hao/websafe-kb
1
0
派生 0
代码 工单 合并请求 1 工作流 软件包 项目 发布 百科 活动

更新: 89 个文件 - 2026-03-17 02:00:01

浏览代码
这个提交包含在:
hao
2026-03-17 02:00:01 -07:00
父节点 300c840509
当前提交 72c6782c45
修改 89 个文件,包含 16931 行新增373 行删除
下载 Patch 文件 下载 Diff 文件 展开所有文件 折叠所有文件

6030
08-threat-intel/generated/dashboard/docs/architecture-library.html 普通文件
查看文件

文件差异内容过多而无法显示 加载差异

123
08-threat-intel/generated/dashboard/docs/authorization-model.html 普通文件
查看文件

@@ -0,0 +1,123 @@
<!doctype html>
<html lang="zh-CN">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>授权模型镜像</title>
<style>
:root {
--bg: #08111f;
--panel: rgba(9, 18, 32, 0.9);
--border: rgba(137, 171, 214, 0.2);
--text: #f7fafc;
--muted: #9fb3ca;
--accent: #5eead4;
}
* { box-sizing: border-box; }
body {
margin: 0;
min-height: 100vh;
font-family: "IBM Plex Sans", "Segoe UI", sans-serif;
color: var(--text);
background:
radial-gradient(circle at top left, rgba(94, 234, 212, 0.12), transparent 26%),
linear-gradient(160deg, #050c16 0%, #091526 50%, #10233d 100%);
}
main {
max-width: 1080px;
margin: 0 auto;
padding: 32px 20px 40px;
}
.panel {
background: var(--panel);
border: 1px solid var(--border);
border-radius: 20px;
padding: 24px;
box-shadow: 0 24px 80px rgba(1, 7, 20, 0.45);
}
.actions {
display: flex;
flex-wrap: wrap;
gap: 12px;
margin-bottom: 18px;
}
.chip {
display: inline-flex;
align-items: center;
gap: 8px;
border-radius: 999px;
border: 1px solid var(--border);
padding: 10px 14px;
color: var(--text);
background: rgba(255,255,255,0.05);
text-decoration: none;
}
.chip:hover { border-color: rgba(94, 234, 212, 0.42); }
h1 {
margin: 0 0 12px;
font-family: "IBM Plex Serif", Georgia, serif;
font-size: clamp(1.8rem, 4vw, 3rem);
line-height: 1.08;
}
.meta {
color: var(--muted);
margin-bottom: 18px;
}
pre {
margin: 0;
padding: 20px;
overflow: auto;
border-radius: 16px;
border: 1px solid rgba(137, 171, 214, 0.12);
background: rgba(2, 8, 22, 0.84);
color: #d6e5f5;
font-family: "IBM Plex Mono", "SFMono-Regular", monospace;
font-size: 0.92rem;
line-height: 1.6;
white-space: pre-wrap;
}
</style>
</head>
<body>
<main>
<div class="panel">
<div class="actions">
<a class="chip" href="../index.html">返回工作台</a>
</div>
<h1>授权模型镜像</h1>
<div class="meta">工作台内置镜像页:目标范围、授权模型、最小化验证建议和记录要求。</div>
<pre># 授权模型
## 目标分类
| 类型 | 定义 | 允许动作 |
|------|------|----------|
| `lab-local` | 本地集群、Docker 靶场、隔离内网实验节点 | 完整实验、漏洞复现、修复对照 |
| `lab-public` | 你方自建且可公网访问的测试站点、服务器、设备 | 验证性探测、最小化注入、关联面分析 |
| `authorized-third-party` | 已明确授权的外部验证目标 | 以授权边界为准的最小必要实验 |
| `out-of-scope` | 无归属证明、无授权、公共知名站点、泛互联网目标 | 不允许使用本仓库内容发起验证 |
## 全局原则
1. 任何公网验证都必须先确认资产归属或授权关系。
2. 优先采用只读探测、最小化回显验证和低频实验。
3. 涉及账户、令牌、敏感数据和业务写入时,应选择最小必要动作并保留记录。
4. 不做泛互联网枚举,不做对无关公共站点的同类操作复用。
## 最小化验证建议
- 注入类: 先做上下文识别,再做无害回显或布尔差异,不直接进入破坏性利用。
- 认证类: 优先验证限速、锁定和失败处理,不以接管真实账户为目标。
- 端口与关联面类: 先缩到单主机、单证书、单代理边界,再扩展分析。
- 前端类: 优先验证敏感数据暴露和保护头缺失,不触碰真实用户数据。
## 记录要求
- 公网实验必须回填 [测试记录模板](/Users/x/websafe/09-scope-and-targeting/test-record-template.md)
- 目标资产必须登记在 [资产清单模板](/Users/x/websafe/09-scope-and-targeting/asset-inventory-template.md)
- 新工具和新案例应附带对应元数据模板
</pre>
</div>
</main>
</body>
</html>

159
08-threat-intel/generated/dashboard/docs/coverage-matrix.html 普通文件
查看文件

@@ -0,0 +1,159 @@
<!doctype html>
<html lang="zh-CN">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>覆盖矩阵镜像</title>
<style>
:root {
--bg: #08111f;
--panel: rgba(9, 18, 32, 0.9);
--border: rgba(137, 171, 214, 0.2);
--text: #f7fafc;
--muted: #9fb3ca;
--accent: #5eead4;
}
* { box-sizing: border-box; }
body {
margin: 0;
min-height: 100vh;
font-family: "IBM Plex Sans", "Segoe UI", sans-serif;
color: var(--text);
background:
radial-gradient(circle at top left, rgba(94, 234, 212, 0.12), transparent 26%),
linear-gradient(160deg, #050c16 0%, #091526 50%, #10233d 100%);
}
main {
max-width: 1080px;
margin: 0 auto;
padding: 32px 20px 40px;
}
.panel {
background: var(--panel);
border: 1px solid var(--border);
border-radius: 20px;
padding: 24px;
box-shadow: 0 24px 80px rgba(1, 7, 20, 0.45);
}
.actions {
display: flex;
flex-wrap: wrap;
gap: 12px;
margin-bottom: 18px;
}
.chip {
display: inline-flex;
align-items: center;
gap: 8px;
border-radius: 999px;
border: 1px solid var(--border);
padding: 10px 14px;
color: var(--text);
background: rgba(255,255,255,0.05);
text-decoration: none;
}
.chip:hover { border-color: rgba(94, 234, 212, 0.42); }
h1 {
margin: 0 0 12px;
font-family: "IBM Plex Serif", Georgia, serif;
font-size: clamp(1.8rem, 4vw, 3rem);
line-height: 1.08;
}
.meta {
color: var(--muted);
margin-bottom: 18px;
}
pre {
margin: 0;
padding: 20px;
overflow: auto;
border-radius: 16px;
border: 1px solid rgba(137, 171, 214, 0.12);
background: rgba(2, 8, 22, 0.84);
color: #d6e5f5;
font-family: "IBM Plex Mono", "SFMono-Regular", monospace;
font-size: 0.92rem;
line-height: 1.6;
white-space: pre-wrap;
}
</style>
</head>
<body>
<main>
<div class="panel">
<div class="actions">
<a class="chip" href="../index.html">返回工作台</a>
</div>
<h1>覆盖矩阵镜像</h1>
<div class="meta">工作台内置镜像页:当前覆盖矩阵生成结果。</div>
<pre># 覆盖矩阵
| 系统 | 分类 | 覆盖策略 | 历史全量 | 近两年全量 | 全量 registry | 重点案例 Markdown | secure-code 关联 | 自动同步状态 | 本地实证状态 | 浏览器证据 | run bundle | triage | 最近更新 |
|------|------|----------|----------|------------|--------------|--------------------|------------------|--------------|--------------|------------|-----------|--------|----------|
| Adminer | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Adobe Commerce | `ecommerce` | `history-full` | `yes` | `yes` | `0` | `0` | `4` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Angular | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Apache HTTP Server | `servers` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Apache Tomcat | `servers` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| ASP.NET Core | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Astro | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Caddy | `servers` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Directus | `cms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Discourse | `cms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Django | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Drupal | `cms` | `history-full` | `yes` | `yes` | `0` | `0` | `4` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Echo | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| esbuild | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Express | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Fastify | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Flask | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Ghost | `cms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Gin | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Gitea | `platforms` | `rolling-24m` | `-` | `yes` | `37` | `37` | `3` | `seeded` | `real:0/synthetic:0/blocked:1` | `0` | `1` | `0` | `2026-03-03T04:57:57.697708Z` |
| GitLab CE | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Grafana | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Hapi | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| HAProxy | `servers` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Jenkins | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Joomla | `cms` | `history-full` | `yes` | `yes` | `0` | `0` | `4` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Kibana | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Koa | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Laravel | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Magento Open Source | `ecommerce` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Mattermost | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| MediaWiki | `cms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Medusa | `ecommerce` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Moodle | `cms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| NestJS | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Next.js | `frameworks` | `history-full` | `yes` | `yes` | `26` | `26` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `1` | `0` | `2026-03-13T22:14:13.665535Z` |
| Nginx | `servers` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Node.js | `frameworks` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Nuxt | `frameworks` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| OpenCart | `ecommerce` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| OpenMage / Mage-OS | `ecommerce` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| phpMyAdmin | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| PrestaShop | `ecommerce` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Ruby on Rails | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| React | `frameworks` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Redmine | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Saleor | `ecommerce` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Shopware | `ecommerce` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Spring Boot | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Spring Framework | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Spring Security | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Strapi | `cms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| SvelteKit | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Symfony | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Traefik | `servers` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Undici | `frameworks` | `rolling-24m` | `-` | `yes` | `14` | `14` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-03-14T09:19:54.772219Z` |
| Vite | `frameworks` | `history-full` | `yes` | `yes` | `12` | `12` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-02-04T04:37:24.129476Z` |
| Vue | `frameworks` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| webpack | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Werkzeug | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| WooCommerce | `ecommerce` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| WordPress | `cms` | `history-full` | `yes` | `yes` | `0` | `0` | `4` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
</pre>
</div>
</main>
</body>
</html>

4
08-threat-intel/generated/dashboard/docs/design-source.html
查看文件

@@ -82,10 +82,10 @@
<main>
<div class="panel">
<div class="actions">
<a class="chip" href="../index.html">Back to dashboard</a>
<a class="chip" href="../index.html">返回工作台</a>
</div>
<h1>Lovart 设计来源与本地化清单</h1>
<div class="meta">Local vendor manifest for the Lovart-derived dashboard shell.</div>
<div class="meta">工作台内置镜像页Lovart 来源文件、本地 vendor 路径和本地化说明。</div>
<pre>{
&quot;template_id&quot;: &quot;lovart-authorized-lab-dashboard&quot;,
&quot;source_url&quot;: &quot;https://assets-persist.lovart.ai/agent_images/464011bb-fbbc-4bd4-98f8-90897dd43612.html&quot;,

12
08-threat-intel/generated/dashboard/docs/frontend-dashboard-design.html
查看文件

@@ -82,10 +82,10 @@
<main>
<div class="panel">
<div class="actions">
<a class="chip" href="../index.html">Back to dashboard</a>
<a class="chip" href="../index.html">返回工作台</a>
</div>
<h1>本地前端工作台设计文档</h1>
<div class="meta">Dashboard-local mirror of the UI and interaction specification.</div>
<div class="meta">工作台内置镜像页:前端交互、展示结构和视觉规范。</div>
<pre># 本地前端工作台设计文档
&gt; `LAB ONLY` | `AUTHORIZED TARGETS ONLY`
@@ -134,7 +134,8 @@ flowchart LR
D --&gt; G[&quot;Evidence Explorer&quot;]
D --&gt; H[&quot;Live Log Viewer&quot;]
D --&gt; I[&quot;Sources &amp; Fix Topics&quot;]
D --&gt; J[&quot;Raw JSON Panels&quot;]
D --&gt; J[&quot;当前架构库&quot;]
D --&gt; K[&quot;Raw JSON Panels&quot;]
```
## 4. 页面布局
@@ -207,6 +208,11 @@ flowchart LR
- secondary sources
- aliases
- secure code topics
- 当前架构库
- 项目定位、授权边界、控制面、数据层、地址入口
- source-map / repro-map 派生的系统分组与默认复现策略
- 当前生成态、状态分布、最近失败
- 可折叠查看任意层级信息并打开本地镜像页 / JSON
- Raw JSON
- run JSON
- advisory JSON

8
08-threat-intel/generated/dashboard/docs/project-features.html
查看文件

@@ -82,10 +82,10 @@
<main>
<div class="panel">
<div class="actions">
<a class="chip" href="../index.html">Back to dashboard</a>
<a class="chip" href="../index.html">返回工作台</a>
</div>
<h1>项目功能与特性总览</h1>
<div class="meta">Dashboard-local mirror of the repo feature guide.</div>
<div class="meta">工作台内置镜像页:仓库功能、目录和自动化链路说明。</div>
<pre># 项目功能与特性总览
&gt; `LAB ONLY` | `AUTHORIZED TARGETS ONLY`
@@ -151,7 +151,8 @@
- 静态前端工作台
- `/index.html` 为本地化 Lovart 正式 UI
- `/legacy/index.html` 为旧版工作台回退入口
- `/docs/*.html` 为本地可访问的说明与设计镜像页
- `/docs/*.html` 为本地可访问的说明、真值配置与设计镜像页
- `architecture.json` 为当前架构库结构化真值
- `07-framework-security/`
- 系统级 README、INDEX、案例页,自动显示本地实证状态
@@ -244,6 +245,7 @@ python3 /Users/x/websafe/scripts/lab/main.py serve-dashboard --port 8734
- 快速定位系统 / advisory / repro profile
- 折叠与展开 timeline、evidence、sources、raw JSON
- 折叠与展开“当前架构库”,查看控制面、数据层、地址入口、授权边界和系统分组
- 直接查看 compose、JSON、日志、截图、报告
- 高亮失败原因、当前 blocker、利用思路、成功判据
- 自动刷新生成数据,适配正在进行中的本地 run

838
08-threat-intel/generated/dashboard/docs/repro-map.html 普通文件
查看文件

@@ -0,0 +1,838 @@
<!doctype html>
<html lang="zh-CN">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>repro-map 真值镜像</title>
<style>
:root {
--bg: #08111f;
--panel: rgba(9, 18, 32, 0.9);
--border: rgba(137, 171, 214, 0.2);
--text: #f7fafc;
--muted: #9fb3ca;
--accent: #5eead4;
}
* { box-sizing: border-box; }
body {
margin: 0;
min-height: 100vh;
font-family: "IBM Plex Sans", "Segoe UI", sans-serif;
color: var(--text);
background:
radial-gradient(circle at top left, rgba(94, 234, 212, 0.12), transparent 26%),
linear-gradient(160deg, #050c16 0%, #091526 50%, #10233d 100%);
}
main {
max-width: 1080px;
margin: 0 auto;
padding: 32px 20px 40px;
}
.panel {
background: var(--panel);
border: 1px solid var(--border);
border-radius: 20px;
padding: 24px;
box-shadow: 0 24px 80px rgba(1, 7, 20, 0.45);
}
.actions {
display: flex;
flex-wrap: wrap;
gap: 12px;
margin-bottom: 18px;
}
.chip {
display: inline-flex;
align-items: center;
gap: 8px;
border-radius: 999px;
border: 1px solid var(--border);
padding: 10px 14px;
color: var(--text);
background: rgba(255,255,255,0.05);
text-decoration: none;
}
.chip:hover { border-color: rgba(94, 234, 212, 0.42); }
h1 {
margin: 0 0 12px;
font-family: "IBM Plex Serif", Georgia, serif;
font-size: clamp(1.8rem, 4vw, 3rem);
line-height: 1.08;
}
.meta {
color: var(--muted);
margin-bottom: 18px;
}
pre {
margin: 0;
padding: 20px;
overflow: auto;
border-radius: 16px;
border: 1px solid rgba(137, 171, 214, 0.12);
background: rgba(2, 8, 22, 0.84);
color: #d6e5f5;
font-family: "IBM Plex Mono", "SFMono-Regular", monospace;
font-size: 0.92rem;
line-height: 1.6;
white-space: pre-wrap;
}
</style>
</head>
<body>
<main>
<div class="panel">
<div class="actions">
<a class="chip" href="../index.html">返回工作台</a>
</div>
<h1>repro-map 真值镜像</h1>
<div class="meta">工作台内置镜像页:默认漏洞家族、浏览器要求和日志策略真值。</div>
<pre>systems:
- system_id: wordpress
default_repro_family: xss-generic
provisioning_mode_preference:
- official-image
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: drupal
default_repro_family: xss-generic
provisioning_mode_preference:
- official-image
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: joomla
default_repro_family: xss-generic
provisioning_mode_preference:
- official-image
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: ghost
default_repro_family: xss-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: strapi
default_repro_family: file-upload-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: directus
default_repro_family: file-upload-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: mediawiki
default_repro_family: xss-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: moodle
default_repro_family: xss-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: discourse
default_repro_family: xss-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: adobe-commerce
default_repro_family: xss-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: magento-open-source
default_repro_family: file-upload-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: openmage
default_repro_family: plugin-extension-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: woocommerce
default_repro_family: xss-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: prestashop
default_repro_family: file-upload-generic
provisioning_mode_preference:
- official-image
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: shopware
default_repro_family: file-upload-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: opencart
default_repro_family: file-upload-generic
provisioning_mode_preference:
- official-image
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: saleor
default_repro_family: session-token-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: medusa
default_repro_family: session-token-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: react
default_repro_family: xss-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: nextjs
default_repro_family: proxy-boundary-generic
provisioning_mode_preference:
- official-source
- synthetic
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: vue
default_repro_family: xss-generic
provisioning_mode_preference:
- official-source
- synthetic
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: nuxt
default_repro_family: proxy-boundary-generic
provisioning_mode_preference:
- official-source
- synthetic
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: vite
default_repro_family: proxy-boundary-generic
provisioning_mode_preference:
- official-source
- synthetic
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: angular
default_repro_family: xss-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: sveltekit
default_repro_family: session-token-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: astro
default_repro_family: authz-bypass-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: express
default_repro_family: xss-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: nestjs
default_repro_family: ssrf-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: koa
default_repro_family: proxy-boundary-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: fastify
default_repro_family: xss-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: hapi
default_repro_family: proxy-boundary-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: nodejs
default_repro_family: ssrf-generic
provisioning_mode_preference:
- official-source
- synthetic
- synthetic
browser_required_default: false
seed_strategy: minimal-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: undici
default_repro_family: proxy-boundary-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: webpack
default_repro_family: file-upload-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: esbuild
default_repro_family: file-upload-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: spring-framework
default_repro_family: deserialization-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: spring-security
default_repro_family: proxy-boundary-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: spring-boot
default_repro_family: proxy-boundary-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: laravel
default_repro_family: xss-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: symfony
default_repro_family: xss-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: django
default_repro_family: xss-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: flask
default_repro_family: xss-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: werkzeug
default_repro_family: proxy-boundary-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: rails
default_repro_family: xss-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: aspnet-core
default_repro_family: xss-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: gin
default_repro_family: xss-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: echo
default_repro_family: proxy-boundary-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: nginx
default_repro_family: proxy-boundary-generic
provisioning_mode_preference:
- official-image
- official-source
- synthetic
browser_required_default: false
seed_strategy: minimal-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: apache-httpd
default_repro_family: proxy-boundary-generic
provisioning_mode_preference:
- official-image
- official-source
- synthetic
browser_required_default: false
seed_strategy: minimal-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: apache-tomcat
default_repro_family: authz-bypass-generic
provisioning_mode_preference:
- official-image
- official-source
- synthetic
browser_required_default: false
seed_strategy: minimal-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: caddy
default_repro_family: proxy-boundary-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: false
seed_strategy: minimal-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: traefik
default_repro_family: proxy-boundary-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: false
seed_strategy: minimal-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: haproxy
default_repro_family: proxy-boundary-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: false
seed_strategy: minimal-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: phpmyadmin
default_repro_family: xss-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: adminer
default_repro_family: xss-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: gitea
default_repro_family: proxy-boundary-generic
provisioning_mode_preference:
- official-image
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: gitlab-ce
default_repro_family: deserialization-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: jenkins
default_repro_family: deserialization-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: grafana
default_repro_family: xss-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: kibana
default_repro_family: xss-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: mattermost
default_repro_family: xss-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
- system_id: redmine
default_repro_family: xss-generic
provisioning_mode_preference:
- synthetic
- official-source
- synthetic
browser_required_default: true
seed_strategy: default-seed
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
</pre>
</div>
</main>
</body>
</html>

212
08-threat-intel/generated/dashboard/docs/root-readme.html 普通文件
查看文件

@@ -0,0 +1,212 @@
<!doctype html>
<html lang="zh-CN">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>仓库 README 镜像</title>
<style>
:root {
--bg: #08111f;
--panel: rgba(9, 18, 32, 0.9);
--border: rgba(137, 171, 214, 0.2);
--text: #f7fafc;
--muted: #9fb3ca;
--accent: #5eead4;
}
* { box-sizing: border-box; }
body {
margin: 0;
min-height: 100vh;
font-family: "IBM Plex Sans", "Segoe UI", sans-serif;
color: var(--text);
background:
radial-gradient(circle at top left, rgba(94, 234, 212, 0.12), transparent 26%),
linear-gradient(160deg, #050c16 0%, #091526 50%, #10233d 100%);
}
main {
max-width: 1080px;
margin: 0 auto;
padding: 32px 20px 40px;
}
.panel {
background: var(--panel);
border: 1px solid var(--border);
border-radius: 20px;
padding: 24px;
box-shadow: 0 24px 80px rgba(1, 7, 20, 0.45);
}
.actions {
display: flex;
flex-wrap: wrap;
gap: 12px;
margin-bottom: 18px;
}
.chip {
display: inline-flex;
align-items: center;
gap: 8px;
border-radius: 999px;
border: 1px solid var(--border);
padding: 10px 14px;
color: var(--text);
background: rgba(255,255,255,0.05);
text-decoration: none;
}
.chip:hover { border-color: rgba(94, 234, 212, 0.42); }
h1 {
margin: 0 0 12px;
font-family: "IBM Plex Serif", Georgia, serif;
font-size: clamp(1.8rem, 4vw, 3rem);
line-height: 1.08;
}
.meta {
color: var(--muted);
margin-bottom: 18px;
}
pre {
margin: 0;
padding: 20px;
overflow: auto;
border-radius: 16px;
border: 1px solid rgba(137, 171, 214, 0.12);
background: rgba(2, 8, 22, 0.84);
color: #d6e5f5;
font-family: "IBM Plex Mono", "SFMono-Regular", monospace;
font-size: 0.92rem;
line-height: 1.6;
white-space: pre-wrap;
}
</style>
</head>
<body>
<main>
<div class="panel">
<div class="actions">
<a class="chip" href="../index.html">返回工作台</a>
</div>
<h1>仓库 README 镜像</h1>
<div class="meta">工作台内置镜像页:仓库定位、能力矩阵、入口和自动化入口。</div>
<pre># 授权攻防实验与研究知识库
&gt; `LAB ONLY` | `AUTHORIZED TARGETS ONLY` | `非生产安全基线`
本仓库定位为“授权攻防实验库”,覆盖本地靶场、自建公网测试资产和已明确授权的验证目标。内容允许出现验证性攻击演示、测试性注入、同服务器站点排查、真实漏洞映射和自动化订阅,但所有语境都绑定到自有或授权目标,不面向无关第三方站点或公共知名网站。
## 入口
- [项目文档总览](/Users/x/websafe/docs/README.md)
- [目标边界与授权模型](/Users/x/websafe/09-scope-and-targeting/authorization-model.md)
- [主流开源 Web 系统安全总览](/Users/x/websafe/07-framework-security/README.md)
- [漏洞情报与自动入库总览](/Users/x/websafe/08-threat-intel/README.md)
- [覆盖矩阵](/Users/x/websafe/08-threat-intel/generated/coverage-matrix.md)
- [最新同步摘要](/Users/x/websafe/08-threat-intel/generated/latest-ingest.md)
- [唯一真值配置 `source-map.yaml`](/Users/x/websafe/08-threat-intel/source-map.yaml)
## 仓库结构
```text
websafe/
├── 00-environments/ # 系统 catalog、真实版本/当前版本 profile、synthetic 模板
├── 01-sql-injection/ # SQL 注入实验
├── 02-xss/ # XSS 与浏览器端注入实验
├── 03-authentication/ # 认证、会话与 JWT 实验
├── 04-server-security/ # 服务器、TLS、暴露面与关联面实验
├── 05-defense/ # 检测、观测、实验对照与代码修复示例
├── 06-case-studies/ # 授权案例与 run bundle / 报告归档
├── 07-framework-security/ # CMS、电商、框架、服务器、平台系统安全
├── 08-threat-intel/ # source-map、repro-map、registry、dashboard、订阅规则、自动入库
├── 09-scope-and-targeting/ # 授权模型、资产模板、测试记录模板
├── docs/ # 项目功能文档、前端设计文档与展示规范
├── requirements-intel.txt # intel + lab 自动化依赖(含 Playwright Python 包)
├── scripts/intel/ # hotlane / ingest / reconcile / backfill / open-pr CLI
└── scripts/lab/ # provision / baseline / attack / browser / evidence / render / queue CLI
```
## 能力矩阵
| 覆盖域 | 历史全量策略 | 近两年策略 | 全量 registry | 重点案例 Markdown | secure-code 关联 | 本地实证状态 | 浏览器证据 | run bundle | 看板展示 | 自动同步状态 |
|--------|--------------|------------|---------------|--------------------|------------------|--------------|------------|-----------|----------|--------------|
| CMS / 内容平台 | `WordPress`, `Drupal`, `Joomla` | `Ghost`, `Strapi`, `Directus`, `MediaWiki`, `Moodle`, `Discourse` | `registry/advisories + registry/systems` | `core 全量 + 高价值 extension` | `yes` | `verified-real / verified-synthetic / blocked-* / triage-manual` | `前端类强制` | `06-case-studies/generated-runs` | `dashboard + report` | `render / ingest / hotlane / reconcile ready` |
| 电商系统 | `Adobe Commerce`, `Magento Open Source`, `WooCommerce`, `PrestaShop`, `Shopware`, `OpenCart` | `OpenMage`, `Saleor`, `Medusa` | `registry/advisories + registry/systems` | `core 全量 + 高价值 module` | `yes` | `同上` | `前台/后台面板类强制` | `run bundle + logs` | `dashboard + report` | `render / ingest / hotlane / reconcile ready` |
| Web 框架与运行时 | `React`, `Next.js`, `Vue`, `Nuxt`, `Vite`, `Node.js`, `Nginx`, `Apache HTTP Server`, `Apache Tomcat` | 其余主流框架与运行时按 `rolling-24m` | `registry/advisories + registry/systems` | `core 全量 + 高价值 package` | `yes` | `family runner + advisory profile` | `浏览器/HTTP 混合` | `run bundle + timeline` | `dashboard + report` | `render / ingest / hotlane / reconcile ready` |
| 开源平台与后台系统 | `history-full` 不强制 | `phpMyAdmin`, `Adminer`, `Gitea`, `GitLab CE`, `Jenkins`, `Grafana`, `Kibana`, `Mattermost`, `Redmine` | `registry/advisories + registry/systems` | `高价值案例输出` | `yes` | `真实版本优先` | `Web 面板类强制` | `run bundle + screenshots` | `dashboard + report` | `render / ingest / hotlane / reconcile ready` |
| 修复示例库 | 不适用 | 不适用 | 不适用 | 由案例页反向链接 | `javascript-typescript`, `nodejs`, `java`, `php`, `python`, `ruby`, `csharp`, `go` | `由案例反向映射` | `不适用` | `不适用` | `索引页` | `render ready` |
| 自动化入库与实证 | `backfill --tier history-full` | `ingest --since`, `reconcile` | `registry + generated + registry/runs` | `基于 render_policy` | `front matter 反向链接` | `queue + run-case / run-batch` | `Playwright required for browser cases` | `report.md / report.html / timeline.mmd` | `serve-dashboard` | `open-pr / cron ready` |
## 当前覆盖对象
当前 `source-map.yaml` 已纳入 62 个主流开源 Web 系统,分为五组:
- CMS / 内容平台WordPress、Drupal、Joomla、Ghost、Strapi、Directus、MediaWiki、Moodle、Discourse
- 电商系统Adobe Commerce、Magento Open Source、OpenMage / Mage-OS、WooCommerce、PrestaShop、Shopware、OpenCart、Saleor、Medusa
- Web 框架与运行时React、Next.js、Vue、Nuxt、Vite、Angular、SvelteKit、Astro、Express、NestJS、Koa、Fastify、Hapi、Node.js、Undici、webpack、esbuild、Spring Framework、Spring Security、Spring Boot、Laravel、Symfony、Django、Flask、Werkzeug、Rails、ASP.NET Core、Gin、Echo
- 服务器与边界层Nginx、Apache HTTP Server、Apache Tomcat、Caddy、Traefik、HAProxy
- 常见开源平台phpMyAdmin、Adminer、Gitea、GitLab CE、Jenkins、Grafana、Kibana、Mattermost、Redmine
## 自动化入口
```bash
python3 /Users/x/websafe/scripts/intel/main.py render
python3 /Users/x/websafe/scripts/intel/main.py validate
python3 /Users/x/websafe/scripts/intel/main.py hotlane
python3 /Users/x/websafe/scripts/intel/main.py ingest --since last-success
python3 /Users/x/websafe/scripts/intel/main.py reconcile
python3 /Users/x/websafe/scripts/intel/main.py backfill --tier history-full --dry-run
python3 /Users/x/websafe/scripts/intel/main.py open-pr --dry-run
python3 /Users/x/websafe/scripts/lab/main.py catalog sync
python3 /Users/x/websafe/scripts/lab/main.py validate
python3 /Users/x/websafe/scripts/lab/main.py run-case --case nextjs--CVE-2025-29927 --dry-run
python3 /Users/x/websafe/scripts/lab/main.py run-batch --only-hotlane --limit 10
python3 /Users/x/websafe/scripts/lab/main.py serve-dashboard --port 8734
```
本地 dashboard 路由:
- `/index.html`
- 默认正式 UI,使用本地化 Lovart 视觉壳层
- `/legacy/index.html`
- 旧版工作台回退入口
- `/docs/design-source.html`
- 设计来源与本地化说明
- `/docs/architecture-library.html`
- 当前架构库结构化镜像页
计划中的本机 cron 入口:
- [run-hourly.sh](/Users/x/websafe/scripts/intel/run-hourly.sh) 处理 KEV / 在野利用 / 极高优先级更新,并触发 hotlane 实证队列
- [run-nightly.sh](/Users/x/websafe/scripts/intel/run-nightly.sh) 处理常规增量同步、批量实证、dashboard 渲染和 PR
- [run-weekly-reconcile.sh](/Users/x/websafe/scripts/intel/run-weekly-reconcile.sh) 对齐最近 30 天更新,并重跑失败/阻塞任务
## 本地实证链路
每条 advisory 的自动链路固定为:
1. `registry/advisories/*.json` 选中 case。
2. `repro-map.yaml + repro-profiles/` 解析到 repro family / advisory profile。
3. `00-environments/catalog + profiles` 生成 compose 拓扑和靶站参数。
4. `scripts/lab/main.py run-case` 拉起环境、收集 baseline、执行受控攻击链。
5. 前端类 case 强制走 Playwright 浏览器回放,生成截图、DOM、console、network 证据。
6. 生成 `06-case-studies/generated-runs/&lt;run-id&gt;/` 报告和 `08-threat-intel/registry/runs/&lt;run-id&gt;.json`。
7. 自动回写 registry、系统 INDEX、案例页和 dashboard。
## 实验边界
- `05-defense/` 下的配置样例用于实验观测、对抗演示、修复映射和反例说明,不应被误当成生产安全基线。
- `07-framework-security/` 下的系统页默认绑定 `lab-local`、`lab-public`、`authorized-third-party` 三类目标,并明确禁止未授权公网使用。
- `08-threat-intel/registry/` 是“所有具体 advisory”的正式载体;并非所有记录都强制生成独立 Markdown 页面。
- `08-threat-intel/generated/` 是人类可读摘要层,实际覆盖和路由以 `source-map.yaml` 与 `registry/` 为准。
## 使用前提
- 在运行任何工具前,先阅读 [授权模型](/Users/x/websafe/09-scope-and-targeting/authorization-model.md)。
- 对公网目标执行验证性测试时,必须能证明资产归属,或已获得明确授权。
- 优先采用只读探测、最小化注入、可回滚验证和可审计日志。
## 免责声明
本仓库仅用于授权安全测试、安全研究和教学实验。未经授权对第三方系统执行扫描、注入、爆破、绕过或枚举行为可能违法。
</pre>
</div>
</main>
</body>
</html>

4
08-threat-intel/generated/dashboard/docs/secure-code-index.html
查看文件

@@ -82,10 +82,10 @@
<main>
<div class="panel">
<div class="actions">
<a class="chip" href="../index.html">Back to dashboard</a>
<a class="chip" href="../index.html">返回工作台</a>
</div>
<h1>安全编码修复库索引</h1>
<div class="meta">Dashboard-local mirror of the secure-code library index.</div>
<div class="meta">工作台内置镜像页secure-code 修复主题索引。</div>
<pre># 安全编码修复库
&gt; `LAB ONLY` | 修复主题用于把实验发现映射回代码整改,不代表默认生产基线。

2096
08-threat-intel/generated/dashboard/docs/source-map.html 普通文件
查看文件

文件差异内容过多而无法显示 加载差异