feat: 新增补丁管理和异常检测插件及相关功能

feat(protocol): 添加补丁管理和行为指标协议类型 feat(client): 实现补丁管理插件采集功能 feat(server): 添加补丁管理和异常检测API feat(database): 新增补丁状态和异常检测相关表 feat(web): 添加补丁管理和异常检测前端页面 fix(security): 增强输入验证和防注入保护 refactor(auth): 重构认证检查逻辑 perf(service): 优化Windows服务恢复策略 style: 统一健康评分显示样式 docs: 更新知识库文档
2026-04-11 15:59:53 +08:00
parent b5333d8c93
commit 60ee38a3c2
49 changed files with 3988 additions and 461 deletions
--- a/migrations/019_software_whitelist.sql
+++ b/migrations/019_software_whitelist.sql
@@ -0,0 +1,54 @@
+-- Software whitelist: processes that should NEVER be blocked even if matched by blacklist rules.
+-- This provides a safety net to prevent false positives from killing legitimate applications.
+CREATE TABLE IF NOT EXISTS software_whitelist (
+    id INTEGER PRIMARY KEY AUTOINCREMENT,
+    name_pattern TEXT NOT NULL,
+    reason TEXT,
+    is_builtin INTEGER NOT NULL DEFAULT 0,  -- 1 = system default, 0 = admin-added
+    enabled INTEGER NOT NULL DEFAULT 1,
+    created_at TEXT NOT NULL DEFAULT (datetime('now'))
+);
+
+-- Built-in whitelist entries for common safe applications
+INSERT INTO software_whitelist (name_pattern, reason, is_builtin) VALUES
+    -- Browsers
+    ('chrome.exe', 'Google Chrome browser', 1),
+    ('msedge.exe', 'Microsoft Edge browser', 1),
+    ('firefox.exe', 'Mozilla Firefox browser', 1),
+    ('iexplore.exe', 'Internet Explorer', 1),
+    ('opera.exe', 'Opera browser', 1),
+    ('brave.exe', 'Brave browser', 1),
+    ('vivaldi.exe', 'Vivaldi browser', 1),
+    -- Development tools & IDEs
+    ('code.exe', 'Visual Studio Code', 1),
+    ('devenv.exe', 'Visual Studio', 1),
+    ('idea64.exe', 'IntelliJ IDEA', 1),
+    ('webstorm64.exe', 'WebStorm', 1),
+    ('pycharm64.exe', 'PyCharm', 1),
+    ('goland64.exe', 'GoLand', 1),
+    ('clion64.exe', 'CLion', 1),
+    ('rider64.exe', 'Rider', 1),
+    ('trae.exe', 'Trae IDE', 1),
+    ('windsurf.exe', 'Windsurf IDE', 1),
+    ('cursor.exe', 'Cursor IDE', 1),
+    -- Office & productivity
+    ('winword.exe', 'Microsoft Word', 1),
+    ('excel.exe', 'Microsoft Excel', 1),
+    ('powerpnt.exe', 'Microsoft PowerPoint', 1),
+    ('outlook.exe', 'Microsoft Outlook', 1),
+    ('onenote.exe', 'Microsoft OneNote', 1),
+    ('teams.exe', 'Microsoft Teams', 1),
+    ('wps.exe', 'WPS Office', 1),
+    -- Terminal & system tools
+    ('cmd.exe', 'Command Prompt', 1),
+    ('powershell.exe', 'PowerShell', 1),
+    ('pwsh.exe', 'PowerShell Core', 1),
+    ('WindowsTerminal.exe', 'Windows Terminal', 1),
+    -- Communication
+    ('wechat.exe', 'WeChat', 1),
+    ('dingtalk.exe', 'DingTalk', 1),
+    ('feishu.exe', 'Feishu/Lark', 1),
+    ('qq.exe', 'QQ', 1),
+    ('tim.exe', 'Tencent TIM', 1),
+    -- CSM
+    ('csm-client.exe', 'CSM Client itself', 1);