number(group.count || 0), 0);
return `
<button class="run-card ${active}" type="button" data-run-id="${escapeHtml(item.run_id)}">
<div class="run-topline">
@@ -256,15 +300,15 @@ function renderRunQueue() {
<span>${escapeHtml(timeAgo(item.finished_at))}</span>
</div>
<div class="tag-row" style="margin-top:10px;">
<span class="tag">artifacts ${escapeHtml((item.artifact_groups || []).reduce((sum, group) => sum + group.count, 0))}</span>
<span class="tag">browser ${escapeHtml(browserState)}</span>
<span class="tag">证据 ${escapeHtml(artifactCount)}</span>
<span class="tag">浏览器 ${escapeHtml(browserState)}</span>
</div>
<div class="muted" style="margin-top:10px;">${escapeHtml(lead)}</div>
</button>
`;
})
.join("")
: `<div class="empty-state">No runs match the current filters.</div>`;
: `<div class="empty-state">当前筛选条件下没有匹配的运行。</div>`;
document.querySelectorAll("[data-run-id]").forEach((button) => {
button.addEventListener("click", () => {
@@ -278,18 +322,18 @@ function renderRunQueue() {
function progressSegments(progress) {
const order = [
["completed", "Completed", "progress-completed"],
["blocked", "Blocked", "progress-blocked"],
["failed", "Failed", "progress-failed"],
["skipped", "Skipped", "progress-skipped"],
["planned", "Planned", "progress-planned"],
["other", "Other", "progress-other"]
["completed", "已完成", "progress-completed"],
["blocked", "已阻塞", "progress-blocked"],
["failed", "失败", "progress-failed"],
["skipped", "已跳过", "progress-skipped"],
["planned", "已规划", "progress-planned"],
["other", "其他", "progress-other"]
];
const total = order.reduce((sum, [key]) => sum + Number(progress?.[key] || 0), 0);
if (!total) {
return {
bar: `<div class="progress-segment progress-other" style="width:100%"></div>`,
legend: `<span class="tag"><span class="swatch progress-other"></span>no progress</span>`
legend: `<span class="tag"><span class="swatch progress-other"></span>暂无进度</span>`
};
}
const bar = order
@@ -379,7 +423,7 @@ async function openArtifact(href, label, kind) {
}
viewer.innerHTML = `<pre>${escapeHtml(formatted)}</pre>`;
} catch (error) {
viewer.innerHTML = `<pre>Artifact load failed: ${escapeHtml(error.message)}</pre>`;
viewer.innerHTML = `<pre>加载 artifact 失败:${escapeHtml(error.message)}</pre>`;
}
}
@@ -396,16 +440,147 @@ function bindPanelToggles() {
});
}
function renderArchitectureFields(fields = []) {
if (!fields.length) return "";
return `
<div class="arch-field-grid">
${fields
.map(
(field) => `
<article class="arch-field">
<span class="arch-field-label">${escapeHtml(field.label || "-")}</span>
<div class="arch-field-value">${escapeHtml(field.value || "-")}</div>
</article>
`
)
.join("")}
</div>
`;
}
function renderArchitectureStats(stats = []) {
if (!stats.length) return "";
return `
<div class="arch-stat-grid">
${stats
.map(
(item) => `
<article class="arch-stat">
<span class="arch-stat-label">${escapeHtml(item.label || "-")}</span>
<strong class="arch-stat-value">${escapeHtml(item.value || "-")}</strong>
</article>
`
)
.join("")}
</div>
`;
}
function renderArchitectureLinks(links = []) {
if (!links.length) return "";
return `
<div class="arch-link-grid">
${links
.map(
(linkItem) => `
<a class="arch-link-card" href="${escapeHtml(linkItem.href || "#")}" target="_blank" rel="noreferrer">
<span class="arch-link-label">${escapeHtml(linkItem.label || "打开链接")}</span>
<span class="arch-link-copy">${escapeHtml(linkItem.description || linkItem.href || "")}</span>
</a>
`
)
.join("")}
</div>
`;
}
function renderArchitectureNode(node, depth = 0) {
if (!node) return "";
const children = (node.items || []).map((item) => renderArchitectureNode(item, depth + 1)).join("");
const fields = renderArchitectureFields(node.fields || []);
const stats = renderArchitectureStats(node.stats || []);
const links = renderArchitectureLinks(node.links || []);
const badges = (node.badges || [])
.map((badge) => `<span class="tag">${escapeHtml(badge)}</span>`)
.join("");
const hasBody = Boolean(children || fields || stats || links || node.summary || badges);
const summaryBlock = `
<div class="arch-summary-main">
<strong class="arch-title">${escapeHtml(node.title || "未命名节点")}</strong>
${node.summary ? `<span class="arch-summary-copy">${escapeHtml(node.summary)}</span>` : ""}
</div>
<div class="arch-summary-meta">
${node.items?.length ? `<span class="section-chip">${escapeHtml(node.items.length)} 个子项</span>` : ""}
${node.fields?.length ? `<span class="section-chip">${escapeHtml(node.fields.length)} 个字段</span>` : ""}
${node.links?.length ? `<span class="section-chip">${escapeHtml(node.links.length)} 个链接</span>` : ""}
</div>
`;
if (!hasBody) {
return `
<article class="arch-leaf" data-depth="${escapeHtml(depth)}">
${summaryBlock}
</article>
`;
}
const openAttr = node.open === false ? "" : "open";
return `
<details class="arch-node" data-depth="${escapeHtml(depth)}" ${openAttr}>
<summary class="arch-summary">
${summaryBlock}
</summary>
<div class="arch-body">
${badges ? `<div class="tag-row arch-badges">${badges}</div>` : ""}
${stats}
${fields}
${links}
${children ? `<div class="arch-children">${children}</div>` : ""}
</div>
</details>
`;
}
function renderArchitecturePanel() {
const architecture = state.architecture;
if (!architecture) {
return renderPanel("architecture", "当前架构库", "未生成", "systems", `<div class="empty-state">尚未找到架构 JSON,请先执行渲染命令。</div>`);
}
const sections = architecture.sections || [];
const content = `
<div class="callout architecture-callout">
<strong>${escapeHtml(architecture.title || "当前架构库")}</strong>
<div class="plan-copy">${escapeHtml(architecture.summary || "当前工作台的结构化真值视图。")}</div>
<div class="tag-row" style="margin-top:10px;">
<span class="tag">生成时间 ${escapeHtml(formatDateTime(architecture.generated_at))}</span>
<a class="tag" href="./architecture.json" target="_blank" rel="noreferrer">架构 JSON</a>
<a class="tag" href="./docs/architecture-library.html" target="_blank" rel="noreferrer">镜像页</a>
<a class="tag" href="./docs/root-readme.html" target="_blank" rel="noreferrer">仓库入口镜像</a>
</div>
</div>
<div class="architecture-tree">
${sections.length ? sections.map((section) => renderArchitectureNode(section, 0)).join("") : `<div class="empty-state">架构库目前没有可展示的分区。</div>`}
</div>
`;
return renderPanel("architecture", "当前架构库", `${sections.length} 个分区`, "systems", content);
}
function renderEmptyWorkspace() {
$("detailWorkspace").innerHTML = `
<div class="workspace-empty">
${icon("shield", "icon icon-xl")}
<h2>选择一个运行</h2>
<p class="empty-copy">左侧队列用于切换 run。即使当前没有选中运行,你也可以直接展开下方“当前架构库”查看仓库控制面、数据层、系统分组、授权边界与本地入口。</p>
</div>
${renderArchitecturePanel()}
`;
bindPanelToggles();
}
function renderDetail() {
const run = state.runs.find((item) => item.run_id === state.selectedRunId);
if (!run) {
$("detailWorkspace").innerHTML = `
<div class="workspace-empty">
${icon("shield", "icon icon-xl")}
<h2>Select a run</h2>
<p class="empty-copy">Pick a run from the left queue to inspect timeline, evidence, logs and raw JSON.</p>
</div>
`;
renderEmptyWorkspace();
return;
}
@@ -413,7 +588,7 @@ function renderDetail() {
const profile = run.profile_meta || {};
const screenshotItems = ((run.artifact_groups || []).find((group) => group.key === "browser")?.items || []).filter((item) => item.kind === "image");
const segments = progressSegments(run.progress || {});
const browserStatus = run.browser_evidence?.present ? "Ready" : (run.browser_evidence?.required ? "Required" : "Optional");
const browserStatus = run.browser_evidence?.present ? "已采集" : (run.browser_evidence?.required ? "必需待补" : "可选");
const artifactCount = (run.artifact_groups || []).reduce((sum, group) => sum + Number(group.count || 0), 0);
const timelineContent = `
@@ -426,42 +601,42 @@ function renderDetail() {
<span class="timeline-dot"></span>
<div class="timeline-head">
<strong>${escapeHtml(item.step || "-")}</strong>
<span class="timeline-time">${escapeHtml(item.at || "-")}</span>
<span class="timeline-time">${escapeHtml(formatDateTime(item.at || "-"))}</span>
</div>
<div class="${statusClass(item.status || "default")}" style="margin-top:8px;">${escapeHtml(formatStatus(item.status || "unknown"))}</div>
<div class="timeline-detail">${escapeHtml(item.detail || "-")}</div>
</article>
`)
.join("") || `<div class="empty-state">No timeline items recorded.</div>`}
.join("") || `<div class="empty-state">当前运行没有记录时间线。</div>`}
</div>
`;
const reasoningCards = [
{
label: "Summary",
copy: advisory.summary || "No advisory summary available."
label: "概要",
copy: advisory.summary || "当前漏洞条目没有摘要。"
},
{
label: "Success Criteria",
copy: (profile.success_criteria || []).join(" | ") || "No success criteria defined."
label: "成功判据",
copy: (profile.success_criteria || []).join(" | ") || "当前 profile 没有定义成功判据。"
},
{
label: "Seed / Attack Notes",
copy: (run.reasoning_lines || []).join("\n\n") || "No reasoning lines recorded."
label: "Seed / 攻击思路",
copy: (run.reasoning_lines || []).join("\n\n") || "当前运行没有记录思路说明。"
},
{
label: "Allowed Targets",
copy: (profile.allowed_target_types || []).join(", ") || "No target scope declared."
label: "允许目标",
copy: (profile.allowed_target_types || []).join(", ") || "当前 profile 没有声明允许目标类型。"
}
];
const reasoningContent = `
${run.blocked_reason ? `<div class="callout"><strong>Failure reason</strong><div class="plan-copy">${escapeHtml(run.blocked_reason)}</div></div>` : ""}
${run.blocked_reason ? `<div class="callout"><strong>失败原因</strong><div class="plan-copy">${escapeHtml(run.blocked_reason)}</div></div>` : ""}
<div class="tag-row" style="margin-bottom:14px;">
<span class="tag">vuln family ${escapeHtml(profile.vuln_family || "unknown")}</span>
<span class="tag">cleanup ${escapeHtml(profile.cleanup_policy || "-")}</span>
<span class="tag">destructive risk ${escapeHtml(profile.destructive_risk || "-")}</span>
<span class="tag">artifact ${escapeHtml(run.artifact_mode || "-")}</span>
<span class="tag">漏洞家族 ${escapeHtml(profile.vuln_family || "未定义")}</span>
<span class="tag">清理策略 ${escapeHtml(profile.cleanup_policy || "-")}</span>
<span class="tag">破坏性风险 ${escapeHtml(profile.destructive_risk || "-")}</span>
<span class="tag">制品模式 ${escapeHtml(run.artifact_mode || "-")}</span>
</div>
<div class="plan-grid">
${reasoningCards
@@ -490,7 +665,7 @@ function renderDetail() {
(item) => `
<button class="artifact-button" type="button" data-artifact data-href="${escapeHtml(item.href)}" data-kind="${escapeHtml(item.kind)}" data-label="${escapeHtml(item.label)}">
<span>${escapeHtml(item.label)}</span>
<span class="artifact-kind">${escapeHtml(item.kind)}</span>
<span class="artifact-kind">${escapeHtml(ARTIFACT_KIND_LABELS[item.kind] || item.kind)}</span>
</button>
`
)
@@ -499,7 +674,7 @@ function renderDetail() {
</section>
`
)
.join("") || `<div class="empty-state">No artifact groups for this run.</div>`}
.join("") || `<div class="empty-state">当前运行没有可浏览的产物分组。</div>`}
${
screenshotItems.length
@@ -524,27 +699,31 @@ function renderDetail() {
<div class="viewer-card">
<div class="viewer-toolbar">
<div>
<div id="viewerLabel" class="viewer-label">${escapeHtml(state.selectedArtifact?.label || "Select an artifact")}</div>
<div id="viewerMeta" class="viewer-meta">${escapeHtml(state.selectedArtifact?.href || "Artifact preview will appear here.")}</div>
<div id="viewerLabel" class="viewer-label">${escapeHtml(state.selectedArtifact?.label || "选择一个产物")}</div>
<div id="viewerMeta" class="viewer-meta">${escapeHtml(state.selectedArtifact?.href || "这里会显示 JSON、文本、HTML 报告、截图和其他日志的预览。")}</div>
</div>
<div class="detail-actions">
<a id="viewerOpen" class="button button-secondary" href="${escapeHtml(state.selectedArtifact?.href || run.dashboard_refs.report_html)}" target="_blank" rel="noreferrer">${icon("link")}<span>Open artifact</span></a>
<button id="viewerRefresh" class="button button-secondary" type="button">${icon("refresh")}<span>Refresh preview</span></button>
<a id="viewerOpen" class="button button-secondary" href="${escapeHtml(state.selectedArtifact?.href || run.dashboard_refs.report_html)}" target="_blank" rel="noreferrer">${icon("link")}<span>打开产物</span></a>
<button id="viewerRefresh" class="button button-secondary" type="button">${icon("refresh")}<span>刷新预览</span></button>
</div>
</div>
<div id="viewerFrame" class="viewer-frame"><pre>Select a report, log, screenshot, JSON or HTML artifact to preview it here.</pre></div>
<div id="viewerFrame" class="viewer-frame"><pre>选择报告、日志、截图、JSON HTML 产物后,会在这里直接预览。</pre></div>
</div>
`;
const sourceLinks = [
advisory.official_source_url
? `<a href="${escapeHtml(advisory.official_source_url)}" target="_blank" rel="noreferrer">${escapeHtml(advisory.official_source_url)}</a>`
: `<span class="muted">当前漏洞条目没有关联官方来源。</span>`,
...(advisory.secondary_source_urls || []).map((url) => `<a href="${escapeHtml(url)}" target="_blank" rel="noreferrer">${escapeHtml(url)}</a>`)
].join("");
const sourcesContent = `
<div class="tag-row">
${(advisory.aliases || []).map((alias) => `<span class="tag">${escapeHtml(alias)}</span>`).join("")}
${(advisory.secure_code_topics || []).map((topic) => `<a class="tag" href="./docs/secure-code-index.html" target="_blank" rel="noreferrer">${escapeHtml(topic)}</a>`).join("")}
</div>
<div class="source-links">
${advisory.official_source_url ? `<a href="${escapeHtml(advisory.official_source_url)}" target="_blank" rel="noreferrer">${escapeHtml(advisory.official_source_url)}</a>` : `<span class="muted">No official source linked.</span>`}
${(advisory.secondary_source_urls || []).map((url) => `<a href="${escapeHtml(url)}" target="_blank" rel="noreferrer">${escapeHtml(url)}</a>`).join("")}
</div>
<div class="source-links">${sourceLinks}</div>
`;
const rawRunContent = `<article class="json-card"><pre>${escapeHtml(JSON.stringify(run, null, 2))}</pre></article>`;
@@ -563,42 +742,43 @@ function renderDetail() {
</div>
</div>
<h2 class="detail-title">${escapeHtml(advisory.title || run.advisory_id)}</h2>
<div class="detail-subtitle">${escapeHtml(advisory.summary || "No advisory summary available.")}</div>
<div class="detail-subtitle">${escapeHtml(advisory.summary || "当前漏洞条目没有摘要。")}</div>
<div class="detail-actions">
<a class="button button-primary" href="${escapeHtml(run.dashboard_refs.report_html)}" target="_blank" rel="noreferrer">${icon("report")}<span>HTML report</span></a>
<a class="button button-secondary" href="${escapeHtml(run.dashboard_refs.report_md)}" target="_blank" rel="noreferrer">${icon("markdown")}<span>Markdown</span></a>
<a class="button button-secondary" href="${escapeHtml(run.dashboard_refs.bundle)}" target="_blank" rel="noreferrer">${icon("json")}<span>Run JSON</span></a>
<a class="button button-primary" href="${escapeHtml(run.dashboard_refs.report_html)}" target="_blank" rel="noreferrer">${icon("report")}<span>HTML 报告</span></a>
<a class="button button-secondary" href="${escapeHtml(run.dashboard_refs.report_md)}" target="_blank" rel="noreferrer">${icon("markdown")}<span>Markdown 报告</span></a>
<a class="button button-secondary" href="${escapeHtml(run.dashboard_refs.bundle)}" target="_blank" rel="noreferrer">${icon("json")}<span>运行 JSON</span></a>
</div>
<div class="detail-stat-grid">
<article class="detail-stat">
<strong>Timeline Steps</strong>
<strong>时间线步骤</strong>
<span>${escapeHtml(run.timeline?.length || 0)}</span>
</article>
<article class="detail-stat">
<strong>Artifacts</strong>
<strong>Artifact</strong>
<span>${escapeHtml(artifactCount)}</span>
</article>
<article class="detail-stat">
<strong>Browser Evidence</strong>
<strong>浏览器证据</strong>
<span>${escapeHtml(browserStatus)}</span>
</article>
<article class="detail-stat">
<strong>Finished</strong>
<strong>完成时间</strong>
<span>${escapeHtml(timeAgo(run.finished_at))}</span>
</article>
</div>
</section>
${renderPanel("timeline", "Progress Timeline", `${escapeHtml(run.timeline?.length || 0)} steps`, "timeline", timelineContent)}
${renderPanel("reasoning", "Attack Plan & Reasoning", escapeHtml(profile.vuln_family || "unknown"), "reasoning", reasoningContent)}
${renderPanel("evidence", "Evidence Explorer", `${escapeHtml(run.artifact_groups?.length || 0)} groups`, "evidence", evidenceContent)}
${renderPanel("logs", "Live Log Viewer", state.selectedArtifact ? "active" : "idle", "logs", logContent)}
${renderPanel("sources", "Sources & Fix Topics", `${escapeHtml((advisory.secondary_source_urls || []).length + (advisory.official_source_url ? 1 : 0))} links`, "sources", sourcesContent)}
${renderPanel("run_json", "Run JSON", "raw", "json", rawRunContent)}
${renderPanel("advisory_json", "Advisory JSON", "raw", "json", rawAdvisoryContent)}
${renderPanel("profile_json", "Profile JSON", "raw", "json", rawProfileContent)}
${renderPanel("timeline", "进度时间线", `${escapeHtml(run.timeline?.length || 0)} `, "timeline", timelineContent)}
${renderPanel("reasoning", "攻击方案与推理", escapeHtml(profile.vuln_family || "未定义"), "reasoning", reasoningContent)}
${renderPanel("evidence", "证据浏览器", `${escapeHtml(run.artifact_groups?.length || 0)} `, "evidence", evidenceContent)}
${renderPanel("logs", "实时日志查看器", state.selectedArtifact ? "已选产物" : "等待选择", "logs", logContent)}
${renderPanel("sources", "来源与修复主题", `${escapeHtml((advisory.secondary_source_urls || []).length + (advisory.official_source_url ? 1 : 0))} 条链接`, "sources", sourcesContent)}
${renderArchitecturePanel()}
${renderPanel("run_json", "运行 JSON", "原始数据", "json", rawRunContent)}
${renderPanel("advisory_json", "漏洞条目 JSON", "原始数据", "json", rawAdvisoryContent)}
${renderPanel("profile_json", "复现档案 JSON", "原始数据", "json", rawProfileContent)}
`;
bindPanelToggles();
@@ -663,15 +843,16 @@ function startRefreshLoop() {
async function loadData(preserveSelection = true) {
const previous = state.selectedRunId;
renderSyncState("loading", "Refreshing", new Date().toLocaleTimeString());
renderSyncState("loading", "刷新中", `本地时间 ${new Date().toLocaleTimeString("zh-CN", { hour12: false })}`);
try {
const [summary, runs, systems, advisories, profiles] = await Promise.all([
const [summary, runs, systems, advisories, profiles, architecture] = await Promise.all([
fetchJson("./summary.json"),
fetchJson("./runs.json"),
fetchJson("./systems.json"),
fetchJson("./advisories.json"),
fetchJson("./profiles.json")
fetchJson("./profiles.json"),
fetchJson("./architecture.json")
]);
state.summary = summary;
@@ -679,6 +860,7 @@ async function loadData(preserveSelection = true) {
state.systems = systems;
state.advisories = advisories;
state.profiles = profiles;
state.architecture = architecture;
hydrateFilters();
const hashRun = location.hash.startsWith("#run=") ? location.hash.replace("#run=", "") : null;
@@ -690,11 +872,11 @@ async function loadData(preserveSelection = true) {
}
renderAll();
renderSyncState("live", "Live", summary.generated_at || new Date().toISOString());
renderSyncState("live", "实时同步", `最近生成 ${formatDateTime(summary.generated_at || new Date().toISOString())}`);
} catch (error) {
$("runQueue").innerHTML = `<div class="empty-state">Dashboard load failed: ${escapeHtml(error.message)}</div>`;
$("detailWorkspace").innerHTML = `<div class="workspace-empty"><h2>Load failed</h2><p class="empty-copy">${escapeHtml(error.message)}</p></div>`;
renderSyncState("error", "Load Failed", error.message);
$("runQueue").innerHTML = `<div class="empty-state">工作台加载失败:${escapeHtml(error.message)}</div>`;
$("detailWorkspace").innerHTML = `<div class="workspace-empty"><h2>加载失败</h2><p class="empty-copy">${escapeHtml(error.message)}</p></div>`;
renderSyncState("error", "加载失败", error.message);
}
}

168
scripts/lab/dashboard_templates/lovart/assets/styles.css
查看文件

@@ -963,6 +963,171 @@ select {
text-underline-offset: 3px;
}
.architecture-tree {
display: grid;
gap: 14px;
}
.architecture-callout {
border-color: rgba(77, 141, 255, 0.28);
background: rgba(77, 141, 255, 0.08);
}
.arch-node,
.arch-leaf {
border: 1px solid rgba(148, 163, 184, 0.14);
border-radius: 16px;
background: rgba(255, 255, 255, 0.025);
}
.arch-node + .arch-node,
.arch-leaf + .arch-node,
.arch-node + .arch-leaf,
.arch-leaf + .arch-leaf {
margin-top: 12px;
}
.arch-node summary {
list-style: none;
}
.arch-node summary::-webkit-details-marker {
display: none;
}
.arch-summary {
display: flex;
justify-content: space-between;
gap: 14px;
padding: 15px 16px;
cursor: pointer;
}
.arch-summary::after {
content: "";
width: 9px;
height: 9px;
margin-top: 6px;
border-right: 2px solid rgba(255, 255, 255, 0.72);
border-bottom: 2px solid rgba(255, 255, 255, 0.72);
transform: rotate(45deg);
transition: transform 0.2s ease;
}
.arch-node[open] > .arch-summary::after {
transform: rotate(225deg);
}
.arch-summary-main {
display: grid;
gap: 6px;
min-width: 0;
}
.arch-title {
font-size: 0.98rem;
}
.arch-summary-copy {
color: var(--text-secondary);
line-height: 1.5;
font-size: 0.88rem;
}
.arch-summary-meta {
display: flex;
flex-wrap: wrap;
justify-content: flex-end;
gap: 8px;
}
.arch-body {
display: grid;
gap: 14px;
padding: 0 16px 16px;
}
.arch-badges {
margin-top: -2px;
}
.arch-stat-grid,
.arch-field-grid,
.arch-link-grid {
display: grid;
gap: 12px;
}
.arch-stat-grid {
grid-template-columns: repeat(auto-fit, minmax(150px, 1fr));
}
.arch-stat,
.arch-field,
.arch-link-card {
border: 1px solid rgba(148, 163, 184, 0.14);
border-radius: 14px;
background: rgba(255, 255, 255, 0.03);
}
.arch-stat,
.arch-field {
padding: 12px 14px;
}
.arch-stat-label,
.arch-field-label,
.arch-link-label {
display: block;
color: var(--text-secondary);
text-transform: uppercase;
letter-spacing: 0.06em;
font-size: 0.72rem;
}
.arch-stat-value {
display: block;
margin-top: 8px;
font-size: 1.1rem;
}
.arch-field-value,
.arch-link-copy {
margin-top: 8px;
color: var(--text-primary);
line-height: 1.58;
white-space: pre-wrap;
word-break: break-word;
font-size: 0.9rem;
}
.arch-link-grid {
grid-template-columns: repeat(auto-fit, minmax(220px, 1fr));
}
.arch-link-card {
display: block;
padding: 12px 14px;
transition: transform 0.18s ease, border-color 0.18s ease, background 0.18s ease;
}
.arch-link-card:hover {
transform: translateY(-1px);
border-color: rgba(77, 141, 255, 0.42);
background: rgba(77, 141, 255, 0.08);
}
.arch-children {
display: grid;
gap: 12px;
padding-left: 14px;
border-left: 1px solid rgba(148, 163, 184, 0.12);
}
.arch-leaf {
padding: 14px 16px;
}
.json-card pre {
margin: 0;
max-height: 420px;
@@ -1050,7 +1215,8 @@ select {
.tag-row,
.panel-meta,
.viewer-toolbar,
.dashboard-footer {
.dashboard-footer,
.arch-summary {
flex-direction: column;
align-items: stretch;
}

59
scripts/lab/dashboard_templates/lovart/index.html
查看文件

@@ -3,7 +3,7 @@
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Authorized Lab Dashboard</title>
<title>授权攻防实验工作台</title>
<link rel="stylesheet" href="./assets/styles.css">
</head>
<body>
@@ -17,22 +17,22 @@
<div class="hero-copy">
<div class="hero-eyebrow">
<svg class="icon"><use href="./assets/icons.svg#spark"></use></svg>
<span>Authorized Lab Dashboard</span>
<span>授权攻防实验工作台</span>
</div>
<h1>本地攻防实证工作台</h1>
<p>
Lovart 设计外壳已本地化并接入真实 run bundle 数据。页面只面向授权实验资产,
聚合 advisory、timeline、evidence、logs、sources、raw JSON 与失败原因。
聚合漏洞条目、时间线、证据、日志、来源、原始 JSON、当前架构库与失败原因。
</p>
</div>
<div class="hero-actions">
<button id="refreshDashboard" class="button button-primary" type="button">
<svg class="icon"><use href="./assets/icons.svg#refresh"></use></svg>
<span>Refresh</span>
<span>立即刷新</span>
</button>
<label class="toggle-card">
<span class="toggle-label">Auto Refresh</span>
<span class="toggle-label">自动刷新</span>
<span class="toggle-switch">
<input id="autoRefresh" type="checkbox" checked>
<span class="toggle-slider"></span>
@@ -41,22 +41,26 @@
<div id="syncState" class="sync-state">
<svg class="icon icon-sync"><use href="./assets/icons.svg#sync"></use></svg>
<div>
<strong>Booting</strong>
<span>Loading generated JSON</span>
<strong>启动中</strong>
<span>正在载入本地生成数据</span>
</div>
</div>
<div class="hero-links">
<a class="button button-secondary" href="./docs/project-features.html" target="_blank" rel="noreferrer">
<svg class="icon"><use href="./assets/icons.svg#docs"></use></svg>
<span>Feature Docs</span>
<span>功能文档</span>
</a>
<a class="button button-secondary" href="./docs/frontend-dashboard-design.html" target="_blank" rel="noreferrer">
<svg class="icon"><use href="./assets/icons.svg#playbook"></use></svg>
<span>UI Spec</span>
<span>前端设计</span>
</a>
<a class="button button-secondary" href="./docs/architecture-library.html" target="_blank" rel="noreferrer">
<svg class="icon"><use href="./assets/icons.svg#systems"></use></svg>
<span>架构镜像</span>
</a>
<a class="button button-secondary" href="./legacy/index.html" target="_blank" rel="noreferrer">
<svg class="icon"><use href="./assets/icons.svg#legacy"></use></svg>
<span>Legacy UI</span>
<span>旧版工作台</span>
</a>
</div>
</div>
@@ -71,38 +75,38 @@
<div class="section-header">
<span>
<svg class="icon"><use href="./assets/icons.svg#filter"></use></svg>
Filters
筛选器
</span>
<span id="runCount" class="section-badge">0 shown</span>
<span id="runCount" class="section-badge">0 </span>
</div>
<div class="filter-group">
<label class="field">
<span>Search</span>
<span>搜索</span>
<div class="search-box">
<svg class="icon"><use href="./assets/icons.svg#search"></use></svg>
<input id="searchInput" type="text" placeholder="Search run id, advisory, title">
<input id="searchInput" type="text" placeholder="搜索 run idadvisory、标题、概要">
</div>
</label>
<label class="field">
<span>System</span>
<span>系统</span>
<select id="systemFilter" class="filter-select">
<option value="">All systems</option>
<option value="">全部系统</option>
</select>
</label>
<label class="field">
<span>Status</span>
<span>状态</span>
<select id="statusFilter" class="filter-select">
<option value="">All statuses</option>
<option value="">全部状态</option>
</select>
</label>
<label class="field">
<span>Profile</span>
<select id="profileFilter" class="filter-select">
<option value="">All profiles</option>
<option value="">全部 Profile</option>
</select>
</label>
</div>
@@ -112,7 +116,7 @@
<div class="section-header">
<span>
<svg class="icon"><use href="./assets/icons.svg#systems"></use></svg>
Systems
系统概览
</span>
</div>
<div id="systemStats" class="system-stats"></div>
@@ -122,7 +126,7 @@
<div class="section-header">
<span>
<svg class="icon"><use href="./assets/icons.svg#failure"></use></svg>
Recent Failures
最近失败
</span>
</div>
<div id="recentFailures" class="failure-list"></div>
@@ -132,7 +136,7 @@
<div class="section-header">
<span>
<svg class="icon"><use href="./assets/icons.svg#queue"></use></svg>
Run Queue
运行队列
</span>
</div>
<div id="runQueue" class="run-list"></div>
@@ -142,8 +146,8 @@
<section id="detailWorkspace" class="workspace">
<div class="workspace-empty">
<svg class="icon icon-xl"><use href="./assets/icons.svg#shield"></use></svg>
<h2>Select a run</h2>
<p>Pick a run from the left queue to inspect timeline, evidence, logs, sources and raw JSON.</p>
<h2>选择一个运行</h2>
<p>从左侧队列选择 run,即可查看时间线、证据、日志、来源、原始 JSON 和当前架构库。</p>
</div>
</section>
</main>
@@ -152,13 +156,14 @@
<div class="footer-left">
<span class="footer-note">
<svg class="icon"><use href="./assets/icons.svg#source"></use></svg>
UI shell is vendorized from a local Lovart source copy, not an online runtime dependency.
当前 UI 壳层来自本地化 Lovart 模板副本,运行期不依赖任何远端 HTML、字体或图标 CDN。
</span>
</div>
<div class="footer-links">
<a href="./docs/design-source.html" target="_blank" rel="noreferrer">Design source</a>
<a href="./docs/design-source.html" target="_blank" rel="noreferrer">设计来源</a>
<a href="./assets/design-source.json" target="_blank" rel="noreferrer">Manifest JSON</a>
<a href="./summary.json" target="_blank" rel="noreferrer">Summary JSON</a>
<a href="./architecture.json" target="_blank" rel="noreferrer">架构 JSON</a>
<a href="./summary.json" target="_blank" rel="noreferrer">摘要 JSON</a>
</div>
</footer>
</div>

508
scripts/lab/render.py
查看文件

@@ -7,9 +7,9 @@ import shutil
from pathlib import Path
from typing import Any, Dict, List
from lab.config import ADVISORIES_DIR, CASE_RUNS_DIR, DASHBOARD_DIR, ROOT, RUNS_DIR
from lab.config import ADVISORIES_DIR, CASE_RUNS_DIR, DASHBOARD_DIR, REPRO_MAP_PATH, ROOT, RUNS_DIR, SOURCE_MAP_PATH
from lab.repro import load_profiles
from lab.utils import ensure_dir, isoformat, load_json_dir, now_utc, unique, write_json, write_text
from lab.utils import ensure_dir, isoformat, load_json_dir, now_utc, read_yaml, unique, write_json, write_text
TEMPLATES_DIR = ROOT / "scripts" / "lab" / "dashboard_templates"
@@ -17,21 +17,44 @@ LOVART_TEMPLATE_DIR = TEMPLATES_DIR / "lovart"
LEGACY_TEMPLATE_DIR = TEMPLATES_DIR / "legacy"
LOVART_VENDOR_MANIFEST = LOVART_TEMPLATE_DIR / "vendor" / "source-manifest.json"
ROOT_JSON_FILES = ["summary.json", "runs.json", "systems.json", "advisories.json", "profiles.json"]
ROOT_JSON_FILES.append("architecture.json")
CATEGORY_LABELS = {
"cms": "CMS / 内容平台",
"ecommerce": "电商系统",
"frameworks": "Web 框架与运行时",
"servers": "服务器与边界层",
"platforms": "开源平台与后台系统",
}
TIER_LABELS = {
"history-full": "历史全量",
"rolling-24m": "近两年全量",
}
STATUS_LABELS = {
"verified-real": "真实版本已实证",
"verified-synthetic": "合成靶场已实证",
"blocked-artifact": "制品阻塞",
"blocked-destructive": "破坏性风险阻塞",
"triage-manual": "人工分诊",
"suspected": "仅疑似命中",
}
def mermaid_from_steps(run: Dict[str, Any]) -> str:
lines = [
"flowchart LR",
'A["Select Advisory"] --> B["Resolve Repro Profile"]',
'B --> C["Provision Compose Environment"]',
'C --> D["Baseline Snapshot"]',
'D --> E["Controlled Attack Steps"]',
'E --> F["Browser Replay"]',
'F --> G["Collect Logs and Evidence"]',
'G --> H["Update Registry and Reports"]',
'A["选择 Advisory"] --> B["解析 Repro Profile"]',
'B --> C["生成 Compose 环境"]',
'C --> D["采集基线快照"]',
'D --> E["执行受控攻击步骤"]',
'E --> F["浏览器回放验证"]',
'F --> G["收集日志与证据"]',
'G --> H["回写 Registry 与报告"]',
]
if run.get("blocked_reason"):
lines.append(f'H --> I["Blocked: {run["blocked_reason"][:60]}"]')
lines.append(f'H --> I["阻塞: {run["blocked_reason"][:60]}"]')
return "\n".join(lines)
@@ -157,6 +180,371 @@ def _reasoning_lines(advisory: Dict[str, Any], profile: Dict[str, Any]) -> List[
return unique(notes)
def _display_value(value: Any) -> str:
if value is None or value == "":
return "-"
if isinstance(value, bool):
return "" if value else ""
if isinstance(value, (int, float)):
return str(value)
if isinstance(value, list):
return "\n".join(_display_value(item) for item in value if item not in (None, "")) or "-"
if isinstance(value, dict):
return json.dumps(value, ensure_ascii=False, indent=2)
return str(value)
def _field(label: str, value: Any) -> Dict[str, str]:
return {"label": label, "value": _display_value(value)}
def _stat(label: str, value: Any) -> Dict[str, str]:
return {"label": label, "value": _display_value(value)}
def _link(label: str, href: str, description: str) -> Dict[str, str]:
return {"label": label, "href": href, "description": description}
def _status_label(value: str | None) -> str:
return STATUS_LABELS.get(value or "", value or "-")
def _build_architecture_data(summary: Dict[str, Any], source_map: Dict[str, Any], repro_map: Dict[str, Any]) -> Dict[str, Any]:
source_systems = source_map.get("systems", []) or []
repro_by_system = {item.get("system_id"): item for item in (repro_map.get("systems", []) or []) if item.get("system_id")}
route_links = [
_link("正式工作台", "./index.html", "本地化主 UI,默认入口。"),
_link("旧版工作台", "./legacy/index.html", "保留的 legacy 回退入口。"),
_link("项目功能文档", "./docs/project-features.html", "项目能力、目录结构与自动化链路总览。"),
_link("前端设计文档", "./docs/frontend-dashboard-design.html", "当前本地工作台的交互与视觉规范。"),
_link("安全编码索引", "./docs/secure-code-index.html", "secure-code 修复库本地镜像。"),
_link("README 镜像", "./docs/root-readme.html", "仓库根 README 的本地镜像。"),
_link("授权模型", "./docs/authorization-model.html", "允许目标范围、全局原则与记录要求。"),
_link("source-map 真值", "./docs/source-map.html", "系统覆盖、来源和输出目录真值。"),
_link("repro-map 真值", "./docs/repro-map.html", "复现族路由、浏览器要求和日志策略。"),
_link("覆盖矩阵", "./docs/coverage-matrix.html", "自动生成覆盖摘要的本地镜像。"),
_link("设计来源清单", "./docs/design-source.html", "Lovart 模板本地 vendor manifest。"),
_link("架构库镜像", "./docs/architecture-library.html", "当前架构库的结构化镜像页。"),
]
data_links = [
_link("summary.json", "./summary.json", "全局摘要、状态分布和最近失败。"),
_link("runs.json", "./runs.json", "最近 run 的结构化详情。"),
_link("systems.json", "./systems.json", "系统级覆盖与浏览器证据摘要。"),
_link("advisories.json", "./advisories.json", "advisory 元数据与来源。"),
_link("profiles.json", "./profiles.json", "repro profile 元数据。"),
_link("architecture.json", "./architecture.json", "当前架构库结构化 JSON。"),
]
category_items: List[Dict[str, Any]] = []
family_counts: Dict[str, int] = {}
tier_counts = {"history-full": 0, "rolling-24m": 0}
for system in source_systems:
tier = system.get("tier", "rolling-24m")
tier_counts[tier] = tier_counts.get(tier, 0) + 1
repro = repro_by_system.get(system.get("system_id"), {})
family = repro.get("default_repro_family") or "未定义"
family_counts[family] = family_counts.get(family, 0) + 1
for category_id in sorted(CATEGORY_LABELS, key=lambda item: CATEGORY_LABELS[item]):
systems_in_category = [item for item in source_systems if item.get("category") == category_id]
if not systems_in_category:
continue
history_full = sum(1 for item in systems_in_category if item.get("tier") == "history-full")
rolling = sum(1 for item in systems_in_category if item.get("tier") == "rolling-24m")
system_nodes: List[Dict[str, Any]] = []
for system in sorted(systems_in_category, key=lambda item: item.get("display_name", item.get("system_id", ""))):
repro = repro_by_system.get(system.get("system_id"), {})
official_sources = system.get("official_sources", []) or []
ecosystem_sources = system.get("ecosystem_sources", []) or []
research_sources = system.get("research_sources", []) or []
system_nodes.append(
{
"title": f"{system.get('display_name', system.get('system_id'))} ({system.get('system_id')})",
"summary": f"{TIER_LABELS.get(system.get('tier'), system.get('tier'))} · {', '.join(system.get('advisory_modes', [])) or '未定义模式'}",
"open": False,
"badges": [
TIER_LABELS.get(system.get("tier"), system.get("tier", "-")),
f"官方源 {len(official_sources)}",
f"生态源 {len(ecosystem_sources)}",
f"研究源 {len(research_sources)}",
],
"fields": [
_field("输出目录", system.get("output_dir")),
_field("Advisory 模式", system.get("advisory_modes", [])),
_field("Secure-Code 主题", system.get("secure_code_topics", [])),
_field("CPE 关键字", system.get("cpe_keys", [])),
_field("GHSA 关键字", system.get("ghsa_keywords", [])),
],
"items": [
{
"title": "来源配置",
"summary": "官方、生态权威与研究补充来源。",
"open": False,
"fields": [
_field("官方来源", [entry.get("name") for entry in official_sources]),
_field("生态来源", [entry.get("name") for entry in ecosystem_sources]),
_field("研究来源", [entry.get("name") for entry in research_sources]),
],
},
{
"title": "复现默认值",
"summary": "repro-map 中的默认攻击族、浏览器要求和日志策略。",
"open": False,
"fields": [
_field("默认漏洞家族", repro.get("default_repro_family")),
_field("浏览器默认要求", repro.get("browser_required_default")),
_field("优先制品模式", repro.get("provisioning_mode_preference", [])),
_field("种子策略", repro.get("seed_strategy")),
_field("日志采集器", repro.get("log_collectors", [])),
_field("报告模板", repro.get("report_template")),
],
},
],
}
)
category_items.append(
{
"title": CATEGORY_LABELS.get(category_id, category_id),
"summary": f"{len(systems_in_category)} 个系统 · 历史全量 {history_full} · 近两年全量 {rolling}",
"open": False,
"stats": [
_stat("系统数", len(systems_in_category)),
_stat("历史全量", history_full),
_stat("近两年全量", rolling),
],
"items": system_nodes,
}
)
repro_family_nodes = [
{
"title": family,
"summary": f"默认路由到该 family 的系统数:{count}",
"open": False,
"fields": [_field("系统数量", count)],
}
for family, count in sorted(family_counts.items(), key=lambda item: (-item[1], item[0]))
]
recent_failure_nodes = [
{
"title": item.get("title") or item.get("advisory_id") or item.get("run_id"),
"summary": item.get("blocked_reason") or "无额外阻塞说明。",
"open": False,
"badges": [_status_label(item.get("status"))],
"fields": [
_field("运行 ID", item.get("run_id")),
_field("漏洞条目", item.get("advisory_id")),
_field("状态", _status_label(item.get("status"))),
_field("阻塞原因", item.get("blocked_reason")),
],
}
for item in summary.get("recent_failures", [])
]
status_nodes = [
{
"title": _status_label(status),
"summary": f"当前累计 {count} 条。",
"open": False,
"fields": [
_field("状态编码", status),
_field("数量", count),
],
}
for status, count in sorted(summary.get("statuses", {}).items(), key=lambda item: (-item[1], item[0]))
]
return {
"generated_at": summary.get("generated_at"),
"title": "当前架构库",
"summary": "工作台、控制面、数据层、授权边界与系统覆盖的当前真值视图。",
"sections": [
{
"title": "仓库定位与当前状态",
"summary": "授权攻防实验与研究知识库;仅适用于自有资产、本地靶场和明确授权目标。",
"open": True,
"badges": ["LAB ONLY", "AUTHORIZED TARGETS ONLY", "非生产安全基线"],
"stats": [
_stat("纳管系统", len(source_systems)),
_stat("历史全量系统", tier_counts.get("history-full", 0)),
_stat("近两年全量系统", tier_counts.get("rolling-24m", 0)),
_stat("当前运行", summary.get("run_count", 0)),
_stat("当前漏洞条目", summary.get("advisory_count", 0)),
],
"fields": [
_field("仓库根目录", str(ROOT)),
_field("默认本地地址", "http://127.0.0.1:8734/"),
_field("自动刷新周期", "5 秒"),
_field("生成时间", summary.get("generated_at")),
],
"links": route_links[:4],
},
{
"title": "授权边界与目标模型",
"summary": "所有实验都绑定到本地、自建公网或明确授权目标,不面向无关第三方资产。",
"open": True,
"stats": [
_stat("允许目标类型", 3),
_stat("禁止类型", 1),
],
"fields": [
_field("允许目标", ["lab-local", "lab-public", "authorized-third-party"]),
_field("禁止目标", ["out-of-scope", "无归属证明目标", "公共知名站点", "泛互联网枚举"]),
_field("全局原则", [
"任何公网验证前先确认资产归属或授权关系。",
"优先只读探测、最小化回显验证和低频实验。",
"涉及账户、令牌、敏感数据和业务写入时采用最小必要动作。",
"不做泛互联网枚举,不对无关公共站点复用同类测试。",
]),
],
"links": [
_link("授权模型镜像", "./docs/authorization-model.html", "目标分类、原则与记录要求。"),
_link("项目 README 镜像", "./docs/root-readme.html", "仓库定位、能力矩阵与自动化入口。"),
],
},
{
"title": "控制面与自动化入口",
"summary": "Intel 控制面负责情报入库;Lab 控制面负责本地部署、攻击验证、证据收集和看板生成。",
"open": True,
"items": [
{
"title": "情报控制面Intel",
"summary": "负责 source adapter、规范化、渲染、校验和 PR 流程。",
"open": False,
"fields": [
_field("CLI 入口", "python3 /Users/x/websafe/scripts/intel/main.py"),
_field("主要命令", [
"render",
"validate",
"hotlane",
"ingest --since last-success",
"reconcile",
"backfill --tier history-full --dry-run",
"open-pr --dry-run",
]),
_field("定时入口", [
"scripts/intel/run-hourly.sh",
"scripts/intel/run-nightly.sh",
"scripts/intel/run-weekly-reconcile.sh",
]),
],
},
{
"title": "实证控制面Lab",
"summary": "负责 catalog、compose、seed、baseline、attack、browser、evidence、render 和 queue。",
"open": False,
"fields": [
_field("CLI 入口", "python3 /Users/x/websafe/scripts/lab/main.py"),
_field("主要命令", [
"catalog sync",
"validate",
"run-case",
"run-system",
"run-batch",
"render-run",
"serve-dashboard --port 8734",
"cleanup",
"retry-failures",
]),
_field("关键模块", [
"catalog/",
"provision/",
"compose/",
"seed/",
"baseline/",
"attack/",
"browser/",
"evidence/",
"render/",
"queue/",
]),
],
},
],
},
{
"title": "数据层与本地地址",
"summary": "Registry、生成层、run bundle 与 docs 镜像共同构成工作台的本地数据面。",
"open": True,
"items": [
{
"title": "真值层",
"summary": "统一的 registry 与 repro/source 配置。",
"open": False,
"fields": [
_field("漏洞条目 Registry", "08-threat-intel/registry/advisories/*.json"),
_field("系统 Registry", "08-threat-intel/registry/systems/*.json"),
_field("运行 Registry", "08-threat-intel/registry/runs/*.json"),
_field("source-map 真值", "08-threat-intel/source-map.yaml"),
_field("repro-map 真值", "08-threat-intel/repro-map.yaml"),
],
},
{
"title": "生成层与展示层",
"summary": "dashboard JSON、run report、docs 镜像与本地静态 UI。",
"open": False,
"links": route_links + data_links,
"fields": [
_field("工作台根目录", "08-threat-intel/generated/dashboard/"),
_field("运行归档根目录", "06-case-studies/generated-runs/<run-id>/"),
_field("工作台入口", "/index.html"),
_field("旧版入口", "/legacy/index.html"),
],
},
],
},
{
"title": "系统覆盖分组",
"summary": "基于 source-map 和 repro-map 生成的当前分组视图,可展开查看每个系统的来源、输出目录和复现默认值。",
"open": True,
"items": category_items,
},
{
"title": "Repro 路由概览",
"summary": "按默认漏洞家族聚合当前系统路由,帮助查看 family runner 覆盖面。",
"open": True,
"items": repro_family_nodes,
},
{
"title": "当前生成态与阻塞概览",
"summary": "当前 render 后的状态分布、失败摘要与最近可见阻塞。",
"open": True,
"stats": [
_stat("Run 数", summary.get("run_count", 0)),
_stat("Advisory 数", summary.get("advisory_count", 0)),
_stat("状态类型", len(summary.get("statuses", {}))),
_stat("最近失败", len(summary.get("recent_failures", []))),
],
"items": [
{
"title": "状态分布",
"summary": "verification_status 当前计数。",
"open": False,
"items": status_nodes,
},
{
"title": "最近失败",
"summary": "当前 dashboard 摘要里可见的失败或人工分诊样本。",
"open": False,
"items": recent_failure_nodes or [
{
"title": "暂无失败样本",
"summary": "当前 summary.json 中没有 recent_failures。",
"open": False,
}
],
},
],
},
],
}
def _dashboard_doc_page(title: str, body: str, description: str) -> str:
return f"""<!doctype html>
<html lang="zh-CN">
@@ -242,7 +630,7 @@ def _dashboard_doc_page(title: str, body: str, description: str) -> str:
<main>
<div class="panel">
<div class="actions">
<a class="chip" href="../index.html">Back to dashboard</a>
<a class="chip" href="../index.html">返回工作台</a>
</div>
<h1>{html.escape(title)}</h1>
<div class="meta">{html.escape(description)}</div>
@@ -284,7 +672,7 @@ def _copy_tree(source: Path, destination: Path) -> None:
shutil.copy2(path, target)
def _write_dashboard_docs() -> None:
def _write_dashboard_docs(architecture: Dict[str, Any]) -> None:
docs_dir = DASHBOARD_DIR / "docs"
ensure_dir(docs_dir)
sources = [
@@ -292,19 +680,49 @@ def _write_dashboard_docs() -> None:
"project-features.html",
"项目功能与特性总览",
(ROOT / "docs" / "project-features.md").read_text(encoding="utf-8"),
"Dashboard-local mirror of the repo feature guide.",
"工作台内置镜像页:仓库功能、目录和自动化链路说明。",
),
(
"frontend-dashboard-design.html",
"本地前端工作台设计文档",
(ROOT / "docs" / "frontend-dashboard-design.md").read_text(encoding="utf-8"),
"Dashboard-local mirror of the UI and interaction specification.",
"工作台内置镜像页:前端交互、展示结构和视觉规范。",
),
(
"secure-code-index.html",
"安全编码修复库索引",
(ROOT / "05-defense" / "secure-code" / "INDEX.md").read_text(encoding="utf-8"),
"Dashboard-local mirror of the secure-code library index.",
"工作台内置镜像页secure-code 修复主题索引。",
),
(
"root-readme.html",
"仓库 README 镜像",
(ROOT / "README.md").read_text(encoding="utf-8"),
"工作台内置镜像页:仓库定位、能力矩阵、入口和自动化入口。",
),
(
"authorization-model.html",
"授权模型镜像",
(ROOT / "09-scope-and-targeting" / "authorization-model.md").read_text(encoding="utf-8"),
"工作台内置镜像页:目标范围、授权模型、最小化验证建议和记录要求。",
),
(
"source-map.html",
"source-map 真值镜像",
SOURCE_MAP_PATH.read_text(encoding="utf-8"),
"工作台内置镜像页:系统覆盖、来源、输出目录和 secure-code 主题真值。",
),
(
"repro-map.html",
"repro-map 真值镜像",
REPRO_MAP_PATH.read_text(encoding="utf-8"),
"工作台内置镜像页:默认漏洞家族、浏览器要求和日志策略真值。",
),
(
"coverage-matrix.html",
"覆盖矩阵镜像",
(ROOT / "08-threat-intel" / "generated" / "coverage-matrix.md").read_text(encoding="utf-8"),
"工作台内置镜像页:当前覆盖矩阵生成结果。",
),
]
@@ -314,7 +732,15 @@ def _write_dashboard_docs() -> None:
"design-source.html",
"Lovart 设计来源与本地化清单",
manifest_body,
"Local vendor manifest for the Lovart-derived dashboard shell.",
"工作台内置镜像页Lovart 来源文件、本地 vendor 路径和本地化说明。",
)
)
sources.append(
(
"architecture-library.html",
"当前架构库镜像",
json.dumps(architecture, indent=2, ensure_ascii=False),
"工作台内置镜像页:当前架构库结构化数据镜像。",
)
)
@@ -368,11 +794,11 @@ def render_run(run: Dict[str, Any]) -> Dict[str, str]:
relative_screenshots = [_relative_ref(run_dir, ref) for ref in screenshot_refs]
md_lines = [
f"# Run {run['run_id']}",
f"# 运行 {run['run_id']}",
"",
"> `LAB ONLY` | `AUTHORIZED TARGETS ONLY` | 自动生成 run bundle",
"",
f"- Advisory: `{run['advisory_id']}`",
f"- 漏洞条目: `{run['advisory_id']}`",
f"- 系统: `{run['system_id']}`",
f"- Repro Profile: `{run['repro_profile_id']}`",
f"- 实证状态: `{run['verification_status']}`",
@@ -465,20 +891,20 @@ def render_run(run: Dict[str, Any]) -> Dict[str, str]:
html_body = [
"<!doctype html>",
"<html><head><meta charset='utf-8'><title>websafe run report</title>",
"<html><head><meta charset='utf-8'><title>websafe 运行报告</title>",
"<style>body{font-family:ui-sans-serif,system-ui,sans-serif;margin:2rem;line-height:1.55;background:#f8fafc;color:#0f172a;} code,pre{background:#e2e8f0;padding:.2rem .4rem;border-radius:.3rem;} pre{white-space:pre-wrap;} .grid{display:grid;grid-template-columns:repeat(2,minmax(0,1fr));gap:1rem;} .card{border:1px solid #cbd5e1;padding:1rem;border-radius:.75rem;background:#fff;} table{width:100%;border-collapse:collapse;background:#fff;border:1px solid #cbd5e1;border-radius:.75rem;overflow:hidden;} th,td{padding:.75rem;border-bottom:1px solid #e2e8f0;text-align:left;vertical-align:top;} img{max-width:100%;border:1px solid #cbd5e1;border-radius:.5rem;} .gallery{display:grid;grid-template-columns:repeat(auto-fit,minmax(320px,1fr));gap:1rem;}</style>",
"</head><body>",
f"<h1>Run {html.escape(run['run_id'])}</h1>",
f"<h1>运行 {html.escape(run['run_id'])}</h1>",
"<div class='grid'>",
f"<div class='card'><strong>Advisory</strong><br><code>{html.escape(run['advisory_id'])}</code></div>",
f"<div class='card'><strong>Status</strong><br><code>{html.escape(run['verification_status'])}</code></div>",
f"<div class='card'><strong>Profile</strong><br><code>{html.escape(run['repro_profile_id'])}</code></div>",
f"<div class='card'><strong>Artifact Mode</strong><br><code>{html.escape(run['artifact_mode'])}</code></div>",
f"<div class='card'><strong>漏洞条目</strong><br><code>{html.escape(run['advisory_id'])}</code></div>",
f"<div class='card'><strong>实证状态</strong><br><code>{html.escape(run['verification_status'])}</code></div>",
f"<div class='card'><strong>复现 Profile</strong><br><code>{html.escape(run['repro_profile_id'])}</code></div>",
f"<div class='card'><strong>Artifact 模式</strong><br><code>{html.escape(run['artifact_mode'])}</code></div>",
"</div>",
"<h2>Mermaid Timeline</h2>",
"<h2>Mermaid 时间线</h2>",
f"<pre>{html.escape(mermaid_from_steps(run))}</pre>",
"<h2>Timeline</h2>",
"<table><thead><tr><th>Time</th><th>Step</th><th>Status</th><th>Detail</th></tr></thead><tbody>",
"<h2>运行时间线</h2>",
"<table><thead><tr><th>时间</th><th>步骤</th><th>状态</th><th>说明</th></tr></thead><tbody>",
]
if run.get("timeline"):
for item in run["timeline"]:
@@ -490,7 +916,7 @@ def render_run(run: Dict[str, Any]) -> Dict[str, str]:
f"<td>{html.escape(item.get('detail', '') or '-')}</td>"
"</tr>"
)
html_body.extend(["</tbody></table>", "<h2>Attack Steps</h2>", "<table><thead><tr><th>Tool</th><th>Status</th><th>Output</th></tr></thead><tbody>"])
html_body.extend(["</tbody></table>", "<h2>攻击步骤</h2>", "<table><thead><tr><th>工具</th><th>状态</th><th>输出</th></tr></thead><tbody>"])
if run.get("attack_steps"):
for step in run["attack_steps"]:
html_body.append(
@@ -501,16 +927,16 @@ def render_run(run: Dict[str, Any]) -> Dict[str, str]:
"</tr>"
)
else:
html_body.append("<tr><td><code>-</code></td><td><code>skipped</code></td><td><code>no attack steps</code></td></tr>")
html_body.append("<tr><td><code>-</code></td><td><code>skipped</code></td><td><code>当前没有攻击步骤</code></td></tr>")
html_body.extend(["</tbody></table>"])
if relative_screenshots:
html_body.extend(["<h2>Browser Screenshots</h2>", "<div class='gallery'>"])
html_body.extend(["<h2>浏览器截图</h2>", "<div class='gallery'>"])
for ref in relative_screenshots:
html_body.append(
f"<figure><img src='{html.escape(ref)}' alt='{html.escape(Path(ref).stem)}'><figcaption><code>{html.escape(ref)}</code></figcaption></figure>"
)
html_body.append("</div>")
html_body.extend(["<h2>Evidence</h2><ul>"])
html_body.extend(["<h2>证据清单</h2><ul>"])
for ref in run.get("compose_refs", []) + run.get("browser_refs", []) + run.get("container_log_refs", []) + run.get("request_log_refs", []):
html_body.append(f"<li><code>{html.escape(_relative_ref(run_dir, ref))}</code></li>")
html_body.extend(["</ul>", "</body></html>"])
@@ -523,6 +949,8 @@ def render_dashboard() -> Dict[str, str]:
ensure_dir(DASHBOARD_DIR)
advisory_records = load_json_dir(ADVISORIES_DIR)
runs = load_json_dir(RUNS_DIR)
source_map = read_yaml(SOURCE_MAP_PATH, default={}) or {}
repro_map = read_yaml(REPRO_MAP_PATH, default={}) or {}
advisory_map = {item["canonical_id"]: item for item in advisory_records if item.get("canonical_id")}
profile_map = load_profiles()
@@ -594,7 +1022,7 @@ def render_dashboard() -> Dict[str, str]:
_artifact_group(
item,
"reports",
"Reports",
"报告与运行产物",
[
cloned["dashboard_refs"]["report_html"],
cloned["dashboard_refs"]["report_md"],
@@ -603,12 +1031,12 @@ def render_dashboard() -> Dict[str, str]:
],
use_dashboard_refs=True,
),
_artifact_group(item, "compose", "Compose", item.get("compose_refs", [])),
_artifact_group(item, "baseline", "Baseline Snapshots", item.get("baseline_refs", [])),
_artifact_group(item, "attack", "Attack Outputs", _attack_result_refs(item)),
_artifact_group(item, "browser", "Browser Evidence", item.get("browser_refs", [])),
_artifact_group(item, "container", "Container Logs", item.get("container_log_refs", [])),
_artifact_group(item, "requests", "Request Logs", request_only_refs),
_artifact_group(item, "compose", "Compose 编排", item.get("compose_refs", [])),
_artifact_group(item, "baseline", "基线快照", item.get("baseline_refs", [])),
_artifact_group(item, "attack", "攻击输出", _attack_result_refs(item)),
_artifact_group(item, "browser", "浏览器证据", item.get("browser_refs", [])),
_artifact_group(item, "container", "容器日志", item.get("container_log_refs", [])),
_artifact_group(item, "requests", "请求与探测日志", request_only_refs),
]
cloned["artifact_groups"] = [group for group in cloned["artifact_groups"] if group["count"]]
decorated_runs.append(cloned)
@@ -641,8 +1069,10 @@ def render_dashboard() -> Dict[str, str]:
write_json(DASHBOARD_DIR / "systems.json", summary["systems"])
write_json(DASHBOARD_DIR / "advisories.json", {key: _advisory_meta(value) for key, value in advisory_map.items()})
write_json(DASHBOARD_DIR / "profiles.json", {key: _profile_meta(value) for key, value in profile_map.items()})
architecture = _build_architecture_data(summary, source_map, repro_map)
write_json(DASHBOARD_DIR / "architecture.json", architecture)
_write_dashboard_docs()
_write_dashboard_docs(architecture)
_write_design_source_manifest()
_render_root_dashboard_shell()
_render_legacy_dashboard_shell()