websafe-kb/08-threat-intel/generated/dashboard/docs/testing-completeness-report.html

<!doctype html>
<html lang="zh-CN">
<head>
  <meta charset="utf-8">
  <meta name="viewport" content="width=device-width, initial-scale=1">
  <title>中文完整度报告</title>
  <style>
    :root {
      --bg: #08111f;
      --panel: rgba(9, 18, 32, 0.9);
      --border: rgba(137, 171, 214, 0.2);
      --text: #f7fafc;
      --muted: #9fb3ca;
      --accent: #5eead4;
    }
    * { box-sizing: border-box; }
    body {
      margin: 0;
      min-height: 100vh;
      font-family: "IBM Plex Sans", "Segoe UI", sans-serif;
      color: var(--text);
      background:
        radial-gradient(circle at top left, rgba(94, 234, 212, 0.12), transparent 26%),
        linear-gradient(160deg, #050c16 0%, #091526 50%, #10233d 100%);
    }
    main {
      max-width: 1080px;
      margin: 0 auto;
      padding: 32px 20px 40px;
    }
    .panel {
      background: var(--panel);
      border: 1px solid var(--border);
      border-radius: 20px;
      padding: 24px;
      box-shadow: 0 24px 80px rgba(1, 7, 20, 0.45);
    }
    .actions {
      display: flex;
      flex-wrap: wrap;
      gap: 12px;
      margin-bottom: 18px;
    }
    .chip {
      display: inline-flex;
      align-items: center;
      gap: 8px;
      border-radius: 999px;
      border: 1px solid var(--border);
      padding: 10px 14px;
      color: var(--text);
      background: rgba(255,255,255,0.05);
      text-decoration: none;
    }
    .chip:hover { border-color: rgba(94, 234, 212, 0.42); }
    h1 {
      margin: 0 0 12px;
      font-family: "IBM Plex Serif", Georgia, serif;
      font-size: clamp(1.8rem, 4vw, 3rem);
      line-height: 1.08;
    }
    .meta {
      color: var(--muted);
      margin-bottom: 18px;
    }
    pre {
      margin: 0;
      padding: 20px;
      overflow: auto;
      border-radius: 16px;
      border: 1px solid rgba(137, 171, 214, 0.12);
      background: rgba(2, 8, 22, 0.84);
      color: #d6e5f5;
      font-family: "IBM Plex Mono", "SFMono-Regular", monospace;
      font-size: 0.92rem;
      line-height: 1.6;
      white-space: pre-wrap;
    }
  </style>
</head>
<body>
  <main>
    <div class="panel">
      <div class="actions">
        <a class="chip" href="/overview/index.html">返回工作台</a>
      </div>
      <h1>中文完整度报告</h1>
      <div class="meta">工作台内置镜像页：89 条 advisory 最新完整度、family 矩阵与 ingest 健康度。</div>
      <pre># 全库 Advisory 完整度报告

- 生成时间: `2026-03-18T21:16:46+00:00`
- 最新 advisory 完整度: `89/2392` `verified-real`
- 合成验证数量: `0`
- 阻塞数量: `0`
- 人工/待补证据数量: `2303`
- 完整度百分比: `3.7%`
- active source 全绿: `125/125`
- source open alerts: `0`
- 最近一次 source 全绿: `2026-03-18T21:09:25+00:00`

## 系统覆盖矩阵

| 系统 | 总数 | verified-real | verified-synthetic | blocked | manual | family 覆盖 |
| --- | ---: | ---: | ---: | ---: | ---: | --- |
| adminer | 2 | 0 | 0 | 0 | 2 | xss(0/2) |
| adobe-commerce | 81 | 0 | 0 | 0 | 81 | xss(0/81) |
| angular | 2 | 0 | 0 | 0 | 2 | xss(0/2) |
| apache-httpd | 135 | 0 | 0 | 0 | 135 | authz-bypass(0/1), file-upload(0/1), proxy-boundary(0/128), ssrf(0/1), xss(0/4) |
| apache-tomcat | 136 | 0 | 0 | 0 | 136 | authz-bypass(0/108), file-upload(0/2), path-traversal(0/3), plugin-extension(0/5), proxy-boundary(0/1), session-token(0/4), xss(0/13) |
| aspnet-core | 3 | 0 | 0 | 0 | 3 | xss(0/3) |
| astro | 14 | 0 | 0 | 0 | 14 | authz-bypass(0/1), file-upload(0/2), path-traversal(0/1), proxy-boundary(0/3), xss(0/7) |
| caddy | 27 | 0 | 0 | 0 | 27 | authz-bypass(0/5), file-upload(0/1), proxy-boundary(0/21) |
| directus | 29 | 0 | 0 | 0 | 29 | authz-bypass(0/3), file-upload(0/1), session-token(0/24), xss(0/1) |
| discourse | 30 | 0 | 0 | 0 | 30 | xss(0/30) |
| django | 82 | 0 | 0 | 0 | 82 | xss(0/82) |
| drupal | 70 | 0 | 0 | 0 | 70 | xss(0/70) |
| echo | 2 | 0 | 0 | 0 | 2 | authz-bypass(0/1), ssrf(0/1) |
| esbuild | 1 | 0 | 0 | 0 | 1 | file-upload(0/1) |
| express | 1 | 0 | 0 | 0 | 1 | xss(0/1) |
| fastify | 1 | 0 | 0 | 0 | 1 | xss(0/1) |
| flask | 1 | 0 | 0 | 0 | 1 | xss(0/1) |
| ghost | 23 | 0 | 0 | 0 | 23 | xss(0/23) |
| gin | 1 | 0 | 0 | 0 | 1 | xss(0/1) |
| gitea | 50 | 37 | 0 | 0 | 13 | authz-bypass(3/3), file-upload(2/2), proxy-boundary(26/39), ssrf(1/1), xss(5/5) |
| gitlab-ce | 55 | 0 | 0 | 0 | 55 | deserialization(0/55) |
| grafana | 60 | 0 | 0 | 0 | 60 | xss(0/60) |
| hapi | 1 | 0 | 0 | 0 | 1 | proxy-boundary(0/1) |
| haproxy | 6 | 0 | 0 | 0 | 6 | proxy-boundary(0/6) |
| jenkins | 60 | 0 | 0 | 0 | 60 | deserialization(0/60) |
| joomla | 100 | 0 | 0 | 0 | 100 | xss(0/100) |
| kibana | 41 | 0 | 0 | 0 | 41 | xss(0/41) |
| koa | 1 | 0 | 0 | 0 | 1 | xss(0/1) |
| laravel | 2 | 0 | 0 | 0 | 2 | xss(0/2) |
| magento-open-source | 89 | 0 | 0 | 0 | 89 | authz-bypass(0/1), file-upload(0/3), plugin-extension(0/67), sqli(0/1), xss(0/17) |
| mattermost | 20 | 0 | 0 | 0 | 20 | xss(0/20) |
| mediawiki | 70 | 0 | 0 | 0 | 70 | xss(0/70) |
| medusa | 15 | 0 | 0 | 0 | 15 | session-token(0/15) |
| moodle | 40 | 0 | 0 | 0 | 40 | xss(0/40) |
| nestjs | 2 | 0 | 0 | 0 | 2 | ssrf(0/2) |
| nextjs | 66 | 26 | 0 | 0 | 40 | authz-bypass(2/2), deserialization(1/1), proxy-boundary(19/55), request-smuggling(0/3), ssrf(2/2), xss(2/3) |
| nginx | 110 | 0 | 0 | 0 | 110 | authz-bypass(0/2), proxy-boundary(0/107), sqli(0/1) |
| nodejs | 8 | 0 | 0 | 0 | 8 | ssrf(0/8) |
| nuxt | 28 | 0 | 0 | 0 | 28 | proxy-boundary(0/26), xss(0/2) |
| opencart | 100 | 0 | 0 | 0 | 100 | deserialization(0/3), plugin-extension(0/69), sqli(0/12), ssrf(0/1), template-injection(0/1), xss(0/14) |
| openmage | 27 | 0 | 0 | 0 | 27 | plugin-extension(0/22), xss(0/5) |
| phpmyadmin | 50 | 0 | 0 | 0 | 50 | xss(0/50) |
| prestashop | 112 | 0 | 0 | 0 | 112 | file-upload(0/1), plugin-extension(0/91), sqli(0/4), xss(0/16) |
| rails | 42 | 0 | 0 | 0 | 42 | xss(0/42) |
| react | 21 | 0 | 0 | 0 | 21 | xss(0/21) |
| redmine | 50 | 0 | 0 | 0 | 50 | xss(0/50) |
| saleor | 24 | 0 | 0 | 0 | 24 | plugin-extension(0/1), session-token(0/22), xss(0/1) |
| shopware | 71 | 0 | 0 | 0 | 71 | authz-bypass(0/2), deserialization(0/1), plugin-extension(0/55), sqli(0/2), ssrf(0/1), xss(0/10) |
| spring-boot | 2 | 0 | 0 | 0 | 2 | authz-bypass(0/1), proxy-boundary(0/1) |
| spring-framework | 11 | 0 | 0 | 0 | 11 | authz-bypass(0/1), deserialization(0/9), sqli(0/1) |
| spring-security | 3 | 0 | 0 | 0 | 3 | authz-bypass(0/1), proxy-boundary(0/2) |
| strapi | 26 | 0 | 0 | 0 | 26 | authz-bypass(0/1), session-token(0/25) |
| sveltekit | 3 | 0 | 0 | 0 | 3 | deserialization(0/3) |
| symfony | 9 | 0 | 0 | 0 | 9 | xss(0/9) |
| traefik | 43 | 0 | 0 | 0 | 43 | authz-bypass(0/3), file-upload(0/2), proxy-boundary(0/37), request-smuggling(0/1) |
| undici | 23 | 14 | 0 | 0 | 9 | authz-bypass(0/1), ssrf(14/22) |
| vite | 42 | 12 | 0 | 0 | 30 | proxy-boundary(11/39), xss(1/3) |
| vue | 15 | 0 | 0 | 0 | 15 | xss(0/15) |
| webpack | 1 | 0 | 0 | 0 | 1 | file-upload(0/1) |
| werkzeug | 1 | 0 | 0 | 0 | 1 | proxy-boundary(0/1) |
| woocommerce | 111 | 0 | 0 | 0 | 111 | xss(0/111) |
| wordpress | 140 | 0 | 0 | 0 | 140 | xss(0/140) |

## 历史阻塞项修复纪要

- Docker daemon unavailable caused provision-compose-environment blocked-artifact.
- Family profiles previously used note-only attack runners and dry-run placeholders.
- Baseline and browser steps were skipped when environment readiness was not enforced.
- Latest completeness now uses one advisory -&gt; latest run semantics instead of historical run piles.
- Source health now counts only status=active sources; retired sources are audited separately with replacement links.

## Ingest / Source 健康度

- source failures: `0`
- active sources: `125`
- green sources: `125`
- open alerts: `0`

## 剩余风险说明

- 本报告按 advisory 的最新 run 计算；历史失败 run 仅保留审计价值，不再污染完整度数字。
- `browser_required=true` 的案例必须同时存在基线与攻击后浏览器证据，缺失则不会进入 `verified-real`。
- source collector 健康度单独计数；只有当 failures 归零时，报告与 dashboard 才算真正全绿。
</pre>
    </div>
  </main>
</body>
</html>