feat: 新增补丁管理和异常检测插件及相关功能

feat(protocol): 添加补丁管理和行为指标协议类型 feat(client): 实现补丁管理插件采集功能 feat(server): 添加补丁管理和异常检测API feat(database): 新增补丁状态和异常检测相关表 feat(web): 添加补丁管理和异常检测前端页面 fix(security): 增强输入验证和防注入保护 refactor(auth): 重构认证检查逻辑 perf(service): 优化Windows服务恢复策略 style: 统一健康评分显示样式 docs: 更新知识库文档
2026-04-11 15:59:53 +08:00
parent b5333d8c93
commit 60ee38a3c2
49 changed files with 3988 additions and 461 deletions
--- a/migrations/017_device_health_scores.sql
+++ b/migrations/017_device_health_scores.sql
@@ -0,0 +1,20 @@
+-- 017_device_health_scores.sql: Device health scoring system
+
+CREATE TABLE IF NOT EXISTS device_health_scores (
+    id                  INTEGER PRIMARY KEY AUTOINCREMENT,
+    device_uid          TEXT NOT NULL REFERENCES devices(device_uid) ON DELETE CASCADE,
+    score               INTEGER NOT NULL DEFAULT 0 CHECK(score >= 0 AND score <= 100),
+    status_score        INTEGER NOT NULL DEFAULT 0,
+    encryption_score    INTEGER NOT NULL DEFAULT 0,
+    load_score          INTEGER NOT NULL DEFAULT 0,
+    alert_score         INTEGER NOT NULL DEFAULT 0,
+    compliance_score    INTEGER NOT NULL DEFAULT 0,
+    patch_score         INTEGER NOT NULL DEFAULT 0,
+    level               TEXT NOT NULL DEFAULT 'unknown' CHECK(level IN ('healthy', 'warning', 'critical', 'unknown')),
+    details             TEXT,
+    computed_at         TEXT NOT NULL DEFAULT (datetime('now')),
+    UNIQUE(device_uid)
+);
+
+CREATE INDEX IF NOT EXISTS idx_health_scores_level ON device_health_scores(level);
+CREATE INDEX IF NOT EXISTS idx_health_scores_computed ON device_health_scores(computed_at);
--- a/migrations/018_patch_management.sql
+++ b/migrations/018_patch_management.sql
@@ -0,0 +1,59 @@
+-- 018_patch_management.sql: Patch management system
+
+CREATE TABLE IF NOT EXISTS patch_status (
+    id              INTEGER PRIMARY KEY AUTOINCREMENT,
+    device_uid      TEXT NOT NULL REFERENCES devices(device_uid) ON DELETE CASCADE,
+    kb_id           TEXT NOT NULL,
+    title           TEXT NOT NULL,
+    severity        TEXT,
+    is_installed    INTEGER NOT NULL DEFAULT 0,
+    discovered_at   TEXT NOT NULL DEFAULT (datetime('now')),
+    installed_at    TEXT,
+    updated_at      TEXT NOT NULL DEFAULT (datetime('now')),
+    UNIQUE(device_uid, kb_id)
+);
+
+CREATE TABLE IF NOT EXISTS patch_policies (
+    id              INTEGER PRIMARY KEY AUTOINCREMENT,
+    target_type     TEXT NOT NULL DEFAULT 'global' CHECK(target_type IN ('global', 'device', 'group')),
+    target_id       TEXT,
+    auto_approve    INTEGER NOT NULL DEFAULT 0,
+    severity_filter TEXT NOT NULL DEFAULT 'important',
+    enabled         INTEGER NOT NULL DEFAULT 1,
+    created_at      TEXT NOT NULL DEFAULT (datetime('now')),
+    updated_at      TEXT NOT NULL DEFAULT (datetime('now'))
+);
+
+-- Behavior metrics for anomaly detection
+CREATE TABLE IF NOT EXISTS behavior_metrics (
+    id                  INTEGER PRIMARY KEY AUTOINCREMENT,
+    device_uid          TEXT NOT NULL REFERENCES devices(device_uid) ON DELETE CASCADE,
+    clipboard_ops_count INTEGER NOT NULL DEFAULT 0,
+    clipboard_ops_night INTEGER NOT NULL DEFAULT 0,
+    print_jobs_count    INTEGER NOT NULL DEFAULT 0,
+    usb_file_ops_count  INTEGER NOT NULL DEFAULT 0,
+    new_processes_count INTEGER NOT NULL DEFAULT 0,
+    period_secs         INTEGER NOT NULL DEFAULT 3600,
+    reported_at         TEXT NOT NULL DEFAULT (datetime('now'))
+);
+
+-- Anomaly alerts generated by the detection engine
+CREATE TABLE IF NOT EXISTS anomaly_alerts (
+    id              INTEGER PRIMARY KEY AUTOINCREMENT,
+    device_uid      TEXT NOT NULL REFERENCES devices(device_uid) ON DELETE CASCADE,
+    anomaly_type    TEXT NOT NULL,
+    severity        TEXT NOT NULL DEFAULT 'medium' CHECK(severity IN ('low', 'medium', 'high', 'critical')),
+    detail          TEXT NOT NULL,
+    metric_value    REAL,
+    baseline_value  REAL,
+    handled         INTEGER NOT NULL DEFAULT 0,
+    handled_by      TEXT,
+    handled_at      TEXT,
+    triggered_at    TEXT NOT NULL DEFAULT (datetime('now'))
+);
+
+CREATE INDEX IF NOT EXISTS idx_patch_status_device ON patch_status(device_uid);
+CREATE INDEX IF NOT EXISTS idx_patch_status_severity ON patch_status(severity, is_installed);
+CREATE INDEX IF NOT EXISTS idx_behavior_metrics_device_time ON behavior_metrics(device_uid, reported_at);
+CREATE INDEX IF NOT EXISTS idx_anomaly_alerts_device ON anomaly_alerts(device_uid);
+CREATE INDEX IF NOT EXISTS idx_anomaly_alerts_unhandled ON anomaly_alerts(handled) WHERE handled = 0;
--- a/migrations/019_software_whitelist.sql
+++ b/migrations/019_software_whitelist.sql
@@ -0,0 +1,54 @@
+-- Software whitelist: processes that should NEVER be blocked even if matched by blacklist rules.
+-- This provides a safety net to prevent false positives from killing legitimate applications.
+CREATE TABLE IF NOT EXISTS software_whitelist (
+    id INTEGER PRIMARY KEY AUTOINCREMENT,
+    name_pattern TEXT NOT NULL,
+    reason TEXT,
+    is_builtin INTEGER NOT NULL DEFAULT 0,  -- 1 = system default, 0 = admin-added
+    enabled INTEGER NOT NULL DEFAULT 1,
+    created_at TEXT NOT NULL DEFAULT (datetime('now'))
+);
+
+-- Built-in whitelist entries for common safe applications
+INSERT INTO software_whitelist (name_pattern, reason, is_builtin) VALUES
+    -- Browsers
+    ('chrome.exe', 'Google Chrome browser', 1),
+    ('msedge.exe', 'Microsoft Edge browser', 1),
+    ('firefox.exe', 'Mozilla Firefox browser', 1),
+    ('iexplore.exe', 'Internet Explorer', 1),
+    ('opera.exe', 'Opera browser', 1),
+    ('brave.exe', 'Brave browser', 1),
+    ('vivaldi.exe', 'Vivaldi browser', 1),
+    -- Development tools & IDEs
+    ('code.exe', 'Visual Studio Code', 1),
+    ('devenv.exe', 'Visual Studio', 1),
+    ('idea64.exe', 'IntelliJ IDEA', 1),
+    ('webstorm64.exe', 'WebStorm', 1),
+    ('pycharm64.exe', 'PyCharm', 1),
+    ('goland64.exe', 'GoLand', 1),
+    ('clion64.exe', 'CLion', 1),
+    ('rider64.exe', 'Rider', 1),
+    ('trae.exe', 'Trae IDE', 1),
+    ('windsurf.exe', 'Windsurf IDE', 1),
+    ('cursor.exe', 'Cursor IDE', 1),
+    -- Office & productivity
+    ('winword.exe', 'Microsoft Word', 1),
+    ('excel.exe', 'Microsoft Excel', 1),
+    ('powerpnt.exe', 'Microsoft PowerPoint', 1),
+    ('outlook.exe', 'Microsoft Outlook', 1),
+    ('onenote.exe', 'Microsoft OneNote', 1),
+    ('teams.exe', 'Microsoft Teams', 1),
+    ('wps.exe', 'WPS Office', 1),
+    -- Terminal & system tools
+    ('cmd.exe', 'Command Prompt', 1),
+    ('powershell.exe', 'PowerShell', 1),
+    ('pwsh.exe', 'PowerShell Core', 1),
+    ('WindowsTerminal.exe', 'Windows Terminal', 1),
+    -- Communication
+    ('wechat.exe', 'WeChat', 1),
+    ('dingtalk.exe', 'DingTalk', 1),
+    ('feishu.exe', 'Feishu/Lark', 1),
+    ('qq.exe', 'QQ', 1),
+    ('tim.exe', 'Tencent TIM', 1),
+    -- CSM
+    ('csm-client.exe', 'CSM Client itself', 1);