docs: wiki变更日志 — 审计修复记录
Some checks failed
CI / Lint & TypeCheck (push) Has been cancelled
CI / Unit Tests (push) Has been cancelled
CI / Build Frontend (push) Has been cancelled
CI / Rust Check (push) Has been cancelled
CI / Security Scan (push) Has been cancelled
CI / E2E Tests (push) Has been cancelled
Some checks failed
CI / Lint & TypeCheck (push) Has been cancelled
CI / Unit Tests (push) Has been cancelled
CI / Build Frontend (push) Has been cancelled
CI / Rust Check (push) Has been cancelled
CI / Security Scan (push) Has been cancelled
CI / E2E Tests (push) Has been cancelled
This commit is contained in:
iven
11
wiki/log.md
11
wiki/log.md
@@ -9,6 +9,17 @@ tags: [log, history]
|
|||||||
|
|
||||||
> Append-only 操作记录。格式: `## [日期] 类型 | 描述`
|
> Append-only 操作记录。格式: `## [日期] 类型 | 描述`
|
||||||
|
|
||||||
|
## [2026-04-12] fix | 审计修复 — 4 CRITICAL + 5 HIGH 全部解决
|
||||||
|
|
||||||
|
- C1: SQL 注入风险 → industry/service.rs 参数化查询 ($N 绑定)
|
||||||
|
- C2: INDUSTRY_CONFIGS 死链 → Kernel 共享 Arc + ButlerRouter 共享实例
|
||||||
|
- C3: IndustryListItem 缺字段 → keywords_count + 时间戳补全
|
||||||
|
- C4: 非事务性行业绑定 → batch ANY($1) 验证 + 事务 DELETE+INSERT
|
||||||
|
- H8: Accounts.tsx 竞态 → mutate→mutateAsync + confirmLoading 双检测
|
||||||
|
- H9: XML 注入未转义 → xml_escape() 辅助函数
|
||||||
|
- H10: update 覆盖 source → 保留原始值
|
||||||
|
- H11: 面包屑 /industries 映射缺失
|
||||||
|
|
||||||
## [2026-04-12] feat | 行业配置 + 管家主动性 全栈 5 Phase 实施
|
## [2026-04-12] feat | 行业配置 + 管家主动性 全栈 5 Phase 实施
|
||||||
|
|
||||||
Phase 1 — 行业配置基础 (13 files, 886 insertions):
|
Phase 1 — 行业配置基础 (13 files, 886 insertions):
|
||||||
|
|||||||
Reference in New Issue
Block a user