58 行
3.2 KiB
Markdown
58 行
3.2 KiB
Markdown
# 全库 Advisory 完整度报告
|
|
|
|
- 生成时间: `2026-03-18T18:39:23+00:00`
|
|
- 最新 advisory 完整度: `89/1498` `verified-real`
|
|
- 合成验证数量: `0`
|
|
- 阻塞数量: `0`
|
|
- 人工/待补证据数量: `1409`
|
|
- 完整度百分比: `5.9%`
|
|
- active source 全绿: `15/15`
|
|
- source open alerts: `0`
|
|
- 最近一次 source 全绿: `2026-03-18T18:26:42+00:00`
|
|
|
|
## 系统覆盖矩阵
|
|
|
|
| 系统 | 总数 | verified-real | verified-synthetic | blocked | manual | family 覆盖 |
|
|
| --- | ---: | ---: | ---: | ---: | ---: | --- |
|
|
| adobe-commerce | 81 | 0 | 0 | 0 | 81 | xss(0/81) |
|
|
| apache-httpd | 135 | 0 | 0 | 0 | 135 | authz-bypass(0/1), file-upload(0/1), proxy-boundary(0/128), ssrf(0/1), xss(0/4) |
|
|
| apache-tomcat | 136 | 0 | 0 | 0 | 136 | authz-bypass(0/108), file-upload(0/2), path-traversal(0/3), plugin-extension(0/5), proxy-boundary(0/1), session-token(0/4), xss(0/13) |
|
|
| drupal | 70 | 0 | 0 | 0 | 70 | xss(0/70) |
|
|
| gitea | 37 | 37 | 0 | 0 | 0 | authz-bypass(3/3), file-upload(2/2), proxy-boundary(26/26), ssrf(1/1), xss(5/5) |
|
|
| joomla | 100 | 0 | 0 | 0 | 100 | xss(0/100) |
|
|
| magento-open-source | 101 | 0 | 0 | 0 | 101 | authz-bypass(0/1), file-upload(0/3), plugin-extension(0/78), sqli(0/1), xss(0/18) |
|
|
| nextjs | 66 | 26 | 0 | 0 | 40 | authz-bypass(2/2), deserialization(1/1), proxy-boundary(19/55), request-smuggling(0/3), ssrf(2/2), xss(2/3) |
|
|
| nginx | 110 | 0 | 0 | 0 | 110 | authz-bypass(0/2), proxy-boundary(0/107), sqli(0/1) |
|
|
| nodejs | 8 | 0 | 0 | 0 | 8 | ssrf(0/8) |
|
|
| nuxt | 28 | 0 | 0 | 0 | 28 | proxy-boundary(0/26), xss(0/2) |
|
|
| opencart | 100 | 0 | 0 | 0 | 100 | deserialization(0/3), plugin-extension(0/69), sqli(0/12), ssrf(0/1), template-injection(0/1), xss(0/14) |
|
|
| prestashop | 112 | 0 | 0 | 0 | 112 | file-upload(0/1), plugin-extension(0/91), sqli(0/4), xss(0/16) |
|
|
| react | 21 | 0 | 0 | 0 | 21 | xss(0/21) |
|
|
| shopware | 71 | 0 | 0 | 0 | 71 | authz-bypass(0/2), deserialization(0/1), plugin-extension(0/55), sqli(0/2), ssrf(0/1), xss(0/10) |
|
|
| undici | 14 | 14 | 0 | 0 | 0 | ssrf(14/14) |
|
|
| vite | 42 | 12 | 0 | 0 | 30 | proxy-boundary(11/39), xss(1/3) |
|
|
| vue | 15 | 0 | 0 | 0 | 15 | xss(0/15) |
|
|
| woocommerce | 111 | 0 | 0 | 0 | 111 | xss(0/111) |
|
|
| wordpress | 140 | 0 | 0 | 0 | 140 | xss(0/140) |
|
|
|
|
## 历史阻塞项修复纪要
|
|
|
|
- Docker daemon unavailable caused provision-compose-environment blocked-artifact.
|
|
- Family profiles previously used note-only attack runners and dry-run placeholders.
|
|
- Baseline and browser steps were skipped when environment readiness was not enforced.
|
|
- Latest completeness now uses one advisory -> latest run semantics instead of historical run piles.
|
|
- Source health now counts only status=active sources; retired sources are audited separately with replacement links.
|
|
|
|
## Ingest / Source 健康度
|
|
|
|
- source failures: `0`
|
|
- active sources: `15`
|
|
- green sources: `15`
|
|
- open alerts: `0`
|
|
|
|
## 剩余风险说明
|
|
|
|
- 本报告按 advisory 的最新 run 计算;历史失败 run 仅保留审计价值,不再污染完整度数字。
|
|
- `browser_required=true` 的案例必须同时存在基线与攻击后浏览器证据,缺失则不会进入 `verified-real`。
|
|
- source collector 健康度单独计数;只有当 failures 归零时,报告与 dashboard 才算真正全绿。
|