hao/websafe-kb
1
0
派生 0
代码 工单 合并请求 1 工作流 软件包 项目 发布 百科 活动

更新: 77 个文件 - 2026-03-17 00:30:01

浏览代码
这个提交包含在:
hao
2026-03-17 00:30:01 -07:00
父节点 1f2744825f
当前提交 9796fa6d4c
修改 77 个文件,包含 7682 行新增242 行删除
下载 Patch 文件 下载 Diff 文件 展开所有文件 折叠所有文件

2
07-framework-security/cms/directus/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T07:06:35+00:00`
- 最近渲染时间: `2026-03-17T07:27:10+00:00`
## 目标约束

2
07-framework-security/cms/discourse/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T07:06:35+00:00`
- 最近渲染时间: `2026-03-17T07:27:10+00:00`
## 目标约束

2
07-framework-security/cms/drupal/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T07:06:35+00:00`
- 最近渲染时间: `2026-03-17T07:27:10+00:00`
## 目标约束

2
07-framework-security/cms/ghost/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T07:06:35+00:00`
- 最近渲染时间: `2026-03-17T07:27:10+00:00`
## 目标约束

2
07-framework-security/cms/joomla/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T07:06:35+00:00`
- 最近渲染时间: `2026-03-17T07:27:10+00:00`
## 目标约束

2
07-framework-security/cms/mediawiki/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T07:06:35+00:00`
- 最近渲染时间: `2026-03-17T07:27:10+00:00`
## 目标约束

2
07-framework-security/cms/moodle/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T07:06:35+00:00`
- 最近渲染时间: `2026-03-17T07:27:10+00:00`
## 目标约束

2
07-framework-security/cms/strapi/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T07:06:35+00:00`
- 最近渲染时间: `2026-03-17T07:27:10+00:00`
## 目标约束

2
07-framework-security/cms/wordpress/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T07:06:35+00:00`
- 最近渲染时间: `2026-03-17T07:27:10+00:00`
## 目标约束

2
07-framework-security/ecommerce/adobe-commerce/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T07:06:35+00:00`
- 最近渲染时间: `2026-03-17T07:27:10+00:00`
## 目标约束

2
07-framework-security/ecommerce/magento-open-source/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T07:06:35+00:00`
- 最近渲染时间: `2026-03-17T07:27:10+00:00`
## 目标约束

2
07-framework-security/ecommerce/medusa/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T07:06:35+00:00`
- 最近渲染时间: `2026-03-17T07:27:10+00:00`
## 目标约束

2
07-framework-security/ecommerce/opencart/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T07:06:35+00:00`
- 最近渲染时间: `2026-03-17T07:27:10+00:00`
## 目标约束

2
07-framework-security/ecommerce/openmage/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T07:06:35+00:00`
- 最近渲染时间: `2026-03-17T07:27:10+00:00`
## 目标约束

2
07-framework-security/ecommerce/prestashop/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T07:06:35+00:00`
- 最近渲染时间: `2026-03-17T07:27:10+00:00`
## 目标约束

2
07-framework-security/ecommerce/saleor/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T07:06:35+00:00`
- 最近渲染时间: `2026-03-17T07:27:10+00:00`
## 目标约束

2
07-framework-security/ecommerce/shopware/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T07:06:35+00:00`
- 最近渲染时间: `2026-03-17T07:27:10+00:00`
## 目标约束

2
07-framework-security/ecommerce/woocommerce/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T07:06:35+00:00`
- 最近渲染时间: `2026-03-17T07:27:10+00:00`
## 目标约束

2
07-framework-security/frameworks/angular/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T07:06:37+00:00`
- 最近渲染时间: `2026-03-17T07:27:12+00:00`
## 目标约束

2
07-framework-security/frameworks/aspnet-core/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T07:06:38+00:00`
- 最近渲染时间: `2026-03-17T07:27:13+00:00`
## 目标约束

2
07-framework-security/frameworks/astro/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T07:06:37+00:00`
- 最近渲染时间: `2026-03-17T07:27:12+00:00`
## 目标约束

2
07-framework-security/frameworks/django/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T07:06:38+00:00`
- 最近渲染时间: `2026-03-17T07:27:13+00:00`
## 目标约束

2
07-framework-security/frameworks/echo/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T07:06:38+00:00`
- 最近渲染时间: `2026-03-17T07:27:13+00:00`
## 目标约束

2
07-framework-security/frameworks/esbuild/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T07:06:38+00:00`
- 最近渲染时间: `2026-03-17T07:27:13+00:00`
## 目标约束

2
07-framework-security/frameworks/express/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T07:06:37+00:00`
- 最近渲染时间: `2026-03-17T07:27:12+00:00`
## 目标约束

2
07-framework-security/frameworks/fastify/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T07:06:37+00:00`
- 最近渲染时间: `2026-03-17T07:27:12+00:00`
## 目标约束

2
07-framework-security/frameworks/flask/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T07:06:38+00:00`
- 最近渲染时间: `2026-03-17T07:27:13+00:00`
## 目标约束

2
07-framework-security/frameworks/gin/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T07:06:38+00:00`
- 最近渲染时间: `2026-03-17T07:27:13+00:00`
## 目标约束

2
07-framework-security/frameworks/hapi/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T07:06:37+00:00`
- 最近渲染时间: `2026-03-17T07:27:12+00:00`
## 目标约束

2
07-framework-security/frameworks/koa/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T07:06:37+00:00`
- 最近渲染时间: `2026-03-17T07:27:12+00:00`
## 目标约束

2
07-framework-security/frameworks/laravel/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T07:06:38+00:00`
- 最近渲染时间: `2026-03-17T07:27:13+00:00`
## 目标约束

2
07-framework-security/frameworks/nestjs/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T07:06:37+00:00`
- 最近渲染时间: `2026-03-17T07:27:12+00:00`
## 目标约束

2
07-framework-security/frameworks/nextjs/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `26`
- 最近渲染时间: `2026-03-17T07:06:36+00:00`
- 最近渲染时间: `2026-03-17T07:27:12+00:00`
## 目标约束

2
07-framework-security/frameworks/nodejs/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T07:06:37+00:00`
- 最近渲染时间: `2026-03-17T07:27:12+00:00`
## 目标约束

2
07-framework-security/frameworks/nuxt/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T07:06:36+00:00`
- 最近渲染时间: `2026-03-17T07:27:12+00:00`
## 目标约束

2
07-framework-security/frameworks/rails/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T07:06:38+00:00`
- 最近渲染时间: `2026-03-17T07:27:13+00:00`
## 目标约束

2
07-framework-security/frameworks/react/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T07:06:35+00:00`
- 最近渲染时间: `2026-03-17T07:27:10+00:00`
## 目标约束

2
07-framework-security/frameworks/spring-boot/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T07:06:38+00:00`
- 最近渲染时间: `2026-03-17T07:27:13+00:00`
## 目标约束

2
07-framework-security/frameworks/spring-framework/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T07:06:38+00:00`
- 最近渲染时间: `2026-03-17T07:27:13+00:00`
## 目标约束

2
07-framework-security/frameworks/spring-security/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T07:06:38+00:00`
- 最近渲染时间: `2026-03-17T07:27:13+00:00`
## 目标约束

2
07-framework-security/frameworks/sveltekit/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T07:06:37+00:00`
- 最近渲染时间: `2026-03-17T07:27:12+00:00`
## 目标约束

2
07-framework-security/frameworks/symfony/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T07:06:38+00:00`
- 最近渲染时间: `2026-03-17T07:27:13+00:00`
## 目标约束

2
07-framework-security/frameworks/undici/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `14`
- 最近渲染时间: `2026-03-17T07:06:38+00:00`
- 最近渲染时间: `2026-03-17T07:27:13+00:00`
## 目标约束

2
07-framework-security/frameworks/vite/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `12`
- 最近渲染时间: `2026-03-17T07:06:37+00:00`
- 最近渲染时间: `2026-03-17T07:27:12+00:00`
## 目标约束

2
07-framework-security/frameworks/vue/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T07:06:36+00:00`
- 最近渲染时间: `2026-03-17T07:27:12+00:00`
## 目标约束

2
07-framework-security/frameworks/webpack/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T07:06:38+00:00`
- 最近渲染时间: `2026-03-17T07:27:13+00:00`
## 目标约束

2
07-framework-security/frameworks/werkzeug/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T07:06:38+00:00`
- 最近渲染时间: `2026-03-17T07:27:13+00:00`
## 目标约束

2
07-framework-security/platforms/adminer/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T07:06:38+00:00`
- 最近渲染时间: `2026-03-17T07:27:13+00:00`
## 目标约束

2
07-framework-security/platforms/gitea/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `1`
- 待人工/缺浏览器证据: `36`
- 最近渲染时间: `2026-03-17T07:06:40+00:00`
- 最近渲染时间: `2026-03-17T07:27:15+00:00`
## 目标约束

2
07-framework-security/platforms/gitlab-ce/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T07:06:40+00:00`
- 最近渲染时间: `2026-03-17T07:27:15+00:00`
## 目标约束

2
07-framework-security/platforms/grafana/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T07:06:40+00:00`
- 最近渲染时间: `2026-03-17T07:27:15+00:00`
## 目标约束

2
07-framework-security/platforms/jenkins/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T07:06:40+00:00`
- 最近渲染时间: `2026-03-17T07:27:15+00:00`
## 目标约束

2
07-framework-security/platforms/kibana/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T07:06:40+00:00`
- 最近渲染时间: `2026-03-17T07:27:15+00:00`
## 目标约束

2
07-framework-security/platforms/mattermost/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T07:06:40+00:00`
- 最近渲染时间: `2026-03-17T07:27:15+00:00`
## 目标约束

2
07-framework-security/platforms/phpmyadmin/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T07:06:38+00:00`
- 最近渲染时间: `2026-03-17T07:27:13+00:00`
## 目标约束

2
07-framework-security/platforms/redmine/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T07:06:40+00:00`
- 最近渲染时间: `2026-03-17T07:27:15+00:00`
## 目标约束

2
07-framework-security/servers/apache-httpd/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T07:06:38+00:00`
- 最近渲染时间: `2026-03-17T07:27:13+00:00`
## 目标约束

2
07-framework-security/servers/apache-tomcat/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T07:06:38+00:00`
- 最近渲染时间: `2026-03-17T07:27:13+00:00`
## 目标约束

2
07-framework-security/servers/caddy/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T07:06:38+00:00`
- 最近渲染时间: `2026-03-17T07:27:13+00:00`
## 目标约束

2
07-framework-security/servers/haproxy/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T07:06:38+00:00`
- 最近渲染时间: `2026-03-17T07:27:13+00:00`
## 目标约束

2
07-framework-security/servers/nginx/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T07:06:38+00:00`
- 最近渲染时间: `2026-03-17T07:27:13+00:00`
## 目标约束

2
07-framework-security/servers/traefik/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T07:06:38+00:00`
- 最近渲染时间: `2026-03-17T07:27:13+00:00`
## 目标约束

3558
08-threat-intel/generated/dashboard/advisories.json 普通文件
查看文件

文件差异因一行或多行过长而隐藏

507
08-threat-intel/generated/dashboard/assets/app.js 普通文件
查看文件

@@ -0,0 +1,507 @@
const state = {
summary: null,
runs: [],
systems: [],
advisories: {},
profiles: {},
selectedRunId: null,
selectedArtifact: null,
filters: { search: "", system: "", status: "", family: "" },
autoRefresh: true,
refreshMs: 5000,
refreshHandle: null,
};
const $ = (id) => document.getElementById(id);
const statusClass = (status) => `status-pill ${({
"blocked-artifact": "status-blocked-artifact",
"blocked-destructive": "status-blocked-destructive",
"triage-manual": "status-triage-manual",
"verified-real": "status-verified-real",
"verified-synthetic": "status-verified-synthetic",
"suspected": "status-suspected",
"completed": "status-verified-real",
"failed": "status-blocked-artifact",
"skipped": "status-triage-manual"
})[status] || "status-default"}`;
function escapeHtml(value) {
return String(value ?? "")
.replaceAll("&", "&")
.replaceAll("<", "&lt;")
.replaceAll(">", "&gt;")
.replaceAll('"', "&quot;");
}
function timeAgo(value) {
if (!value) return "-";
const diff = Date.now() - new Date(value).getTime();
if (Number.isNaN(diff)) return value;
const seconds = Math.floor(diff / 1000);
if (seconds < 60) return `${seconds}s ago`;
const minutes = Math.floor(seconds / 60);
if (minutes < 60) return `${minutes}m ago`;
const hours = Math.floor(minutes / 60);
if (hours < 24) return `${hours}h ago`;
const days = Math.floor(hours / 24);
return `${days}d ago`;
}
async function fetchJson(url) {
const response = await fetch(`${url}?t=${Date.now()}`, { cache: "no-store" });
if (!response.ok) {
throw new Error(`${url} -> ${response.status}`);
}
return response.json();
}
async function loadData(preserveSelection = true) {
$("syncState").innerHTML = `<span class="dot"></span><strong>Refreshing</strong><span>${new Date().toLocaleTimeString()}</span>`;
const previousRun = state.selectedRunId;
try {
const [summary, runs, systems, advisories, profiles] = await Promise.all([
fetchJson("./summary.json"),
fetchJson("./runs.json"),
fetchJson("./systems.json"),
fetchJson("./advisories.json"),
fetchJson("./profiles.json"),
]);
state.summary = summary;
state.runs = runs;
state.systems = systems;
state.advisories = advisories;
state.profiles = profiles;
hydrateFilterOptions();
const hashRun = location.hash.startsWith("#run=") ? location.hash.replace("#run=", "") : null;
const selectedCandidate = preserveSelection ? (hashRun || previousRun) : hashRun;
if (selectedCandidate && runs.some((item) => item.run_id === selectedCandidate)) {
state.selectedRunId = selectedCandidate;
} else {
state.selectedRunId = runs[0]?.run_id || null;
}
renderDashboard();
$("syncState").innerHTML = `<span class="dot"></span><strong>Live</strong><span>${summary.generated_at || new Date().toISOString()}</span>`;
} catch (error) {
$("syncState").innerHTML = `<span class="dot"></span><strong>Load Failed</strong><span>${escapeHtml(error.message)}</span>`;
$("runList").innerHTML = `<div class="empty-state">Dashboard load failed: ${escapeHtml(error.message)}</div>`;
$("detailRoot").innerHTML = `<div class="glass-panel empty-state">Unable to load dashboard data. Check generated JSON and local static server state.</div>`;
}
}
function filteredRuns() {
return state.runs.filter((item) => {
if (state.filters.system && item.system_id !== state.filters.system) return false;
if (state.filters.status && item.verification_status !== state.filters.status) return false;
if (state.filters.family && item.repro_profile_id !== state.filters.family) return false;
if (!state.filters.search) return true;
const advisoryTitle = item.advisory_meta?.title || "";
const haystack = [item.run_id, item.advisory_id, item.system_id, item.repro_profile_id, advisoryTitle]
.join(" ")
.toLowerCase();
return haystack.includes(state.filters.search);
});
}
function renderMetrics() {
const metrics = [
{ label: "Advisories", value: state.summary?.advisory_count ?? 0 },
{ label: "Run Bundles", value: state.summary?.run_count ?? 0 },
...Object.entries(state.summary?.statuses || {}).map(([label, value]) => ({ label, value })),
];
$("metrics").innerHTML = metrics
.map((item) => `<article class="meta-card"><strong>${escapeHtml(item.label)}</strong><span>${escapeHtml(item.value)}</span></article>`)
.join("");
}
function renderSystemCoverage() {
$("systemCoverage").innerHTML = state.systems
.map((system) => {
const total = Math.max(system.total || 0, 1);
const verified = (system.verified_real || 0) + (system.verified_synthetic || 0);
const fill = Math.round((verified / total) * 100);
return `
<div class="system-card">
<div class="run-card-top">
<strong>${escapeHtml(system.display_name || system.system_id)}</strong>
<span class="tag">${escapeHtml(system.browser_present || 0)}/${escapeHtml(system.browser_required || 0)} browser</span>
</div>
<div class="mini-muted">${escapeHtml(system.system_id)} · latest ${escapeHtml(system.latest_update || "-")}</div>
<div class="tag-row" style="margin-top:10px;">
<span class="tag">real ${escapeHtml(system.verified_real || 0)}</span>
<span class="tag">synthetic ${escapeHtml(system.verified_synthetic || 0)}</span>
<span class="tag">blocked ${escapeHtml(system.blocked || 0)}</span>
<span class="tag">manual ${escapeHtml(system.manual || 0)}</span>
</div>
<div class="meter"><span style="--fill:${fill}%"></span></div>
</div>
`;
})
.join("");
}
function renderFailures() {
const failures = state.summary?.recent_failures || [];
$("failureFeed").innerHTML = failures.length
? failures
.map((item) => `
<div class="failure-item">
<div class="run-card-top">
<strong>${escapeHtml(item.run_id)}</strong>
<span class="${statusClass(item.status)}">${escapeHtml(item.status)}</span>
</div>
<div class="mini-muted" style="margin-top:8px;">${escapeHtml(item.title || item.advisory_id)}</div>
<div class="mini-muted" style="margin-top:8px;">${escapeHtml(item.blocked_reason || "-")}</div>
</div>
`)
.join("")
: `<div class="empty-state">No recent blockers.</div>`;
}
function renderRunList() {
const filtered = filteredRuns();
$("runCount").textContent = `${filtered.length} shown`;
$("runList").innerHTML = filtered.length
? filtered
.map((item) => {
const active = item.run_id === state.selectedRunId ? "is-active" : "";
const title = item.advisory_meta?.title || item.advisory_id;
const reasoning = item.reasoning_lines?.[0] || item.blocked_reason || "";
return `
<button class="run-card ${active}" data-run-id="${escapeHtml(item.run_id)}">
<div class="run-card-top">
<code>${escapeHtml(item.run_id)}</code>
<span class="${statusClass(item.verification_status)}">${escapeHtml(item.verification_status)}</span>
</div>
<h4>${escapeHtml(title)}</h4>
<div class="mini-muted">${escapeHtml(item.system_id)} · ${escapeHtml(item.repro_profile_id)} · ${escapeHtml(timeAgo(item.finished_at))}</div>
<div class="tag-row" style="margin-top:10px;">
<span class="tag">timeline ${escapeHtml(item.timeline?.length || 0)}</span>
<span class="tag">artifacts ${escapeHtml((item.artifact_groups || []).reduce((sum, group) => sum + group.count, 0))}</span>
<span class="tag">browser ${item.browser_evidence?.present ? "ready" : "missing"}</span>
</div>
<div class="mini-muted" style="margin-top:10px;">${escapeHtml(reasoning)}</div>
</button>
`;
})
.join("")
: `<div class="empty-state">No runs match the current filters.</div>`;
document.querySelectorAll("[data-run-id]").forEach((button) => {
button.addEventListener("click", () => {
state.selectedRunId = button.dataset.runId;
location.hash = `run=${state.selectedRunId}`;
renderRunList();
renderDetail();
});
});
}
function renderDashboard() {
renderMetrics();
renderSystemCoverage();
renderFailures();
renderRunList();
renderDetail();
}
function setFilterListeners() {
[["searchInput", "search"], ["systemFilter", "system"], ["statusFilter", "status"], ["familyFilter", "family"]].forEach(([id, key]) => {
$(id).addEventListener("input", (event) => {
state.filters[key] = String(event.target.value || "").trim().toLowerCase();
if (key !== "search") {
state.filters[key] = String(event.target.value || "");
}
renderRunList();
});
});
}
function hydrateFilterOptions() {
const distinct = (items) => [...new Set(items.filter(Boolean))].sort();
const patchOptions = (id, values) => {
const control = $(id);
const current = control.value;
control.innerHTML = control.dataset.base;
control.innerHTML += distinct(values).map((value) => `<option value="${escapeHtml(value)}">${escapeHtml(value)}</option>`).join("");
control.value = current;
};
patchOptions("systemFilter", state.runs.map((item) => item.system_id));
patchOptions("statusFilter", state.runs.map((item) => item.verification_status));
patchOptions("familyFilter", state.runs.map((item) => item.repro_profile_id));
}
function defaultArtifact(run) {
const preference = ["requests", "container", "browser", "compose", "reports"];
for (const key of preference) {
const group = (run.artifact_groups || []).find((item) => item.key === key && item.items?.length);
if (!group) continue;
const preferredText = group.items.find((item) => item.kind === "text");
return preferredText || group.items[0];
}
return null;
}
async function openArtifact(href, label, kind) {
state.selectedArtifact = { href, label, kind };
document.querySelectorAll(".artifact-button").forEach((button) => {
button.classList.toggle("is-active", button.dataset.href === href);
});
$("artifactLabel").textContent = label;
$("artifactOpen").href = href;
$("artifactMeta").textContent = href;
try {
if (kind === "image") {
$("artifactViewer").innerHTML = `<img src="${escapeHtml(href)}?t=${Date.now()}" alt="${escapeHtml(label)}">`;
return;
}
if (href.endsWith(".html")) {
$("artifactViewer").innerHTML = `<iframe src="${escapeHtml(href)}?t=${Date.now()}" style="width:100%;height:560px;border:0;background:white;"></iframe>`;
return;
}
const response = await fetch(`${href}?t=${Date.now()}`, { cache: "no-store" });
if (!response.ok) throw new Error(`${href} -> ${response.status}`);
const text = await response.text();
let formatted = text;
if (href.endsWith(".json")) {
try {
formatted = JSON.stringify(JSON.parse(text), null, 2);
} catch (_error) {
}
}
$("artifactViewer").innerHTML = `<pre>${escapeHtml(formatted)}</pre>`;
} catch (error) {
$("artifactViewer").innerHTML = `<pre>Artifact load failed: ${escapeHtml(error.message)}</pre>`;
}
}
function renderDetail() {
const run = state.runs.find((item) => item.run_id === state.selectedRunId);
if (!run) {
$("detailRoot").innerHTML = `<div class="glass-panel empty-state">Select a run to inspect full timeline, logs, sources, and reasoning.</div>`;
return;
}
const advisory = run.advisory_meta || {};
const profile = run.profile_meta || {};
const screenshotItems = (run.artifact_groups || [])
.find((group) => group.key === "browser")
?.items.filter((item) => item.kind === "image") || [];
$("detailRoot").innerHTML = `
<section class="glass-panel detail-hero">
<div class="eyebrow">Local Verification Workspace</div>
<div class="flex-row" style="margin-top:14px;">
<span class="${statusClass(run.verification_status)}">${escapeHtml(run.verification_status)}</span>
<div class="tag-row">
<span class="tag">${escapeHtml(run.system_id)}</span>
<span class="tag">${escapeHtml(run.repro_profile_id)}</span>
<span class="tag">${escapeHtml(run.artifact_mode)}</span>
<span class="tag">${escapeHtml(run.verification_mode)}</span>
</div>
</div>
<h2 class="detail-headline">${escapeHtml(advisory.title || run.advisory_id)}</h2>
<p class="mini-muted">${escapeHtml(advisory.summary || "No summary available.")}</p>
<div class="link-row" style="margin-top:18px;">
<a class="chip" href="${escapeHtml(run.dashboard_refs.report_html)}" target="_blank" rel="noreferrer">Open HTML report</a>
<a class="ghost-chip" href="${escapeHtml(run.dashboard_refs.report_md)}" target="_blank" rel="noreferrer">Open Markdown</a>
<a class="ghost-chip" href="${escapeHtml(run.dashboard_refs.bundle)}" target="_blank" rel="noreferrer">Open run JSON</a>
</div>
<div class="stat-grid">
<article class="stat-card"><strong>Timeline Steps</strong><span>${escapeHtml(run.timeline?.length || 0)}</span></article>
<article class="stat-card"><strong>Artifacts</strong><span>${escapeHtml((run.artifact_groups || []).reduce((sum, group) => sum + group.count, 0))}</span></article>
<article class="stat-card"><strong>Browser</strong><span>${run.browser_evidence?.present ? "Ready" : "Missing"}</span></article>
<article class="stat-card"><strong>Finished</strong><span>${escapeHtml(timeAgo(run.finished_at))}</span></article>
</div>
</section>
<div class="detail-grid">
<div class="stack">
<details class="glass-panel accordion" open>
<summary><span>Progress Timeline</span><span class="tag">${escapeHtml(run.timeline?.length || 0)} steps</span></summary>
<div class="accordion-content">
<div class="tag-row" style="margin-bottom:14px;">
<span class="tag">completed ${escapeHtml(run.progress?.completed || 0)}</span>
<span class="tag">blocked ${escapeHtml(run.progress?.blocked || 0)}</span>
<span class="tag">skipped ${escapeHtml(run.progress?.skipped || 0)}</span>
<span class="tag">failed ${escapeHtml(run.progress?.failed || 0)}</span>
</div>
<div class="timeline-list">
${(run.timeline || []).map((item) => `
<article class="timeline-item">
<div class="mini-muted">${escapeHtml(item.at || "-")}</div>
<div class="timeline-step">${escapeHtml(item.step || "-")}</div>
<div>
<div class="${statusClass(item.status || "default")}">${escapeHtml(item.status || "unknown")}</div>
<div class="mini-muted" style="margin-top:8px;">${escapeHtml(item.detail || "-")}</div>
</div>
</article>
`).join("") || `<div class="empty-state">No timeline items available.</div>`}
</div>
</div>
</details>
<details class="glass-panel accordion" open>
<summary><span>Attack Plan & Reasoning</span><span class="tag">${escapeHtml(profile.vuln_family || "unknown")}</span></summary>
<div class="accordion-content">
${run.blocked_reason ? `<div class="failure-callout"><strong>Failure reason</strong><div class="mini-muted" style="margin-top:8px;">${escapeHtml(run.blocked_reason)}</div></div>` : ""}
<div class="tag-row" style="margin:16px 0;">
<span class="tag">destructive risk ${escapeHtml(profile.destructive_risk || "-")}</span>
<span class="tag">cleanup ${escapeHtml(profile.cleanup_policy || "-")}</span>
<span class="tag">targets ${(profile.allowed_target_types || []).join(", ") || "-"}</span>
</div>
<div class="stack" style="gap:12px;">
${(run.reasoning_lines || []).map((line) => `<div class="system-card">${escapeHtml(line)}</div>`).join("")}
</div>
<div class="tag-row" style="margin-top:16px;">
${(profile.success_criteria || []).map((line) => `<span class="tag">${escapeHtml(line)}</span>`).join("")}
</div>
</div>
</details>
<details class="glass-panel accordion" open>
<summary><span>Evidence Explorer</span><span class="tag">${escapeHtml((run.artifact_groups || []).length)} groups</span></summary>
<div class="accordion-content">
${(run.artifact_groups || []).map((group) => `
<section class="artifact-group">
<h4>${escapeHtml(group.label)} · ${escapeHtml(group.count)}</h4>
<div class="artifact-row">
${group.items.map((item) => `
<button class="artifact-button" data-href="${escapeHtml(item.href)}" data-kind="${escapeHtml(item.kind)}" data-label="${escapeHtml(item.label)}">
<span>${escapeHtml(item.label)}</span>
<span class="mini-muted">${escapeHtml(item.kind)}</span>
</button>
`).join("")}
</div>
</section>
`).join("") || `<div class="empty-state">No artifacts linked for this run.</div>`}
${screenshotItems.length ? `
<div class="gallery" style="margin-top:12px;">
${screenshotItems.map((item) => `
<button class="gallery-item artifact-button" data-href="${escapeHtml(item.href)}" data-kind="${escapeHtml(item.kind)}" data-label="${escapeHtml(item.label)}">
<figure style="margin:0;">
<img src="${escapeHtml(item.href)}" alt="${escapeHtml(item.label)}">
<figcaption>${escapeHtml(item.label)}</figcaption>
</figure>
</button>
`).join("")}
</div>
` : ""}
</div>
</details>
<details class="glass-panel accordion" open>
<summary><span>Live Log Viewer</span><span class="tag">${state.selectedArtifact ? "active" : "idle"}</span></summary>
<div class="accordion-content">
<div class="log-viewer">
<div class="viewer-toolbar">
<div>
<strong id="artifactLabel">${escapeHtml(state.selectedArtifact?.label || "Select an artifact")}</strong>
<div class="mini-muted" id="artifactMeta">${escapeHtml(state.selectedArtifact?.href || "Artifacts and logs can be previewed here.")}</div>
</div>
<div class="tag-row">
<a id="artifactOpen" class="chip" href="${escapeHtml(state.selectedArtifact?.href || run.dashboard_refs.report_html)}" target="_blank" rel="noreferrer">Open artifact</a>
<button id="refreshArtifact" class="ghost-chip" type="button">Refresh preview</button>
</div>
</div>
<div class="viewer-frame" id="artifactViewer"><pre>Select a report, log, JSON, screenshot, or timeline file to preview it here.</pre></div>
</div>
</div>
</details>
</div>
<div class="stack">
<details class="glass-panel accordion" open>
<summary><span>Sources & Fix Topics</span><span class="tag">${escapeHtml((advisory.secondary_source_urls || []).length + (advisory.official_source_url ? 1 : 0))} links</span></summary>
<div class="accordion-content">
<div class="tag-row">
${(advisory.aliases || []).map((alias) => `<span class="tag">${escapeHtml(alias)}</span>`).join("")}
</div>
<div class="stack" style="gap:10px; margin-top:14px;">
${advisory.official_source_url ? `<a href="${escapeHtml(advisory.official_source_url)}" target="_blank" rel="noreferrer">${escapeHtml(advisory.official_source_url)}</a>` : `<div class="mini-muted">No official source linked.</div>`}
${(advisory.secondary_source_urls || []).map((ref) => `<a href="${escapeHtml(ref)}" target="_blank" rel="noreferrer">${escapeHtml(ref)}</a>`).join("")}
</div>
<div class="tag-row" style="margin-top:16px;">
${(advisory.secure_code_topics || []).map((topic) => `<span class="tag">${escapeHtml(topic)}</span>`).join("")}
</div>
</div>
</details>
<details class="glass-panel accordion">
<summary><span>Run JSON</span><span class="tag">raw</span></summary>
<div class="accordion-content"><pre class="json-block">${escapeHtml(JSON.stringify(run, null, 2))}</pre></div>
</details>
<details class="glass-panel accordion">
<summary><span>Advisory JSON</span><span class="tag">raw</span></summary>
<div class="accordion-content"><pre class="json-block">${escapeHtml(JSON.stringify(advisory, null, 2))}</pre></div>
</details>
<details class="glass-panel accordion">
<summary><span>Profile JSON</span><span class="tag">raw</span></summary>
<div class="accordion-content"><pre class="json-block">${escapeHtml(JSON.stringify(profile, null, 2))}</pre></div>
</details>
</div>
</div>
`;
document.querySelectorAll(".artifact-button").forEach((button) => {
button.addEventListener("click", () => openArtifact(button.dataset.href, button.dataset.label, button.dataset.kind));
});
$("refreshArtifact")?.addEventListener("click", () => {
if (state.selectedArtifact) {
openArtifact(state.selectedArtifact.href, state.selectedArtifact.label, state.selectedArtifact.kind);
}
});
if (!state.selectedArtifact || !(run.artifact_groups || []).some((group) => group.items.some((item) => item.href === state.selectedArtifact.href))) {
const artifact = defaultArtifact(run);
if (artifact) {
openArtifact(artifact.href, artifact.label, artifact.kind);
}
} else {
openArtifact(state.selectedArtifact.href, state.selectedArtifact.label, state.selectedArtifact.kind);
}
}
function attachGlobalActions() {
$("searchInput").addEventListener("input", (event) => {
state.filters.search = String(event.target.value || "").trim().toLowerCase();
renderRunList();
});
[["systemFilter", "system"], ["statusFilter", "status"], ["familyFilter", "family"]].forEach(([id, key]) => {
$(id).addEventListener("input", (event) => {
state.filters[key] = String(event.target.value || "");
renderRunList();
});
});
$("refreshDashboard").addEventListener("click", () => loadData(false));
$("autoRefresh").addEventListener("change", (event) => {
state.autoRefresh = Boolean(event.target.checked);
startRefreshLoop();
});
}
function startRefreshLoop() {
if (state.refreshHandle) {
clearInterval(state.refreshHandle);
state.refreshHandle = null;
}
if (!state.autoRefresh) return;
state.refreshHandle = setInterval(() => loadData(true), state.refreshMs);
}
async function init() {
["systemFilter", "statusFilter", "familyFilter"].forEach((id) => {
$(id).dataset.base = $(id).innerHTML;
});
attachGlobalActions();
await loadData(false);
startRefreshLoop();
window.addEventListener("hashchange", () => loadData(false));
}
document.addEventListener("DOMContentLoaded", init);

664
08-threat-intel/generated/dashboard/assets/styles.css 普通文件
查看文件

@@ -0,0 +1,664 @@
:root {
--bg: #07111f;
--panel: rgba(9, 18, 32, 0.86);
--panel-2: rgba(10, 24, 44, 0.92);
--panel-soft: rgba(18, 32, 56, 0.74);
--border: rgba(137, 171, 214, 0.22);
--text: #f7fafc;
--muted: #9fb3ca;
--accent: #5eead4;
--accent-2: #ffb86b;
--accent-3: #90cdf4;
--danger: #ff7b7b;
--warning: #ffd166;
--success: #6ee7a5;
--shadow: 0 24px 80px rgba(1, 7, 20, 0.45);
--radius: 20px;
}
* { box-sizing: border-box; }
html, body { margin: 0; min-height: 100%; }
body {
font-family: "IBM Plex Sans", "Avenir Next", "Segoe UI", sans-serif;
background:
radial-gradient(circle at top left, rgba(94, 234, 212, 0.15), transparent 28%),
radial-gradient(circle at top right, rgba(255, 184, 107, 0.18), transparent 22%),
linear-gradient(145deg, #050c16 0%, #08111f 44%, #0d1c31 100%);
color: var(--text);
overflow-x: hidden;
}
body::before {
content: "";
position: fixed;
inset: 0;
pointer-events: none;
background-image:
linear-gradient(rgba(255,255,255,0.03) 1px, transparent 1px),
linear-gradient(90deg, rgba(255,255,255,0.03) 1px, transparent 1px);
background-size: 32px 32px;
mask-image: radial-gradient(circle at center, black 36%, transparent 78%);
opacity: 0.28;
}
a { color: var(--accent); text-decoration: none; }
a:hover { text-decoration: underline; }
button, input, select {
font: inherit;
}
.dashboard-shell {
position: relative;
max-width: 1640px;
margin: 0 auto;
padding: 32px 24px 40px;
}
.hero {
position: sticky;
top: 0;
z-index: 20;
backdrop-filter: blur(18px);
background: linear-gradient(180deg, rgba(7, 17, 31, 0.94), rgba(7, 17, 31, 0.75));
border: 1px solid var(--border);
border-radius: 28px;
padding: 24px 24px 20px;
box-shadow: var(--shadow);
}
.hero-grid {
display: grid;
grid-template-columns: 1.6fr 1fr;
gap: 20px;
align-items: start;
}
.eyebrow {
display: inline-flex;
align-items: center;
gap: 8px;
color: var(--muted);
font-size: 0.88rem;
letter-spacing: 0.12em;
text-transform: uppercase;
}
.eyebrow::before {
content: "";
width: 10px;
height: 10px;
border-radius: 999px;
background: radial-gradient(circle, var(--accent), rgba(94, 234, 212, 0.15));
box-shadow: 0 0 24px rgba(94, 234, 212, 0.8);
animation: pulse 2.8s ease-in-out infinite;
}
.hero h1 {
margin: 12px 0 10px;
font-family: "IBM Plex Serif", "Iowan Old Style", Georgia, serif;
font-size: clamp(2rem, 4vw, 3.5rem);
line-height: 1.02;
}
.hero p {
margin: 0;
color: var(--muted);
max-width: 74ch;
}
.hero-actions {
display: flex;
flex-wrap: wrap;
gap: 12px;
margin-top: 18px;
}
.chip, .ghost-chip {
display: inline-flex;
align-items: center;
justify-content: center;
gap: 8px;
border-radius: 999px;
border: 1px solid var(--border);
padding: 10px 14px;
background: rgba(255,255,255,0.06);
color: var(--text);
}
.ghost-chip {
background: rgba(255,255,255,0.04);
}
.hero-meta {
display: grid;
grid-template-columns: repeat(2, minmax(0, 1fr));
gap: 14px;
}
.meta-card, .glass-panel {
background: var(--panel);
border: 1px solid var(--border);
border-radius: var(--radius);
box-shadow: var(--shadow);
}
.meta-card {
padding: 18px;
min-height: 116px;
}
.meta-card strong {
display: block;
color: var(--muted);
font-size: 0.84rem;
letter-spacing: 0.08em;
text-transform: uppercase;
}
.meta-card span {
display: block;
margin-top: 10px;
font-size: 2rem;
font-weight: 700;
}
.workspace {
display: grid;
grid-template-columns: 420px minmax(0, 1fr);
gap: 20px;
margin-top: 22px;
}
.sidebar {
display: flex;
flex-direction: column;
gap: 18px;
}
.panel-header {
display: flex;
align-items: center;
justify-content: space-between;
gap: 12px;
margin-bottom: 16px;
}
.panel-header h2, .panel-header h3 {
margin: 0;
font-size: 1rem;
letter-spacing: 0.04em;
text-transform: uppercase;
color: var(--muted);
}
.glass-panel {
padding: 18px;
background:
linear-gradient(180deg, rgba(255,255,255,0.04), transparent 35%),
var(--panel);
}
.filters {
display: grid;
gap: 12px;
}
.filters label {
display: grid;
gap: 6px;
color: var(--muted);
font-size: 0.9rem;
}
.filters input, .filters select {
width: 100%;
background: rgba(255,255,255,0.05);
color: var(--text);
border: 1px solid rgba(159, 179, 202, 0.18);
border-radius: 14px;
padding: 12px 14px;
}
.run-list {
display: grid;
gap: 12px;
max-height: calc(100vh - 460px);
overflow: auto;
padding-right: 4px;
}
.run-card {
width: 100%;
text-align: left;
padding: 16px;
border-radius: 18px;
border: 1px solid rgba(159, 179, 202, 0.14);
background: linear-gradient(180deg, rgba(255,255,255,0.05), rgba(255,255,255,0.03));
color: var(--text);
cursor: pointer;
transition: transform 180ms ease, border-color 180ms ease, background 180ms ease;
}
.run-card:hover, .run-card.is-active {
transform: translateY(-1px);
border-color: rgba(94, 234, 212, 0.42);
background: linear-gradient(180deg, rgba(94, 234, 212, 0.14), rgba(255,255,255,0.05));
}
.run-card-top, .flex-row {
display: flex;
align-items: center;
justify-content: space-between;
gap: 12px;
}
.run-card h4 {
margin: 10px 0 8px;
font-size: 1rem;
line-height: 1.35;
}
.mini-muted {
color: var(--muted);
font-size: 0.86rem;
}
.status-pill {
display: inline-flex;
align-items: center;
gap: 7px;
border-radius: 999px;
padding: 6px 10px;
font-size: 0.82rem;
font-weight: 700;
text-transform: uppercase;
letter-spacing: 0.06em;
border: 1px solid transparent;
}
.status-pill::before {
content: "";
width: 8px;
height: 8px;
border-radius: 999px;
background: currentColor;
box-shadow: 0 0 16px currentColor;
}
.status-blocked-artifact, .status-blocked-destructive {
color: var(--danger);
background: rgba(255, 123, 123, 0.14);
border-color: rgba(255, 123, 123, 0.24);
}
.status-triage-manual, .status-suspected {
color: var(--warning);
background: rgba(255, 209, 102, 0.14);
border-color: rgba(255, 209, 102, 0.24);
}
.status-verified-real {
color: var(--success);
background: rgba(110, 231, 165, 0.14);
border-color: rgba(110, 231, 165, 0.24);
}
.status-verified-synthetic {
color: var(--accent-3);
background: rgba(144, 205, 244, 0.14);
border-color: rgba(144, 205, 244, 0.24);
}
.status-default {
color: var(--accent);
background: rgba(94, 234, 212, 0.14);
border-color: rgba(94, 234, 212, 0.24);
}
.detail-view {
display: grid;
gap: 18px;
}
.detail-hero {
padding: 22px;
overflow: hidden;
position: relative;
}
.detail-hero::after {
content: "";
position: absolute;
inset: auto -20% -55% 25%;
height: 220px;
background: radial-gradient(circle, rgba(94, 234, 212, 0.2), transparent 55%);
pointer-events: none;
}
.detail-headline {
margin: 8px 0 12px;
font-family: "IBM Plex Serif", "Iowan Old Style", Georgia, serif;
font-size: clamp(1.6rem, 3vw, 2.8rem);
line-height: 1.08;
}
.tag-row, .link-row, .artifact-row {
display: flex;
flex-wrap: wrap;
gap: 10px;
}
.tag {
display: inline-flex;
align-items: center;
padding: 7px 10px;
border-radius: 999px;
background: rgba(255,255,255,0.06);
border: 1px solid rgba(159, 179, 202, 0.18);
color: var(--text);
font-size: 0.86rem;
}
.stat-grid {
display: grid;
grid-template-columns: repeat(4, minmax(0, 1fr));
gap: 12px;
margin-top: 18px;
}
.stat-card {
padding: 14px;
border-radius: 16px;
background: rgba(255,255,255,0.04);
border: 1px solid rgba(159, 179, 202, 0.16);
}
.stat-card strong {
display: block;
color: var(--muted);
font-size: 0.78rem;
text-transform: uppercase;
letter-spacing: 0.08em;
}
.stat-card span {
display: block;
margin-top: 10px;
font-size: 1.15rem;
font-weight: 700;
}
.detail-grid {
display: grid;
grid-template-columns: minmax(0, 1fr) 360px;
gap: 18px;
}
.stack {
display: grid;
gap: 18px;
}
.accordion {
overflow: hidden;
}
.accordion > summary {
list-style: none;
cursor: pointer;
padding: 18px 20px;
display: flex;
align-items: center;
justify-content: space-between;
gap: 12px;
}
.accordion > summary::-webkit-details-marker { display: none; }
.accordion > summary span {
font-size: 1rem;
text-transform: uppercase;
letter-spacing: 0.08em;
color: var(--muted);
}
.accordion .accordion-content {
padding: 0 20px 20px;
border-top: 1px solid rgba(159, 179, 202, 0.12);
}
.timeline-list {
display: grid;
gap: 12px;
}
.timeline-item {
display: grid;
grid-template-columns: 120px 180px minmax(0, 1fr);
gap: 12px;
padding: 12px 0;
border-bottom: 1px solid rgba(159, 179, 202, 0.12);
}
.timeline-item:last-child {
border-bottom: 0;
}
.timeline-step {
font-weight: 700;
}
.artifact-group {
margin-bottom: 14px;
}
.artifact-group h4 {
margin: 0 0 10px;
color: var(--muted);
font-size: 0.88rem;
text-transform: uppercase;
letter-spacing: 0.08em;
}
.artifact-button {
display: inline-flex;
align-items: center;
gap: 8px;
margin: 0 10px 10px 0;
padding: 10px 12px;
border-radius: 14px;
border: 1px solid rgba(159, 179, 202, 0.16);
background: rgba(255,255,255,0.05);
color: var(--text);
cursor: pointer;
}
.artifact-button:hover, .artifact-button.is-active {
border-color: rgba(94, 234, 212, 0.4);
background: rgba(94, 234, 212, 0.12);
}
.log-viewer {
min-height: 420px;
display: grid;
gap: 14px;
}
.viewer-toolbar {
display: flex;
flex-wrap: wrap;
justify-content: space-between;
gap: 10px;
align-items: center;
}
.viewer-frame {
background: rgba(2, 8, 22, 0.88);
border: 1px solid rgba(159, 179, 202, 0.18);
border-radius: 16px;
min-height: 300px;
overflow: hidden;
}
.viewer-frame pre {
margin: 0;
padding: 18px;
max-height: 560px;
overflow: auto;
font-family: "IBM Plex Mono", "SFMono-Regular", "Menlo", monospace;
font-size: 0.88rem;
line-height: 1.6;
color: #d6e5f5;
white-space: pre-wrap;
}
.viewer-frame img {
display: block;
width: 100%;
height: auto;
}
.gallery {
display: grid;
grid-template-columns: repeat(auto-fit, minmax(220px, 1fr));
gap: 14px;
}
.gallery button {
all: unset;
cursor: pointer;
border-radius: 18px;
overflow: hidden;
border: 1px solid rgba(159, 179, 202, 0.18);
background: rgba(255,255,255,0.04);
}
.gallery img {
display: block;
width: 100%;
aspect-ratio: 4 / 3;
object-fit: cover;
}
.gallery figcaption {
padding: 10px 12px 14px;
color: var(--muted);
font-size: 0.84rem;
}
.failure-callout {
padding: 16px 18px;
border-radius: 18px;
border: 1px solid rgba(255, 123, 123, 0.2);
background: rgba(255, 123, 123, 0.09);
}
.json-block {
background: rgba(2, 8, 22, 0.72);
border-radius: 16px;
border: 1px solid rgba(159, 179, 202, 0.14);
padding: 16px;
overflow: auto;
font-family: "IBM Plex Mono", "SFMono-Regular", monospace;
font-size: 0.84rem;
line-height: 1.55;
color: #c9d8e8;
}
.empty-state {
padding: 40px 24px;
text-align: center;
color: var(--muted);
}
.failure-feed {
display: grid;
gap: 10px;
}
.failure-item {
padding: 12px 14px;
border-radius: 16px;
background: rgba(255,255,255,0.04);
border: 1px solid rgba(159, 179, 202, 0.16);
}
.system-grid {
display: grid;
gap: 10px;
}
.system-card {
padding: 14px 16px;
border-radius: 16px;
background: rgba(255,255,255,0.04);
border: 1px solid rgba(159, 179, 202, 0.14);
}
.meter {
position: relative;
height: 10px;
border-radius: 999px;
background: rgba(255,255,255,0.08);
overflow: hidden;
margin-top: 10px;
}
.meter > span {
position: absolute;
inset: 0 auto 0 0;
width: var(--fill, 0%);
background: linear-gradient(90deg, var(--accent), var(--accent-2));
border-radius: inherit;
}
.sync-indicator {
display: inline-flex;
align-items: center;
gap: 8px;
}
.sync-indicator strong {
color: var(--text);
}
.dot {
width: 10px;
height: 10px;
border-radius: 999px;
background: var(--accent);
box-shadow: 0 0 18px rgba(94, 234, 212, 0.8);
}
@keyframes pulse {
0%, 100% { transform: scale(1); opacity: 0.88; }
50% { transform: scale(1.35); opacity: 1; }
}
@media (max-width: 1280px) {
.workspace, .detail-grid, .hero-grid {
grid-template-columns: 1fr;
}
.stat-grid {
grid-template-columns: repeat(2, minmax(0, 1fr));
}
}
@media (max-width: 760px) {
.dashboard-shell {
padding: 18px 14px 32px;
}
.hero {
position: static;
}
.stat-grid, .hero-meta {
grid-template-columns: 1fr;
}
.timeline-item {
grid-template-columns: 1fr;
}
}

159
08-threat-intel/generated/dashboard/index.html
查看文件

@@ -1,95 +1,80 @@
<!doctype html>
<html>
<html lang="zh-CN">
<head>
<meta charset="utf-8">
<title>websafe dashboard</title>
<style>
body { font-family: ui-sans-serif, system-ui, sans-serif; margin: 2rem; background: #f8fafc; color: #0f172a; }
h1, h2 { margin-bottom: .5rem; }
.cards { display: grid; grid-template-columns: repeat(auto-fit, minmax(180px, 1fr)); gap: 1rem; margin: 1rem 0 2rem; }
.card { background: white; border: 1px solid #cbd5e1; border-radius: 14px; padding: 1rem; box-shadow: 0 4px 18px rgba(15,23,42,.06); }
.filters { display:flex; flex-wrap:wrap; gap:.75rem; margin: 1rem 0; }
input, select { padding: .6rem .75rem; border: 1px solid #cbd5e1; border-radius: 10px; background: white; }
table { width: 100%%; border-collapse: collapse; background: white; border-radius: 12px; overflow: hidden; margin-bottom: 2rem; }
th, td { padding: .75rem; border-bottom: 1px solid #e2e8f0; text-align: left; font-size: .92rem; }
code { background: #e2e8f0; padding: .1rem .35rem; border-radius: 6px; }
.muted { color: #475569; }
</style>
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>websafe authorized lab dashboard</title>
<link rel="stylesheet" href="./assets/styles.css">
</head>
<body>
<h1>websafe Local Lab Dashboard</h1>
<p>LAB ONLY | AUTHORIZED TARGETS ONLY | 本地静态看板</p>
<div id="summary" class="cards"></div>
<h2>System Coverage</h2>
<table>
<thead><tr><th>System</th><th>Total</th><th>Verified Real</th><th>Verified Synthetic</th><th>Blocked</th><th>Manual</th><th>Browser</th><th>Latest</th></tr></thead>
<tbody id="systemRows"></tbody>
</table>
<h2>Recent Runs</h2>
<div class="filters">
<input id="search" placeholder="Search advisory or run id">
<select id="systemFilter"><option value="">All systems</option></select>
<select id="statusFilter"><option value="">All statuses</option></select>
<select id="familyFilter"><option value="">All profiles</option></select>
<div class="dashboard-shell">
<header class="hero">
<div class="hero-grid">
<div>
<div class="eyebrow">Authorized Lab Dashboard</div>
<h1>本地攻防实证工作台</h1>
<p>面向授权实验场景的本地静态前端。聚合 advisory、run bundle、日志、浏览器证据、失败原因、利用思路与源头信息,并支持可折叠细节与自动刷新。</p>
<div class="hero-actions">
<button id="refreshDashboard" class="chip" type="button">Refresh Dashboard</button>
<label class="ghost-chip"><input id="autoRefresh" type="checkbox" checked> Auto Refresh</label>
<a class="ghost-chip" href="./summary.json" target="_blank" rel="noreferrer">Open Summary JSON</a>
</div>
</div>
<div>
<div class="panel-header">
<h2>Sync State</h2>
<div id="syncState" class="sync-indicator"><span class="dot"></span><strong>Booting</strong><span>Loading generated JSON</span></div>
</div>
<div id="metrics" class="hero-meta"></div>
</div>
</div>
</header>
<div class="workspace">
<aside class="sidebar">
<section class="glass-panel">
<div class="panel-header">
<h2>Filters</h2>
<span id="runCount" class="tag">0 shown</span>
</div>
<div class="filters">
<label>Search
<input id="searchInput" placeholder="Search run id, advisory, title">
</label>
<label>System
<select id="systemFilter"><option value="">All systems</option></select>
</label>
<label>Status
<select id="statusFilter"><option value="">All statuses</option></select>
</label>
<label>Profile
<select id="familyFilter"><option value="">All profiles</option></select>
</label>
</div>
</section>
<section class="glass-panel">
<div class="panel-header"><h2>Systems</h2></div>
<div id="systemCoverage" class="system-grid"></div>
</section>
<section class="glass-panel">
<div class="panel-header"><h2>Recent Failures</h2></div>
<div id="failureFeed" class="failure-feed"></div>
</section>
<section class="glass-panel">
<div class="panel-header"><h2>Run Queue View</h2></div>
<div id="runList" class="run-list"></div>
</section>
</aside>
<main id="detailRoot" class="detail-view">
<div class="glass-panel empty-state">Select a run to inspect full details.</div>
</main>
</div>
</div>
<table>
<thead><tr><th>Run</th><th>System</th><th>Advisory</th><th>Status</th><th>Mode</th><th>Profile</th><th>Finished</th><th>Artifacts</th></tr></thead>
<tbody id="rows"></tbody>
</table>
<script>
async function main() {
const [summary, runs, systems] = await Promise.all([
fetch('./summary.json').then(r => r.json()),
fetch('./runs.json').then(r => r.json()),
fetch('./systems.json').then(r => r.json())
]);
const summaryRoot = document.getElementById('summary');
const cards = [{label: 'Advisories', value: summary.advisory_count}, {label: 'Run Count', value: summary.run_count}];
for (const [key, value] of Object.entries(summary.statuses)) {
cards.push({label: key, value});
}
summaryRoot.innerHTML = cards.map(item => `<div class="card"><strong>${item.label}</strong><div style="font-size:2rem;margin-top:.5rem;">${item.value}</div></div>`).join('');
const systemRows = document.getElementById('systemRows');
systemRows.innerHTML = systems.map(item => `<tr><td><code>${item.system_id}</code></td><td>${item.total}</td><td>${item.verified_real}</td><td>${item.verified_synthetic}</td><td>${item.blocked}</td><td>${item.manual}</td><td>${item.browser_present}/${item.browser_required}</td><td>${item.latest_update || ''}</td></tr>`).join('');
const systemFilter = document.getElementById('systemFilter');
const statusFilter = document.getElementById('statusFilter');
const familyFilter = document.getElementById('familyFilter');
const search = document.getElementById('search');
const distinct = (values) => Array.from(new Set(values.filter(Boolean))).sort();
systemFilter.innerHTML += distinct(runs.map(item => item.system_id)).map(value => `<option value="${value}">${value}</option>`).join('');
statusFilter.innerHTML += distinct(runs.map(item => item.verification_status)).map(value => `<option value="${value}">${value}</option>`).join('');
familyFilter.innerHTML += distinct(runs.map(item => item.repro_profile_id)).map(value => `<option value="${value}">${value}</option>`).join('');
const rows = document.getElementById('rows');
function renderRows() {
const query = search.value.trim().toLowerCase();
const filtered = runs.filter(item => {
if (systemFilter.value && item.system_id !== systemFilter.value) return false;
if (statusFilter.value && item.verification_status !== statusFilter.value) return false;
if (familyFilter.value && item.repro_profile_id !== familyFilter.value) return false;
if (query) {
const haystack = `${item.run_id} ${item.advisory_id} ${item.system_id} ${item.repro_profile_id}`.toLowerCase();
if (!haystack.includes(query)) return false;
}
return true;
});
rows.innerHTML = filtered.map(item => {
const links = [];
if (item.dashboard_refs && item.dashboard_refs.report_html) links.push(`<a href="${item.dashboard_refs.report_html}">report</a>`);
if (item.dashboard_refs && item.dashboard_refs.timeline) links.push(`<a href="${item.dashboard_refs.timeline}">timeline</a>`);
if (item.dashboard_refs && item.dashboard_refs.bundle) links.push(`<a href="${item.dashboard_refs.bundle}">bundle</a>`);
if (item.browser_links && item.browser_links.length) links.push(`<a href="${item.browser_links[0]}">browser</a>`);
if (item.container_links && item.container_links.length) links.push(`<a href="${item.container_links[0]}">logs</a>`);
const reason = item.blocked_reason ? `<div class="muted">${item.blocked_reason}</div>` : '';
return `<tr><td><code>${item.run_id}</code>${reason}</td><td><code>${item.system_id}</code></td><td><code>${item.advisory_id}</code></td><td>${item.verification_status}</td><td>${item.verification_mode}</td><td><code>${item.repro_profile_id}</code></td><td>${item.finished_at || ''}</td><td>${links.join(' | ') || '-'}</td></tr>`;
}).join('');
}
[systemFilter, statusFilter, familyFilter, search].forEach(node => node.addEventListener('input', renderRows));
renderRows();
}
main();
</script>
<script src="./assets/app.js"></script>
</body>
</html>

513
08-threat-intel/generated/dashboard/profiles.json 普通文件
查看文件

@@ -0,0 +1,513 @@
{
"authz-bypass-generic": {
"profile_id": "authz-bypass-generic",
"vuln_family": "authz-bypass",
"provisioning_mode": "real",
"destructive_risk": "medium",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "official-image-or-source"
},
"success_criteria": [
"Protected route or action is evaluated with controlled credentials and logged."
],
"seed_actions": [
{
"kind": "note",
"message": "Create low-privilege and admin test users for server-side recheck validation."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Use minimal authorization bypass probes defined by case-specific runner or manual session tooling."
}
],
"browser_assertions": {
"required": false
},
"allowed_target_types": [
"lab-local",
"lab-public",
"authorized-third-party"
],
"required_services": [
"app"
]
},
"deserialization-generic": {
"profile_id": "deserialization-generic",
"vuln_family": "deserialization",
"provisioning_mode": "synthetic",
"destructive_risk": "high",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "source-or-synthetic"
},
"success_criteria": [
"Deserialization path is confirmed without executing destructive gadget chains."
],
"seed_actions": [
{
"kind": "note",
"message": "Use inert serialized payloads and do not execute gadget chains against non-lab targets."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Demonstrate unsafe decode path with inert object graph or marker token."
}
],
"browser_assertions": {
"required": false
},
"allowed_target_types": [
"lab-local",
"lab-public",
"authorized-third-party"
],
"required_services": [
"app"
]
},
"file-upload-generic": {
"profile_id": "file-upload-generic",
"vuln_family": "file-upload",
"provisioning_mode": "real",
"destructive_risk": "medium",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "official-image-or-source"
},
"success_criteria": [
"Upload acceptance or bypass path is demonstrated with reversible test artifacts."
],
"seed_actions": [
{
"kind": "note",
"message": "Use inert marker files and non-executable payloads by default."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Validate extension, storage path, and preview behavior using inert files."
}
],
"browser_assertions": {
"required": true
},
"allowed_target_types": [
"lab-local",
"lab-public",
"authorized-third-party"
],
"required_services": [
"app"
]
},
"misconfiguration-generic": {
"profile_id": "misconfiguration-generic",
"vuln_family": "misconfiguration",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "official-image-or-source"
},
"success_criteria": [
"Misconfiguration indicator is captured with HTTP or server evidence."
],
"seed_actions": [
{
"kind": "note",
"message": "Keep checks limited to target-local paths and configured lab endpoints."
}
],
"attack_actions": [
{
"kind": "tool",
"tool": "misconfig-lab",
"args": [
"--target",
"{target_url}",
"--evidence-dir",
"{evidence_dir}",
"--run-id",
"{run_id}",
"--case-id",
"{case_id}"
]
}
],
"browser_assertions": {
"required": false
},
"allowed_target_types": [
"lab-local",
"lab-public",
"authorized-third-party"
],
"required_services": [
"app"
]
},
"path-traversal-generic": {
"profile_id": "path-traversal-generic",
"vuln_family": "path-traversal",
"provisioning_mode": "real",
"destructive_risk": "medium",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "official-image-or-source"
},
"success_criteria": [
"Marker file outside intended root becomes reachable or denial path is confirmed."
],
"seed_actions": [
{
"kind": "note",
"message": "Use inert marker files inside isolated volume mounts only."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Validate canonicalization failures with marker files rather than real secrets."
}
],
"browser_assertions": {
"required": false
},
"allowed_target_types": [
"lab-local",
"lab-public",
"authorized-third-party"
],
"required_services": [
"app"
]
},
"plugin-extension-generic": {
"profile_id": "plugin-extension-generic",
"vuln_family": "plugin-extension",
"provisioning_mode": "synthetic",
"destructive_risk": "medium",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "ecosystem-package-or-synthetic"
},
"success_criteria": [
"Extension-specific attack path is demonstrated or blocked with artifact evidence."
],
"seed_actions": [
{
"kind": "note",
"message": "Prefer historical plugin/module package; fall back to synthetic isolated reproduction when unavailable."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Validate trust-boundary or input-handling weakness using isolated extension package only."
}
],
"browser_assertions": {
"required": true
},
"allowed_target_types": [
"lab-local",
"lab-public",
"authorized-third-party"
],
"required_services": [
"app"
]
},
"proxy-boundary-generic": {
"profile_id": "proxy-boundary-generic",
"vuln_family": "proxy-boundary",
"provisioning_mode": "real",
"destructive_risk": "medium",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "official-image-or-source"
},
"success_criteria": [
"Header trust discrepancy is captured with upstream/downstream logs."
],
"seed_actions": [
{
"kind": "note",
"message": "Log reverse-proxy and application headers before any trust-boundary test."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Perform minimal forwarded-header manipulation only inside isolated lab paths."
}
],
"browser_assertions": {
"required": false
},
"allowed_target_types": [
"lab-local",
"lab-public",
"authorized-third-party"
],
"required_services": [
"app"
]
},
"request-smuggling-generic": {
"profile_id": "request-smuggling-generic",
"vuln_family": "request-smuggling",
"provisioning_mode": "synthetic",
"destructive_risk": "high",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "synthetic-proxy-pair"
},
"success_criteria": [
"Proxy and backend parse disagreement is captured in evidence."
],
"seed_actions": [
{
"kind": "note",
"message": "Stand up isolated proxy/app pair only; do not forward to unrelated targets."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Run minimal ambiguous request probes and capture both proxy and app logs."
}
],
"browser_assertions": {
"required": false
},
"allowed_target_types": [
"lab-local",
"lab-public",
"authorized-third-party"
],
"required_services": [
"app"
]
},
"session-token-generic": {
"profile_id": "session-token-generic",
"vuln_family": "session-token",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "official-image-or-source"
},
"success_criteria": [
"Cookie, storage or fixation issue is captured with browser and header evidence."
],
"seed_actions": [
{
"kind": "note",
"message": "Seed only local demo identities and short-lived cookies/tokens."
}
],
"attack_actions": [
{
"kind": "tool",
"tool": "session-lab",
"args": [
"--target",
"{target_url}",
"--evidence-dir",
"{evidence_dir}",
"--run-id",
"{run_id}",
"--case-id",
"{case_id}"
]
}
],
"browser_assertions": {
"required": true
},
"allowed_target_types": [
"lab-local",
"lab-public",
"authorized-third-party"
],
"required_services": [
"app"
]
},
"sqli-generic": {
"profile_id": "sqli-generic",
"vuln_family": "sqli",
"provisioning_mode": "synthetic",
"destructive_risk": "medium",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "official-image-or-synthetic"
},
"success_criteria": [
"Time-based or error-based probe lands with non-destructive evidence."
],
"seed_actions": [
{
"kind": "note",
"message": "Keep seed data reversible and avoid destructive SQL mutations."
}
],
"attack_actions": [
{
"kind": "tool",
"tool": "sqli-scanner",
"args": [
"-u",
"{target_url}",
"--evidence-dir",
"{evidence_dir}",
"--run-id",
"{run_id}",
"--case-id",
"{case_id}"
]
}
],
"browser_assertions": {
"required": false
},
"allowed_target_types": [
"lab-local",
"lab-public",
"authorized-third-party"
],
"required_services": [
"app"
]
},
"ssrf-generic": {
"profile_id": "ssrf-generic",
"vuln_family": "ssrf",
"provisioning_mode": "real",
"destructive_risk": "medium",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "official-image-or-source"
},
"success_criteria": [
"Request sink receives expected callback without crossing authorization boundaries."
],
"seed_actions": [
{
"kind": "note",
"message": "Route callbacks to local sink endpoints only."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Exercise local sink endpoints, not external third-party destinations."
}
],
"browser_assertions": {
"required": false
},
"allowed_target_types": [
"lab-local",
"lab-public",
"authorized-third-party"
],
"required_services": [
"app"
]
},
"template-injection-generic": {
"profile_id": "template-injection-generic",
"vuln_family": "template-injection",
"provisioning_mode": "synthetic",
"destructive_risk": "medium",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "source-or-synthetic"
},
"success_criteria": [
"Template evaluation path is proven with harmless marker output."
],
"seed_actions": [
{
"kind": "note",
"message": "Keep expressions inert and avoid destructive primitives by default."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Validate expression evaluation with benign markers."
}
],
"browser_assertions": {
"required": false
},
"allowed_target_types": [
"lab-local",
"lab-public",
"authorized-third-party"
],
"required_services": [
"app"
]
},
"xss-generic": {
"profile_id": "xss-generic",
"vuln_family": "xss",
"provisioning_mode": "synthetic",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "official-image-or-synthetic"
},
"success_criteria": [
"Browser evidence confirms payload reflection or DOM sink execution path."
],
"seed_actions": [
{
"kind": "note",
"message": "Seed a low-privilege user and a review page when the target supports stored content."
}
],
"attack_actions": [
{
"kind": "tool",
"tool": "xss-fuzzer",
"args": [
"-u",
"{target_url}",
"--dom-scan",
"--check-csp",
"--evidence-dir",
"{evidence_dir}",
"--run-id",
"{run_id}",
"--case-id",
"{case_id}"
]
}
],
"browser_assertions": {
"required": true,
"strategy": "reflect-or-render"
},
"allowed_target_types": [
"lab-local",
"lab-public",
"authorized-third-party"
],
"required_services": [
"app"
]
}
}

414
08-threat-intel/generated/dashboard/runs.json
查看文件

@@ -101,7 +101,140 @@
},
"browser_links": [],
"container_links": [],
"request_links": []
"request_links": [],
"advisory_meta": {
"canonical_id": "gitea--CVE-2025-68939",
"title": "Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea",
"summary": "Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea",
"display_name": "Gitea",
"system_id": "gitea",
"category": "platforms",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"published_at": "2025-12-30T01:49:57Z",
"updated_at": "2026-03-03T04:57:48.777563Z",
"official_source_url": "https://github.com/advisories/GHSA-263q-5cv3-xq9g",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2025-68939",
"https://blog.gitea.com/release-of-1.23.0",
"https://github.com/go-gitea/gitea/pull/32151",
"https://github.com/go-gitea/gitea/releases/tag/v1.23.0"
],
"aliases": [
"BIT-gitea-2025-68939",
"CVE-2025-68939",
"GHSA-263q-5cv3-xq9g",
"GO-2025-4261"
],
"secure_code_topics": [
"authz-server-side-recheck",
"token-cookie-storage",
"proxy-trust-boundary",
"plugin-extension-trust-policy"
],
"verification_status": "blocked-artifact",
"verification_mode": "real",
"artifact_mode": "official-image",
"blocked_reason": "unable to get image 'gitea/gitea:1.22.6': Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running?",
"browser_evidence": {
"required": false,
"present": false,
"refs": []
}
},
"profile_meta": {
"profile_id": "file-upload-generic",
"vuln_family": "file-upload",
"provisioning_mode": "real",
"destructive_risk": "medium",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "official-image-or-source"
},
"success_criteria": [
"Upload acceptance or bypass path is demonstrated with reversible test artifacts."
],
"seed_actions": [
{
"kind": "note",
"message": "Use inert marker files and non-executable payloads by default."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Validate extension, storage path, and preview behavior using inert files."
}
],
"browser_assertions": {
"required": true
},
"allowed_target_types": [
"lab-local",
"lab-public",
"authorized-third-party"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea",
"Use inert marker files and non-executable payloads by default.",
"Validate extension, storage path, and preview behavior using inert files.",
"Upload acceptance or bypass path is demonstrated with reversible test artifacts.",
"Current blocker: unable to get image 'gitea/gitea:1.22.6': Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running?"
],
"progress": {
"completed": 3,
"skipped": 5,
"failed": 0,
"blocked": 1,
"planned": 0,
"other": 0
},
"artifact_groups": [
{
"key": "reports",
"label": "Reports",
"count": 4,
"items": [
{
"href": "./runs/gitea-livecheck-20260316/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "./runs/gitea-livecheck-20260316/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "./runs/gitea-livecheck-20260316/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "./runs/gitea-livecheck-20260316/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose",
"count": 1,
"items": [
{
"href": "./runs/gitea-livecheck-20260316/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
}
]
},
{
"run_id": "gitea-gitea--CVE-2025-68939-20260317063330",
@@ -144,6 +277,144 @@
"request_links": [
"./runs/gitea-gitea--CVE-2025-68939-20260317063330/logs/attack.json",
"./runs/gitea-gitea--CVE-2025-68939-20260317063330/logs/baseline.json"
],
"advisory_meta": {
"canonical_id": "gitea--CVE-2025-68939",
"title": "Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea",
"summary": "Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea",
"display_name": "Gitea",
"system_id": "gitea",
"category": "platforms",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"published_at": "2025-12-30T01:49:57Z",
"updated_at": "2026-03-03T04:57:48.777563Z",
"official_source_url": "https://github.com/advisories/GHSA-263q-5cv3-xq9g",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2025-68939",
"https://blog.gitea.com/release-of-1.23.0",
"https://github.com/go-gitea/gitea/pull/32151",
"https://github.com/go-gitea/gitea/releases/tag/v1.23.0"
],
"aliases": [
"BIT-gitea-2025-68939",
"CVE-2025-68939",
"GHSA-263q-5cv3-xq9g",
"GO-2025-4261"
],
"secure_code_topics": [
"authz-server-side-recheck",
"token-cookie-storage",
"proxy-trust-boundary",
"plugin-extension-trust-policy"
],
"verification_status": "blocked-artifact",
"verification_mode": "real",
"artifact_mode": "official-image",
"blocked_reason": "unable to get image 'gitea/gitea:1.22.6': Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running?",
"browser_evidence": {
"required": false,
"present": false,
"refs": []
}
},
"profile_meta": {
"profile_id": "file-upload-generic",
"vuln_family": "file-upload",
"provisioning_mode": "real",
"destructive_risk": "medium",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "official-image-or-source"
},
"success_criteria": [
"Upload acceptance or bypass path is demonstrated with reversible test artifacts."
],
"seed_actions": [
{
"kind": "note",
"message": "Use inert marker files and non-executable payloads by default."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Validate extension, storage path, and preview behavior using inert files."
}
],
"browser_assertions": {
"required": true
},
"allowed_target_types": [
"lab-local",
"lab-public",
"authorized-third-party"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea",
"Use inert marker files and non-executable payloads by default.",
"Validate extension, storage path, and preview behavior using inert files.",
"Upload acceptance or bypass path is demonstrated with reversible test artifacts.",
"Current blocker: unable to get image 'gitea/gitea:1.22.6': Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running?"
],
"progress": {
"completed": 0,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 0
},
"artifact_groups": [
{
"key": "reports",
"label": "Reports",
"count": 4,
"items": [
{
"href": "./runs/gitea-gitea--CVE-2025-68939-20260317063330/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "./runs/gitea-gitea--CVE-2025-68939-20260317063330/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "./runs/gitea-gitea--CVE-2025-68939-20260317063330/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "./runs/gitea-gitea--CVE-2025-68939-20260317063330/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "Request Logs",
"count": 2,
"items": [
{
"href": "./runs/gitea-gitea--CVE-2025-68939-20260317063330/logs/attack.json",
"label": "attack.json",
"kind": "text"
},
{
"href": "./runs/gitea-gitea--CVE-2025-68939-20260317063330/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
}
]
},
{
@@ -196,6 +467,147 @@
"request_links": [
"./runs/nextjs-nextjs--CVE-2025-29927-20260317063047/logs/attack.json",
"./runs/nextjs-nextjs--CVE-2025-29927-20260317063047/logs/baseline.json"
],
"advisory_meta": {
"canonical_id": "nextjs--CVE-2025-29927",
"title": "Authorization Bypass in Next.js Middleware",
"summary": "# Impact\nIt is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware.\n\n# Patches\n* For Next.js 15.x, this issue is fixed in `15.2.3`\n* For Next.js 14.x, this issue is fixed in `14.2.25`\n* For Next.js 13.x, this issue is fixed in 13.5.9\n* For Next.js 12.x, this issue is fixed in 12.3.5\n* For Next.js 11.x, consult the below workaround.\n\n_Note: Next.js deployments hosted on Vercel are automatically protected against this vulnerability._\n\n# Workaround\nIf patching to a safe version is infeasible, we recommend that you prevent external user requests which contain the `x-middleware-subrequest` header from reaching your Next.js application.\n\n## Credits\n\n- Allam Rachid (zhero;)\n- Allam Yasser (inzo_)",
"display_name": "Next.js",
"system_id": "nextjs",
"category": "frameworks",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"published_at": "2025-03-21T15:20:12Z",
"updated_at": "2026-03-04T15:06:29.993197Z",
"official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-f82v-jwr5-mffw",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2025-29927",
"https://github.com/vercel/next.js/commit/52a078da3884efe6501613c7834a3d02a91676d2",
"https://github.com/vercel/next.js/commit/5fd3ae8f8542677c6294f32d18022731eab6fe48",
"https://github.com/vercel/next.js",
"https://github.com/vercel/next.js/releases/tag/v12.3.5",
"https://github.com/vercel/next.js/releases/tag/v13.5.9",
"https://security.netapp.com/advisory/ntap-20250328-0002",
"https://vercel.com/changelog/vercel-firewall-proactively-protects-against-vulnerability-with-middleware",
"http://www.openwall.com/lists/oss-security/2025/03/23/3",
"http://www.openwall.com/lists/oss-security/2025/03/23/4"
],
"aliases": [
"CVE-2025-29927",
"GHSA-f82v-jwr5-mffw"
],
"secure_code_topics": [
"authz-server-side-recheck",
"proxy-trust-boundary",
"token-cookie-storage"
],
"verification_status": "triage-manual",
"verification_mode": "real",
"artifact_mode": "official-source",
"blocked_reason": "dry-run only",
"browser_evidence": {
"required": false,
"present": false,
"refs": []
}
},
"profile_meta": {
"profile_id": "authz-bypass-generic",
"vuln_family": "authz-bypass",
"provisioning_mode": "real",
"destructive_risk": "medium",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "official-image-or-source"
},
"success_criteria": [
"Protected route or action is evaluated with controlled credentials and logged."
],
"seed_actions": [
{
"kind": "note",
"message": "Create low-privilege and admin test users for server-side recheck validation."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Use minimal authorization bypass probes defined by case-specific runner or manual session tooling."
}
],
"browser_assertions": {
"required": false
},
"allowed_target_types": [
"lab-local",
"lab-public",
"authorized-third-party"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"# Impact\nIt is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware.\n\n# Patches\n* For Next.js 15.x, this issue is fixed in `15.2.3`\n* For Next.js 14.x, this issue is fixed in `14.2.25`\n* For Next.js 13.x, this issue is fixed in 13.5.9\n* For Next.js 12.x, this issue is fixed in 12.3.5\n* For Next.js 11.x, consult the below workaround.\n\n_Note: Next.js deployments hosted on Vercel are automatically protected against this vulnerability._\n\n# Workaround\nIf patching to a safe version is infeasible, we recommend that you prevent external user requests which contain the `x-middleware-subrequest` header from reaching your Next.js application.\n\n## Credits\n\n- Allam Rachid (zhero;)\n- Allam Yasser (inzo_)",
"Create low-privilege and admin test users for server-side recheck validation.",
"Use minimal authorization bypass probes defined by case-specific runner or manual session tooling.",
"Protected route or action is evaluated with controlled credentials and logged.",
"Current blocker: dry-run only"
],
"progress": {
"completed": 0,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 0
},
"artifact_groups": [
{
"key": "reports",
"label": "Reports",
"count": 4,
"items": [
{
"href": "./runs/nextjs-nextjs--CVE-2025-29927-20260317063047/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "./runs/nextjs-nextjs--CVE-2025-29927-20260317063047/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "./runs/nextjs-nextjs--CVE-2025-29927-20260317063047/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "./runs/nextjs-nextjs--CVE-2025-29927-20260317063047/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "Request Logs",
"count": 2,
"items": [
{
"href": "./runs/nextjs-nextjs--CVE-2025-29927-20260317063047/logs/attack.json",
"label": "attack.json",
"kind": "text"
},
{
"href": "./runs/nextjs-nextjs--CVE-2025-29927-20260317063047/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
}
]
}
]

5
08-threat-intel/generated/dashboard/summary.json
查看文件

@@ -1,5 +1,5 @@
{
"generated_at": "2026-03-17T07:06:50+00:00",
"generated_at": "2026-03-17T07:27:25+00:00",
"advisory_count": 89,
"run_count": 3,
"statuses": {
@@ -11,18 +11,21 @@
"run_id": "gitea-livecheck-20260316",
"advisory_id": "gitea--CVE-2025-68939",
"status": "blocked-artifact",
"title": "Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea",
"blocked_reason": "unable to get image 'gitea/gitea:1.22.6': Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running?"
},
{
"run_id": "gitea-gitea--CVE-2025-68939-20260317063330",
"advisory_id": "gitea--CVE-2025-68939",
"status": "blocked-artifact",
"title": "Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea",
"blocked_reason": "unable to get image 'gitea/gitea:1.22.6': Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running?"
},
{
"run_id": "nextjs-nextjs--CVE-2025-29927-20260317063047",
"advisory_id": "nextjs--CVE-2025-29927",
"status": "triage-manual",
"title": "Authorization Bypass in Next.js Middleware",
"blocked_reason": "dry-run only"
}
],

2
08-threat-intel/generated/latest-ingest.md
查看文件

@@ -1,6 +1,6 @@
# 最新同步摘要
- 渲染时间: `2026-03-17T07:06:50+00:00`
- 渲染时间: `2026-03-17T07:27:25+00:00`
- 系统数量: `62`
- Advisory 数量: `89`
- 重点 Markdown 数量: `89`

2
08-threat-intel/generated/run-summary.json
查看文件

@@ -1,5 +1,5 @@
{
"generated_at": "2026-03-17T07:06:50+00:00",
"generated_at": "2026-03-17T07:27:25+00:00",
"system_count": 62,
"advisory_count": 89,
"markdown_count": 89,

2
README.md
查看文件

@@ -6,6 +6,7 @@
## 入口
- [项目文档总览](/Users/x/websafe/docs/README.md)
- [目标边界与授权模型](/Users/x/websafe/09-scope-and-targeting/authorization-model.md)
- [主流开源 Web 系统安全总览](/Users/x/websafe/07-framework-security/README.md)
- [漏洞情报与自动入库总览](/Users/x/websafe/08-threat-intel/README.md)
@@ -27,6 +28,7 @@ websafe/
├── 07-framework-security/ # CMS、电商、框架、服务器、平台系统安全
├── 08-threat-intel/ # source-map、repro-map、registry、dashboard、订阅规则、自动入库
├── 09-scope-and-targeting/ # 授权模型、资产模板、测试记录模板
├── docs/ # 项目功能文档、前端设计文档与展示规范
├── requirements-intel.txt # intel + lab 自动化依赖(含 Playwright Python 包)
├── scripts/intel/ # hotlane / ingest / reconcile / backfill / open-pr CLI
└── scripts/lab/ # provision / baseline / attack / browser / evidence / render / queue CLI

19
docs/README.md 普通文件
查看文件

@@ -0,0 +1,19 @@
# 项目文档总览
> `LAB ONLY` | `AUTHORIZED TARGETS ONLY` | `NOT A PRODUCTION BASELINE`
本目录汇总本项目的功能说明、数据面说明和前端展示设计,服务于两个目标:
- 让仓库使用者快速理解“项目做什么、怎么跑、哪些能力已经落地”。
- 让本地 dashboard 的展示、交互、日志查看、折叠/展开和实时刷新有明确设计准则,不再只是临时页面。
## 文档入口
- [项目功能与特性总览](/Users/x/websafe/docs/project-features.md)
- [本地前端工作台设计文档](/Users/x/websafe/docs/frontend-dashboard-design.md)
## 文档边界
- 仅描述 `lab-local``lab-public``authorized-third-party` 三类授权目标下的功能与前端展示。
- 不把本仓库内容包装成生产安全最佳实践,也不为未授权互联网资产提供工作流语境。
- 页面中出现的利用、注入、日志、失败原因、源头链接和思路说明,均应绑定到授权实验或自有测试资产。

309
docs/frontend-dashboard-design.md 普通文件
查看文件

@@ -0,0 +1,309 @@
# 本地前端工作台设计文档
> `LAB ONLY` | `AUTHORIZED TARGETS ONLY`
## 1. 设计目标
本地 dashboard 要从“简单索引页”升级成“完整的授权攻防实证工作台”。它需要同时满足三类使用场景:
1. 运行中观察
- 看当前 run 进度
- 看失败原因和阻塞点
- 实时打开日志和证据
2. 复盘分析
- 查看 timeline、思路、利用路径、来源与修复主题
- 对比真实版本与 synthetic 复现差异
3. 审阅归档
- 从一个前端入口点进 `report.md`, `report.html`, `run.json`, 原始日志和截图
## 2. 页面定位
### 2.1 页面名称
- 页面名称:`Authorized Lab Dashboard`
- 页面语境:本地静态前端 + 本地文件 JSON 数据源
- 非目标:在线 SaaS、多用户后端、生产管理台
### 2.2 核心原则
- 所有展示都围绕授权目标
- 失败信息不能被隐藏在深层页面里
- 信息密度高,但必须可折叠、可筛选、可逐层展开
- 日志与原始 JSON 必须能直接预览
- 页面视觉应更生动,但不能牺牲扫描效率
## 3. 信息架构
```mermaid
flowchart LR
A["Hero + Global Status"] --> B["Sidebar Filters"]
A --> C["Run Queue List"]
C --> D["Run Detail Hero"]
D --> E["Progress Timeline"]
D --> F["Attack Plan & Reasoning"]
D --> G["Evidence Explorer"]
D --> H["Live Log Viewer"]
D --> I["Sources & Fix Topics"]
D --> J["Raw JSON Panels"]
```
## 4. 页面布局
### 4.1 顶部 Hero
必须展示:
- 页面名称
- 授权实验语境说明
- 刷新按钮
- 自动刷新开关
- 当前同步状态
- 核心 metric cards
视觉要求:
- 不能是纯白表格页
- 需要有分层背景、渐变光晕、轻微动态氛围
- 顶栏 sticky,滚动时仍可看到刷新和状态
### 4.2 左侧侧栏
包含四块:
- Filters
- 搜索
- system filter
- status filter
- profile filter
- Systems
- 系统覆盖度
- browser evidence 覆盖
- latest update
- Recent Failures
- 最近 blocker
- status
- 原因摘要
- Run Queue View
- 最近 run 卡片列表
- 可选中并切换到 detail panel
### 4.3 右侧 Detail Workspace
必须包含:
- Run Hero
- advisory 标题
- system / profile / artifact / verification 状态
- report / bundle / markdown 入口
- Progress Timeline
- 每一步的时间、状态、说明
- Attack Plan & Reasoning
- success criteria
- seed / attack notes
- failure reason
- 当前 blocker
- Evidence Explorer
- reports
- compose
- browser evidence
- request logs
- container logs
- Live Log Viewer
- 预览 text/json/html/image
- refresh preview
- open artifact
- Sources & Fix Topics
- official source
- secondary sources
- aliases
- secure code topics
- Raw JSON
- run JSON
- advisory JSON
- profile JSON
## 5. 交互要求
### 5.1 折叠 / 展开
所有 detail 分区都应支持折叠:
- Progress Timeline
- Attack Plan & Reasoning
- Evidence Explorer
- Live Log Viewer
- Sources & Fix Topics
- Raw JSON sections
折叠要求:
- 默认展开常用分区
- 次级原始数据可以默认收起
- 折叠状态视觉要清晰,不靠小箭头弱提示
### 5.2 Run 切换
- 点击左侧 run card 后,右侧 detail panel 即时刷新
- 当前选中项要有强视觉区别
- URL hash 应保留 `#run=<id>`,方便直接打开特定 run
### 5.3 Artifact 预览
点击 artifact button 后:
- JSON 自动格式化
- 日志文件以 `<pre>` 方式显示
- 图片以内联方式展示
- HTML 报告可 iframe 预览或新窗口打开
### 5.4 自动刷新
- 默认每 5 秒刷新一次 dashboard JSON
- 用户可以关闭自动刷新
- 当前正在查看的 artifact 在自动刷新开启时应支持重新抓取
### 5.5 失败原因高亮
对于 `blocked-*``triage-manual`
- 顶部 hero 要显示状态 pill
- reasoning 面板要显示 failure callout
- 左侧 Recent Failures 要保留最近失败摘要
## 6. 展示字段清单
### 6.1 Hero 区
- run_id
- advisory_id
- advisory title
- verification_status
- verification_mode
- artifact_mode
- system_id
- repro_profile_id
- finished_at
### 6.2 Timeline 区
- `timeline[].at`
- `timeline[].step`
- `timeline[].status`
- `timeline[].detail`
### 6.3 Reasoning 区
- advisory summary
- profile seed messages
- profile attack messages
- profile success criteria
- blocked reason
### 6.4 Sources 区
- official_source_url
- secondary_source_urls
- aliases
- secure_code_topics
### 6.5 Evidence 区
- report.html
- report.md
- timeline.mmd
- bundle json
- compose.yaml
- browser screenshots / DOM / console / network
- request logs
- container logs
## 7. 动效与视觉要求
### 7.1 必须有的视觉增强
- 顶部背景渐变和环境光
- status pill 发光色彩区分
- 卡片 hover 浮起
- sticky hero
- 折叠面板开合层次
- gallery 缩略图点击查看
### 7.2 推荐但必须受控
- 状态小圆点 pulse
- 背景网格或轻微数据面纹理
- 面板玻璃感和浅透视阴影
### 7.3 不允许
- 花哨但影响可读性的动画
- 大面积纯装饰 3D 效果
- 自动播放噪音式动效
- 让日志区难以复制文本的视觉处理
## 8. 实时日志与细节查看要求
### 8.1 日志查看器
日志查看器必须支持:
- 选中文件后即刻预览
- JSON 格式化
- text/json/html/image 四类预览
- 打开原文件
- 在自动刷新开启时重新抓取当前文件
### 8.2 重点要看的日志
- compose / environment 文件
- baseline / attack / browser json
- container logs
- request logs
- timeline / bundle
### 8.3 失败排查导向
失败时应优先展示:
- `blocked_reason`
- 当前 step
- 上一个完成 step
- 当前可打开的日志 / 报告 / run bundle
- 对应 advisory 来源与 profile success criteria
## 9. 数据源契约
前端依赖的本地 JSON/文件源:
- `summary.json`
- `runs.json`
- `systems.json`
- `advisories.json`
- `profiles.json`
- `runs/<run-id>/report.html`
- `runs/<run-id>/report.md`
- `runs/<run-id>/run.json`
- `runs/<run-id>/logs/*`
- `runs/<run-id>/assets/*`
前端不直接写这些数据,只读取并展示。
## 10. 落地约束
- 保持静态前端,不引入长期运行后端
- 本地 `serve-dashboard` 即可查看
- 对于正在跑的 case,前端通过轮询读取新 JSON 实现“近实时”
- 不依赖第三方 CDN UI 库
- 优先使用原生 HTML/CSS/JS,可长期维护
## 11. 验收标准
页面完成后,应满足:
- 能从 run list 切换到 detail panel
- 能折叠与展开各信息区
- 能打开并预览 JSON / text / image / html artifact
- 能看到失败原因、思路、来源、修复主题
- 能筛选 system / status / profile
- 能在自动刷新开启时重新载入 dashboard 数据
- 页面视觉比“普通表格页”更生动,但仍适合高密度阅读

162
docs/project-features.md 普通文件
查看文件

@@ -0,0 +1,162 @@
# 项目功能与特性总览
> `LAB ONLY` | `AUTHORIZED TARGETS ONLY`
## 1. 项目定位
`websafe` 是一套“授权攻防实验与研究知识库 + 本地实证系统”。它不是生产安全基线库,也不是面向任意第三方站点的扫描平台。
项目覆盖:
- 本地靶场、Docker 集群、内网实验节点
- 自建且可公网访问的测试网站、服务器、设备
- 已明确授权的验证性测试目标
项目不覆盖:
- 无归属证明、无授权的公网资产
- 公共知名网站
- 泛互联网画像、枚举、对外大规模探测
## 2. 功能版图
### 2.1 情报与入库
- `08-threat-intel/source-map.yaml`
- 定义系统范围、来源、覆盖策略、输出目录、secure-code 主题
- `08-threat-intel/repro-map.yaml`
- 定义系统到 repro family、浏览器要求、日志策略和报告模板的映射
- `08-threat-intel/repro-profiles/`
- family 级和 advisory 级复现说明
- `08-threat-intel/registry/`
- advisory、system、run、triage 的唯一真值层
- `08-threat-intel/generated/`
- coverage matrix、latest ingest、dashboard 等人类可读产物
### 2.2 本地实证与编排
- `00-environments/catalog/`
- 记录系统、镜像、源码、依赖和健康检查的 catalog
- `00-environments/profiles/`
- 记录具体版本或 current profile 的 compose / baseline / seed 参数
- `scripts/lab/main.py`
- 唯一 lab CLI 入口
- `scripts/lab/`
- `catalog`, `provision`, `compose`, `seed`, `baseline`, `attack`, `browser`, `evidence`, `render`, `queue`, `validators`
### 2.3 攻击验证工具
- `01-sql-injection/`
- `sqli-scanner.py`, `blind-sqli.py`, `sqli-exploit.go`
- `02-xss/`
- `xss-fuzzer.py`, `xss-scanner.go`
- `03-authentication/`
- `web-brute.py`, `jwt-cracker.py`, `session-lab.py`
- `04-server-security/`
- `port-scanner.py`, `tls-scanner.py`, `site-scope-mapper.py`, `misconfig-lab.py`
### 2.4 结果展示
- `06-case-studies/generated-runs/<run-id>/`
- `report.md`, `report.html`, `timeline.mmd`, `assets/`, `logs/`
- `08-threat-intel/generated/dashboard/`
- 静态前端工作台
- `07-framework-security/`
- 系统级 README、INDEX、案例页,自动显示本地实证状态
## 3. 数据流与自动化链路
```mermaid
flowchart LR
A["Threat Intel Sources"] --> B["registry/advisories"]
B --> C["repro-map + repro-profiles"]
C --> D["00-environments catalog/profiles"]
D --> E["scripts/lab run-case / run-batch"]
E --> F["generated-runs/<run-id>"]
F --> G["registry/runs"]
G --> H["case pages / system INDEX"]
G --> I["dashboard JSON + local UI"]
H --> J["README / docs / PR"]
I --> J
```
## 4. 关键特性
### 4.1 完整覆盖语义
- 每条 advisory 至少进入 `registry/advisories`
- 每条 advisory 必须有明确的实证状态
- 状态只允许:
- `verified-real`
- `verified-synthetic`
- `blocked-artifact`
- `blocked-destructive`
- `triage-manual`
### 4.2 浏览器证据强制
- XSS、DOM XSS、Token 存储、前端路由绕过、前端配置暴露等浏览器类 case
- 必须生成截图
- 必须生成 DOM 快照
- 必须生成 console / network 证据
- 没有浏览器证据不得升级为 `verified-*`
### 4.3 受控攻击语义
- 默认模式是 `minimal-proof`
- 只读探测、最小化注入、可审计回显、可回滚验证
- 破坏性利用、越权下载真实数据、不可回滚行为默认禁用
### 4.4 双展示面
- 静态归档报告
- 适合证据留存、归档、PR 审阅
- 本地前端工作台
- 适合实时查看进度、日志、失败原因、来源、思路、截图和原始 JSON
### 4.5 自动化提交
- `scripts/intel/run-hourly.sh`
- hotlane ingest + hotlane repro
- `scripts/intel/run-nightly.sh`
- 常规 ingest + batch repro + render + validate + PR
- `scripts/intel/run-weekly-reconcile.sh`
- reconcile + retry failures + rerender + validate + PR
## 5. CLI 能力
### 5.1 Intel CLI
```bash
python3 /Users/x/websafe/scripts/intel/main.py hotlane
python3 /Users/x/websafe/scripts/intel/main.py ingest --since last-success
python3 /Users/x/websafe/scripts/intel/main.py reconcile
python3 /Users/x/websafe/scripts/intel/main.py render
python3 /Users/x/websafe/scripts/intel/main.py validate
python3 /Users/x/websafe/scripts/intel/main.py open-pr --dry-run
```
### 5.2 Lab CLI
```bash
python3 /Users/x/websafe/scripts/lab/main.py catalog sync
python3 /Users/x/websafe/scripts/lab/main.py validate
python3 /Users/x/websafe/scripts/lab/main.py run-case --case gitea--CVE-2025-68939
python3 /Users/x/websafe/scripts/lab/main.py run-case --case nextjs--CVE-2025-29927 --dry-run
python3 /Users/x/websafe/scripts/lab/main.py run-batch --limit 10
python3 /Users/x/websafe/scripts/lab/main.py serve-dashboard --port 8734
```
## 6. 前端工作台当前目标
前端不只是“一个结果页”,而是本地实验控制台与证据阅读器。它需要:
- 快速定位系统 / advisory / repro profile
- 折叠与展开 timeline、evidence、sources、raw JSON
- 直接查看 compose、JSON、日志、截图、报告
- 高亮失败原因、当前 blocker、利用思路、成功判据
- 自动刷新生成数据,适配正在进行中的本地 run
详细设计见:
- [本地前端工作台设计文档](/Users/x/websafe/docs/frontend-dashboard-design.md)

5
scripts/intel/validators.py
查看文件

@@ -84,6 +84,11 @@ def validate(source_map: Dict[str, Any]) -> List[str]:
GENERATED_DIR / "dashboard" / "index.html",
GENERATED_DIR / "dashboard" / "summary.json",
GENERATED_DIR / "dashboard" / "systems.json",
GENERATED_DIR / "dashboard" / "runs.json",
GENERATED_DIR / "dashboard" / "advisories.json",
GENERATED_DIR / "dashboard" / "profiles.json",
GENERATED_DIR / "dashboard" / "assets" / "app.js",
GENERATED_DIR / "dashboard" / "assets" / "styles.css",
ROOT / "08-threat-intel" / "registry" / "source-confidence.md",
]:
if not path.exists():

1479
scripts/lab/render.py
查看文件

文件差异内容过多而无法显示 加载差异