From 4800f8946741bbb53cedd0bda2b79022d2f9b99f Mon Sep 17 00:00:00 2001
From: iven <iven_h@qq.com>
Date: Sun, 12 Apr 2026 19:06:49 +0800
Subject: [PATCH] =?UTF-8?q?docs:=20wiki=E5=8F=98=E6=9B=B4=E6=97=A5?=
 =?UTF-8?q?=E5=BF=97=20=E2=80=94=20=E5=AE=A1=E8=AE=A1=E4=BF=AE=E5=A4=8D?=
 =?UTF-8?q?=E8=AE=B0=E5=BD=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 wiki/log.md | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/wiki/log.md b/wiki/log.md
index 771887e..b4ef172 100644
--- a/wiki/log.md
+++ b/wiki/log.md
@@ -9,6 +9,17 @@ tags: [log, history]
 
 > Append-only 操作记录。格式: `## [日期] 类型 | 描述`
 
+## [2026-04-12] fix | 审计修复 — 4 CRITICAL + 5 HIGH 全部解决
+
+- C1: SQL 注入风险 → industry/service.rs 参数化查询 ($N 绑定)
+- C2: INDUSTRY_CONFIGS 死链 → Kernel 共享 Arc + ButlerRouter 共享实例
+- C3: IndustryListItem 缺字段 → keywords_count + 时间戳补全
+- C4: 非事务性行业绑定 → batch ANY($1) 验证 + 事务 DELETE+INSERT
+- H8: Accounts.tsx 竞态 → mutate→mutateAsync + confirmLoading 双检测
+- H9: XML 注入未转义 → xml_escape() 辅助函数
+- H10: update 覆盖 source → 保留原始值
+- H11: 面包屑 /industries 映射缺失
+
 ## [2026-04-12] feat | 行业配置 + 管家主动性 全栈 5 Phase 实施
 
 Phase 1 — 行业配置基础 (13 files, 886 insertions):