feat: 新增补丁管理和异常检测插件及相关功能

feat(protocol): 添加补丁管理和行为指标协议类型 feat(client): 实现补丁管理插件采集功能 feat(server): 添加补丁管理和异常检测API feat(database): 新增补丁状态和异常检测相关表 feat(web): 添加补丁管理和异常检测前端页面 fix(security): 增强输入验证和防注入保护 refactor(auth): 重构认证检查逻辑 perf(service): 优化Windows服务恢复策略 style: 统一健康评分显示样式 docs: 更新知识库文档
2026-04-11 15:59:53 +08:00
parent b5333d8c93
commit 60ee38a3c2
49 changed files with 3988 additions and 461 deletions
--- a/crates/client/src/asset/mod.rs
+++ b/crates/client/src/asset/mod.rs
@@ -121,6 +121,14 @@ fn collect_system_details() -> (Option<String>, Option<String>, Option<String>)
 #[cfg(target_os = "windows")]
 fn powershell_lines(command: &str) -> Vec<String> {
    use std::process::Command;
+
+    // Reject commands containing suspicious patterns that could indicate injection
+    let lower = command.to_lowercase();
+    if lower.contains("invoke-expression") || lower.contains("iex ") || lower.contains("& ") {
+        tracing::warn!("Rejected suspicious PowerShell command pattern");
+        return Vec::new();
+    }
+
    let output = match Command::new("powershell")
        .args(["-NoProfile", "-NonInteractive", "-Command",
            &format!("[Console]::OutputEncoding = [System.Text.Encoding]::UTF8; {}", command)])