Spaces:

capta1n
/

project9

Running

App Files Files Community

capta1n commited on Apr 21, 2025

Commit

36b27b6

verified ·

1 Parent(s): 528f8c5

Add 3 files

Browse files

Files changed (3) hide show

README.md +7 -5
index.html +1213 -19
prompts.txt +1 -0

README.md CHANGED Viewed

@@ -1,10 +1,12 @@
 ---
-title: Project9
-emoji: 👀
-colorFrom: red
-colorTo: yellow
 sdk: static
 pinned: false
 ---
-Check out the configuration reference at https://huggingface.co/docs/hub/spaces-config-reference

 ---
+title: project9
+emoji: 🐳
+colorFrom: gray
+colorTo: gray
 sdk: static
 pinned: false
+tags:
+  - deepsite
 ---
+Check out the configuration reference at https://huggingface.co/docs/hub/spaces-config-reference

index.html CHANGED Viewed

@@ -1,19 +1,1213 @@
-<!doctype html>
-<html>
-	<head>
-		<meta charset="utf-8" />
-		<meta name="viewport" content="width=device-width" />
-		<title>My static Space</title>
-		<link rel="stylesheet" href="style.css" />
-	</head>
-	<body>
-		<div class="card">
-			<h1>Welcome to your static Space!</h1>
-			<p>You can modify this app directly by editing <i>index.html</i> in the Files and versions tab.</p>
-			<p>
-				Also don't forget to check the
-				<a href="https://huggingface.co/docs/hub/spaces" target="_blank">Spaces documentation</a>.
-			</p>
-		</div>
-	</body>
-</html>

+<!DOCTYPE html>
+<html lang="zh-CN">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>AI SDL 数字分身 - 风险项目详情</title>
+    <script src="https://cdn.tailwindcss.com"></script>
+    <script src="https://cdn.jsdelivr.net/npm/mermaid/dist/mermaid.min.js"></script>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.7.0/highlight.min.js"></script>
+    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.7.0/styles/atom-one-dark.min.css">
+    <style>
+        .risk-critical { background-color: #fee2e2; border-left: 4px solid #ef4444; }
+        .risk-high { background-color: #ffedd5; border-left: 4px solid #f97316; }
+        .risk-medium { background-color: #fef9c3; border-left: 4px solid #eab308; }
+        .risk-low { background-color: #ecfdf5; border-left: 4px solid #10b981; }
+        .content-container {
+            display: grid;
+            grid-template-columns: 1fr 1fr;
+            gap: 1rem;
+            height: calc(100vh - 200px);
+            overflow: hidden;
+        }
+        .content-panel {
+            overflow-y: auto;
+            padding: 1rem;
+            border: 1px solid #e5e7eb;
+            border-radius: 0.5rem;
+            height: 100%;
+        }
+        .code-block {
+            position: relative;
+        }
+        .code-block pre {
+            margin: 0;
+            border-radius: 0.375rem;
+        }
+        .vulnerable-line {
+            background-color: #fee2e2;
+            display: inline-block;
+            width: 100%;
+        }
+        .fix-suggestion {
+            position: absolute;
+            top: 100%;
+            left: 0;
+            width: 100%;
+            background: white;
+            border: 1px solid #e5e7eb;
+            border-radius: 0.375rem;
+            padding: 1rem;
+            box-shadow: 0 4px 6px -1px rgba(0, 0, 0, 0.1);
+            z-index: 10;
+            display: none;
+        }
+        .mermaid {
+            width: 100%;
+            min-height: 300px;
+            background: white;
+            padding: 1rem;
+            border-radius: 0.5rem;
+            border: 1px solid #e5e7eb;
+            margin: 1rem 0;
+        }
+        .risk-marker {
+            fill: #ef4444;
+            stroke: #ef4444;
+        }
+        .highlight-risk {
+            background-color: #fee2e2;
+            padding: 0.1rem 0.2rem;
+            border-radius: 0.2rem;
+        }
+        .tab-content {
+            display: none;
+        }
+        .tab-content.active {
+            display: block;
+        }
+        .nav-tabs .active {
+            border-bottom: 2px solid #3b82f6;
+            color: #3b82f6;
+            font-weight: 600;
+        }
+        .release-decision {
+            border: 2px solid #ef4444;
+            background-color: #fef2f2;
+            border-radius: 0.5rem;
+            padding: 1.5rem;
+        }
+        .vulnerability-item {
+            border-bottom: 1px solid #e5e7eb;
+            padding: 1rem 0;
+        }
+    </style>
+</head>
+<body class="bg-gray-50">
+    <div class="container mx-auto px-4 py-8">
+        <!-- Header -->
+        <div class="flex justify-between items-center mb-8">
+            <div>
+                <h1 class="text-3xl font-bold text-gray-800">AI SDL 数字分身</h1>
+                <p class="text-gray-600">风险项目详情分析</p>
+            </div>
+            <div class="flex items-center space-x-4">
+                <div class="relative">
+                    <input type="text" placeholder="搜索项目..." class="pl-10 pr-4 py-2 border rounded-lg focus:outline-none focus:ring-2 focus:ring-blue-500">
+                    <svg class="w-5 h-5 text-gray-400 absolute left-3 top-2.5" fill="none" stroke="currentColor" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg">
+                        <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M21 21l-6-6m2-5a7 7 0 11-14 0 7 7 0 0114 0z"></path>
+                    </svg>
+                </div>
+                <button class="bg-blue-600 text-white px-4 py-2 rounded-lg hover:bg-blue-700 transition-colors">
+                    返回项目列表
+                </button>
+            </div>
+        </div>
+        <!-- Project Overview -->
+        <div class="bg-white rounded-xl shadow-md p-6 mb-8">
+            <div class="flex justify-between items-start mb-6">
+                <div>
+                    <h2 class="text-2xl font-bold text-gray-800">项目名称: 支付宝国补项目</h2>
+                    <div class="flex items-center mt-2">
+                        <span class="bg-red-100 text-red-800 text-xs font-medium px-2.5 py-0.5 rounded-full">高风险</span>
+                        <span class="ml-2 text-gray-600">最后更新: 2023-06-15 14:30</span>
+                    </div>
+                </div>
+                <div class="flex space-x-2">
+                    <button class="flex items-center text-blue-600 hover:text-blue-800">
+                        <svg class="w-5 h-5 mr-1" fill="none" stroke="currentColor" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg">
+                            <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M15.172 7l-6.586 6.586a2 2 0 102.828 2.828l6.414-6.586a4 4 0 00-5.656-5.656l-6.415 6.585a6 6 0 108.486 8.486L20.5 13"></path>
+                        </svg>
+                        导出报告
+                    </button>
+                    <button class="flex items-center text-blue-600 hover:text-blue-800">
+                        <svg class="w-5 h-5 mr-1" fill="none" stroke="currentColor" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg">
+                            <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M12 5v.01M12 12v.01M12 19v.01M12 6a1 1 0 110-2 1 1 0 010 2zm0 7a1 1 0 110-2 1 1 0 010 2zm0 7a1 1 0 110-2 1 1 0 010 2z"></path>
+                        </svg>
+                        更多操作
+                    </button>
+                </div>
+            </div>
+            <div class="grid grid-cols-3 gap-6 mb-6">
+                <div class="bg-gray-50 p-4 rounded-lg">
+                    <h3 class="font-medium text-gray-700 mb-2">项目参与人</h3>
+                    <div class="flex flex-wrap gap-2">
+                        <span class="bg-blue-100 text-blue-800 text-xs font-medium px-2.5 py-0.5 rounded">形知</span>
+                        <span class="bg-blue-100 text-blue-800 text-xs font-medium px-2.5 py-0.5 rounded">铸梦</span>
+                        <span class="bg-blue-100 text-blue-800 text-xs font-medium px-2.5 py-0.5 rounded">洞悉</span>
+                        <span class="bg-blue-100 text-blue-800 text-xs font-medium px-2.5 py-0.5 rounded">隐迹</span>
+                        <span class="bg-blue-100 text-blue-800 text-xs font-medium px-2.5 py-0.5 rounded">晨熙</span>
+                    </div>
+                </div>
+                <div class="bg-gray-50 p-4 rounded-lg">
+                    <h3 class="font-medium text-gray-700 mb-2">风险状态</h3>
+                    <div class="flex items-center">
+                        <div class="w-full bg-gray-200 rounded-full h-2.5">
+                            <div class="bg-red-600 h-2.5 rounded-full" style="width: 65%"></div>
+                        </div>
+                        <span class="ml-2 text-sm font-medium text-gray-700">65% 修复</span>
+                    </div>
+                </div>
+                <div class="bg-gray-50 p-4 rounded-lg">
+                    <h3 class="font-medium text-gray-700 mb-2">风险分布</h3>
+                    <div class="flex space-x-4">
+                        <div class="flex items-center">
+                            <div class="w-3 h-3 rounded-full bg-red-500 mr-1"></div>
+                            <span class="text-sm">需求 2</span>
+                        </div>
+                        <div class="flex items-center">
+                            <div class="w-3 h-3 rounded-full bg-orange-500 mr-1"></div>
+                            <span class="text-sm">代码 3</span>
+                        </div>
+                        <div class="flex items-center">
+                            <div class="w-3 h-3 rounded-full bg-yellow-500 mr-1"></div>
+                            <span class="text-sm">测试 1</span>
+                        </div>
+                    </div>
+                </div>
+            </div>
+            <!-- Added Application Info -->
+            <div class="grid grid-cols-2 gap-6 mb-6">
+                <div class="bg-gray-50 p-4 rounded-lg">
+                    <h3 class="font-medium text-gray-700 mb-2">应用名称</h3>
+                    <p class="font-mono text-sm">soc-AI-SDL</p>
+                </div>
+                <div class="bg-gray-50 p-4 rounded-lg">
+                    <h3 class="font-medium text-gray-700 mb-2">代码分支地址</h3>
+                    <p class="font-mono text-sm break-all">git@gitlab.alibaba-inc.com:soc-AI-SDL/soc-AI-SDL.git::/feature/20250414_24651171_tmp_1_stage_1</p>
+                </div>
+            </div>
+            <div class="mb-6">
+                <h3 class="font-medium text-gray-700 mb-2">风险概述</h3>
+                <div class="space-y-3">
+                    <div class="risk-critical p-3 rounded">
+                        <div class="flex justify-between items-center">
+                            <span class="font-medium">需求环节: 越权访问风险</span>
+                            <span class="text-sm bg-red-600 text-white px-2 py-0.5 rounded-full">未修复</span>
+                        </div>
+                        <p class="text-sm mt-1">用户权限校验不足，可能导致越权访问敏感数据</p>
+                    </div>
+                    <div class="risk-high p-3 rounded">
+                        <div class="flex justify-between items-center">
+                            <span class="font-medium">代码环节: SQL注入风险</span>
+                            <span class="text-sm bg-orange-500 text-white px-2 py-0.5 rounded-full">修复中</span>
+                        </div>
+                        <p class="text-sm mt-1">OrderService.java 中直接拼接SQL语句，存在注入风险</p>
+                    </div>
+                    <div class="risk-medium p-3 rounded">
+                        <div class="flex justify-between items-center">
+                            <span class="font-medium">安全测试: 水平越权</span>
+                            <span class="text-sm bg-yellow-500 text-white px-2 py-0.5 rounded-full">已修复</span>
+                        </div>
+                        <p class="text-sm mt-1">通过修改orderid参数可访问他人订单信息</p>
+                    </div>
+                </div>
+            </div>
+        </div>
+        <!-- Navigation Tabs -->
+        <div class="border-b border-gray-200 mb-6">
+            <nav class="flex space-x-8 nav-tabs" aria-label="Tabs">
+                <button onclick="switchTab('requirements')" class="py-4 px-1 active inline-flex items-center text-sm font-medium">
+                    <svg class="w-5 h-5 mr-2" fill="none" stroke="currentColor" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg">
+                        <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M9 12h6m-6 4h6m2 5H7a2 2 0 01-2-2V5a2 2 0 012-2h5.586a1 1 0 01.707.293l5.414 5.414a1 1 0 01.293.707V19a2 2 0 01-2 2z"></path>
+                    </svg>
+                    需求分析
+                </button>
+                <button onclick="switchTab('code')" class="py-4 px-1 inline-flex items-center text-sm font-medium">
+                    <svg class="w-5 h-5 mr-2" fill="none" stroke="currentColor" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg">
+                        <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M10 20l4-16m4 4l4 4-4 4M6 16l-4-4 4-4"></path>
+                    </svg>
+                    代码分析
+                </button>
+                <button onclick="switchTab('testing')" class="py-4 px-1 inline-flex items-center text-sm font-medium">
+                    <svg class="w-5 h-5 mr-2" fill="none" stroke="currentColor" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg">
+                        <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M19.428 15.428a2 2 0 00-1.022-.547l-2.387-.477a6 6 0 00-3.86.494l-.318.158a6 6 0 01-3.86.494L6.05 15.21a2 2 0 00-1.806.547M8 4h8l-1 1v5.172a2 2 0 00.586 1.414l5 5c1.26 1.26.367 3.414-1.415 3.414H4.828c-1.782 0-2.674-2.154-1.414-3.414l5-5A2 2 0 009 10.172V5L8 4z"></path>
+                    </svg>
+                    安全测试
+                </button>
+                <button onclick="switchTab('release')" class="py-4 px-1 inline-flex items-center text-sm font-medium">
+                    <svg class="w-5 h-5 mr-2" fill="none" stroke="currentColor" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg">
+                        <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M5 12h14M5 12a2 2 0 01-2-2V6a2 2 0 012-2h14a2 2 0 012 2v4a2 2 0 01-2 2M5 12a2 2 0 00-2 2v4a2 2 0 002 2h14a2 2 0 002-2v-4a2 2 0 00-2-2m-2-4h.01M17 16h.01"></path>
+                    </svg>
+                    发布检查
+                </button>
+                <button onclick="switchTab('production')" class="py-4 px-1 inline-flex items-center text-sm font-medium">
+                    <svg class="w-5 h-5 mr-2" fill="none" stroke="currentColor" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg">
+                        <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M9 12l2 2 4-4m5.618-4.016A11.955 11.955 0 0112 2.944a11.955 11.955 0 01-8.618 3.04A12.02 12.02 0 003 9c0 5.591 3.824 10.29 9 11.622 5.176-1.332 9-6.03 9-11.622 0-1.042-.133-2.052-.382-3.016z"></path>
+                    </svg>
+                    线上监控
+                </button>
+            </nav>
+        </div>
+        <!-- Tab Contents -->
+        <div>
+            <!-- Requirements Tab -->
+            <div id="requirements" class="tab-content active">
+                <div class="content-container">
+                    <!-- Left Panel - Requirements Content -->
+                    <div class="content-panel bg-white">
+                        <h3 class="text-lg font-medium text-gray-800 mb-4">需求文档内容</h3>
+                        <div class="prose max-w-none">
+                            <p>支付宝国补项目旨在为政府补贴发放提供数字化解决方案，通过支付宝平台实现补贴的精准发放和核销。</p>
+                            <h4>1. 项目背景</h4>
+                            <p>随着政府数字化转型的推进，各类补贴发放需要更加高效、透明和可追溯的解决方案...</p>
+                            <h4>2. 功能需求</h4>
+                            <p class="highlight-risk">2.1 用户认证与授权</p>
+                            <p>系统需要支持多级用户角色，包括普通用户、商户用户、政府管理员等。用户通过支付宝账号登录后，系统应根据用户类型显示不同功能模块。</p>
+                            <p class="highlight-risk">2.2 补贴申请与审批</p>
+                            <p>用户可以在线提交补贴申请，上传相关证明材料。政府管理员后台可以审批这些申请，审批通过后补贴金额将直接发放到用户支付宝账户。</p>
+                            <p>2.3 补贴核销</p>
+                            <p>用户在指定商户消费时，可以使用补贴金额进行支付。商户通过扫码枪扫描用户付款码完成交易...</p>
+                            <h4>3. 技术架构</h4>
+                            <div class="mermaid">
+                                graph TD
+                                    A[用户端] -->|HTTPS| B(API Gateway)
+                                    B --> C[认证服务]
+                                    B --> D[补贴服务]
+                                    B --> E[支付服务]
+                                    D --> F[(MySQL)]
+                                    E --> G[(Redis)]
+                                    C --> H[(LDAP)]
+                                    style D stroke:#ef4444,stroke-width:2px
+                                    style C stroke:#ef4444,stroke-width:2px
+                            </div>
+                            <h4>4. 数据安全</h4>
+                            <p>所有敏感数据传输必须加密，存储数据需要脱敏处理...</p>
+                            <p>5. 性能要求</p>
+                            <p>系统需要支持每秒1000+的并发请求，响应时间在500ms以内...</p>
+                        </div>
+                    </div>
+                    <!-- Right Panel - Security Analysis -->
+                    <div class="content-panel bg-white">
+                        <h3 class="text-lg font-medium text-gray-800 mb-4">安全分析结果</h3>
+                        <div class="mb-6">
+                            <h4 class="font-medium text-gray-700 mb-2">STRIDE 威胁建模</h4>
+                            <div class="mermaid">
+                                graph LR
+                                    subgraph 支付宝国补系统
+                                    A[用户认证] -->|Spoofing| B(冒充管理员)
+                                    A -->|Tampering| C(篡改认证令牌)
+                                    D[补贴审批] -->|Information Disclosure| E(查看他人申请)
+                                    D -->|Elevation of Privilege| F(普通用户执行审批)
+                                    end
+                                    style B fill:#fee2e2,stroke:#ef4444
+                                    style E fill:#fee2e2,stroke:#ef4444
+                                    style F fill:#fee2e2,stroke:#ef4444
+                            </div>
+                        </div>
+                        <div class="space-y-4">
+                            <div class="risk-critical p-4 rounded-lg">
+                                <h4 class="font-medium mb-2">风险点: 用户权限控制不足</h4>
+                                <div class="grid grid-cols-2 gap-2 text-sm">
+                                    <div>
+                                        <p class="text-gray-600">业务场景:</p>
+                                        <p>用户认证与授权功能</p>
+                                    </div>
+                                    <div>
+                                        <p class="text-gray-600">风险类型:</p>
+                                        <p>越权访问(EoP)</p>
+                                    </div>
+                                    <div>
+                                        <p class="text-gray-600">风险点:</p>
+                                        <p>角色权限划分不明确</p>
+                                    </div>
+                                    <div>
+                                        <p class="text-gray-600">严重程度:</p>
+                                        <p>高危</p>
+                                    </div>
+                                </div>
+                                <div class="mt-2">
+                                    <p class="text-gray-600">整改建议:</p>
+                                    <p>1. 明确定义各角色权限边界<br>2. 实现基于RBAC的权限控制系统<br>3. 所有敏感操作增加权限校验</p>
+                                </div>
+                                <button onclick="highlightText('2.1 用户认证与授权')" class="mt-2 text-blue-600 text-sm hover:underline">
+                                    定位到需求文档
+                                </button>
+                            </div>
+                            <div class="risk-high p-4 rounded-lg">
+                                <h4 class="font-medium mb-2">风险点: 敏感信息泄露</h4>
+                                <div class="grid grid-cols-2 gap-2 text-sm">
+                                    <div>
+                                        <p class="text-gray-600">业务场景:</p>
+                                        <p>补贴申请与审批</p>
+                                    </div>
+                                    <div>
+                                        <p class="text-gray-600">风险类型:</p>
+                                        <p>信息泄露(ID)</p>
+                                    </div>
+                                    <div>
+                                        <p class="text-gray-600">风险点:</p>
+                                        <p>审批流程可查看他人申请</p>
+                                    </div>
+                                    <div>
+                                        <p class="text-gray-600">严重程度:</p>
+                                        <p中高危</p>
+                                    </div>
+                                </div>
+                                <div class="mt-2">
+                                    <p class="text-gray-600">整改建议:</p>
+                                    <p>1. 实现数据级权限控制<br>2. 审批列表过滤只显示有权限的数据<br>3. 敏感字段脱敏处理</p>
+                                </div>
+                                <button onclick="highlightText('2.2 补贴申请与审批')" class="mt-2 text-blue-600 text-sm hover:underline">
+                                    定位到需求文档
+                                </button>
+                            </div>
+                        </div>
+                    </div>
+                </div>
+            </div>
+            <!-- Code Tab -->
+            <div id="code" class="tab-content">
+                <div class="content-container">
+                    <!-- Left Panel - Code Content -->
+                    <div class="content-panel bg-white">
+                        <div class="flex justify-between items-center mb-4">
+                            <h3 class="text-lg font-medium text-gray-800">代码内容</h3>
+                            <div class="flex space-x-2">
+                                <select class="border rounded px-2 py-1 text-sm">
+                                    <option>OrderService.java</option>
+                                    <option>UserService.java</option>
+                                    <option>AuthController.java</option>
+                                </select>
+                                <button class="bg-blue-100 text-blue-800 px-3 py-1 rounded text-sm">
+                                    全部展开
+                                </button>
+                            </div>
+                        </div>
+                        <div class="code-block">
+                            <pre><code class="language-java">package com.alipay.subsidy.service;
+import java.sql.*;
+import java.util.List;
+public class OrderService {
+    private Connection conn;
+    public OrderService() {
+        try {
+            conn = DriverManager.getConnection(
+                "jdbc:mysql://localhost:3306/subsidy",
+                "root",
+                "password"
+            );
+        } catch (SQLException e) {
+            e.printStackTrace();
+        }
+    }
+    public List&lt;Order&gt; getOrdersByUserId(String userId) {
+        List&lt;Order&gt; orders = new ArrayList&lt;&gt;();
+        try {
+            // 漏洞点: SQL注入风险
+            <span id="vuln-line-1" class="vulnerable-line">Statement stmt = conn.createStatement();
+            ResultSet rs = stmt.executeQuery("SELECT * FROM orders WHERE user_id = '" + userId + "'");</span>
+            while (rs.next()) {
+                Order order = new Order();
+                order.setId(rs.getString("id"));
+                order.setAmount(rs.getBigDecimal("amount"));
+                orders.add(order);
+            }
+        } catch (SQLException e) {
+            e.printStackTrace();
+        }
+        return orders;
+    }
+    public Order getOrderById(String orderId) {
+        Order order = null;
+        try {
+            // 漏洞点: 越权访问风险
+            <span id="vuln-line-2" class="vulnerable-line">Statement stmt = conn.createStatement();
+            ResultSet rs = stmt.executeQuery("SELECT * FROM orders WHERE id = '" + orderId + "'");</span>
+            if (rs.next()) {
+                order = new Order();
+                order.setId(rs.getString("id"));
+                order.setUserId(rs.getString("user_id"));
+                order.setAmount(rs.getBigDecimal("amount"));
+            }
+        } catch (SQLException e) {
+            e.printStackTrace();
+        }
+        return order;
+    }
+    public void updateOrderStatus(String orderId, String status) {
+        try {
+            // 漏洞点: 缺乏权限校验
+            <span id="vuln-line-3" class="vulnerable-line">PreparedStatement pstmt = conn.prepareStatement(
+                "UPDATE orders SET status = ? WHERE id = ?"
+            );
+            pstmt.setString(1, status);
+            pstmt.setString(2, orderId);
+            pstmt.executeUpdate();</span>
+        } catch (SQLException e) {
+            e.printStackTrace();
+        }
+    }
+}</code></pre>
+                        </div>
+                    </div>
+                    <!-- Right Panel - Security Analysis -->
+                    <div class="content-panel bg-white">
+                        <h3 class="text-lg font-medium text-gray-800 mb-4">安全分析结果</h3>
+                        <div class="space-y-4">
+                            <div class="risk-critical p-4 rounded-lg">
+                                <div class="flex justify-between items-start">
+                                    <div>
+                                        <h4 class="font-medium mb-1">SQL注入漏洞</h4>
+                                        <p class="text-sm text-gray-600">OrderService.java - getOrdersByUserId()</p>
+                                    </div>
+                                    <span class="bg-red-600 text-white text-xs px-2 py-0.5 rounded-full">高危</span>
+                                </div>
+                                <div class="mt-2 grid grid-cols-2 gap-2 text-sm">
+                                    <div>
+                                        <p class="text-gray-600">漏洞类型:</p>
+                                        <p>SQL注入</p>
+                                    </div>
+                                    <div>
+                                        <p class="text-gray-600">风险接口:</p>
+                                        <p>/api/orders?userId={userId}</p>
+                                    </div>
+                                </div>
+                                <div class="mt-2">
+                                    <p class="text-gray-600">漏洞描述:</p>
+                                    <p class="text-sm">直接拼接用户输入的userId到SQL查询中，攻击者可以构造恶意输入执行任意SQL命令。</p>
+                                </div>
+                                <div class="mt-2">
+                                    <p class="text-gray-600">漏洞代码:</p>
+                                    <button onclick="highlightCode('vuln-line-1')" class="text-blue-600 text-sm hover:underline">
+                                        定位到代码
+                                    </button>
+                                </div>
+                                <div class="mt-2">
+                                    <p class="text-gray-600">修复建议:</p>
+                                    <pre class="bg-gray-100 p-2 rounded text-sm"><code>// 使用预编译语句修复
+PreparedStatement pstmt = conn.prepareStatement(
+    "SELECT * FROM orders WHERE user_id = ?"
+);
+pstmt.setString(1, userId);
+ResultSet rs = pstmt.executeQuery();</code></pre>
+                                </div>
+                            </div>
+                            <div class="risk-high p-4 rounded-lg">
+                                <div class="flex justify-between items-start">
+                                    <div>
+                                        <h4 class="font-medium mb-1">越权访问漏洞</h4>
+                                        <p class="text-sm text-gray-600">OrderService.java - getOrderById()</p>
+                                    </div>
+                                    <span class="bg-orange-500 text-white text-xs px-2 py-0.5 rounded-full">中高危</span>
+                                </div>
+                                <div class="mt-2 grid grid-cols-2 gap-2 text-sm">
+                                    <div>
+                                        <p class="text-gray-600">漏洞类型:</p>
+                                        <p>水平越权</p>
+                                    </div>
+                                    <div>
+                                        <p class="text-gray-600">风险接口:</p>
+                                        <p>/api/orders/{orderId}</p>
+                                    </div>
+                                </div>
+                                <div class="mt-2">
+                                    <p class="text-gray-600">漏洞描述:</p>
+                                    <p class="text-sm">接口直接根据orderId查询订单信息，没有校验当前用户是否有权限访问该订单。</p>
+                                </div>
+                                <div class="mt-2">
+                                    <p class="text-gray-600">漏洞代码:</p>
+                                    <button onclick="highlightCode('vuln-line-2')" class="text-blue-600 text-sm hover:underline">
+                                        定位到代码
+                                    </button>
+                                </div>
+                                <div class="mt-2">
+                                    <p class="text-gray-600">修复建议:</p>
+                                    <pre class="bg-gray-100 p-2 rounded text-sm"><code>// 增加权限校验
+Order order = getOrderById(orderId);
+if (order != null && !order.getUserId().equals(currentUserId)) {
+    throw new AccessDeniedException("无权访问该订单");
+}
+return order;</code></pre>
+                                </div>
+                            </div>
+                        </div>
+                    </div>
+                </div>
+            </div>
+            <!-- Security Testing Tab -->
+            <div id="testing" class="tab-content">
+                <div class="content-container">
+                    <!-- Left Panel - Testing Content -->
+                    <div class="content-panel bg-white">
+                        <h3 class="text-lg font-medium text-gray-800 mb-4">测试用例与Payload</h3>
+                        <div class="space-y-6">
+                            <div>
+                                <h4 class="font-medium mb-2">测试接口: /api/orders/{orderId</h4>
+                                <div class="code-block">
+                                    <pre><code class="language-http">GET /api/orders/1001 HTTP/1.1
+Host: api.alipay-subsidy.com
+Authorization: Bearer user1_token
+Accept: application/json</code></pre>
+                                </div>
+                                <div class="mt-2">
+                                    <h5 class="font-medium text-sm mb-1">测试Payload:</h5>
+                                    <div class="code-block">
+                                        <pre><code class="language-http"># 修改orderId尝试访问他人订单
+GET /api/orders/1002 HTTP/1.1
+Host: api.alipay-subsidy.com
+Authorization: Bearer user1_token
+Accept: application/json
+GET /api/orders/1003 HTTP/1.1
+Host: api.alipay-subsidy.com
+Authorization: Bearer user1_token
+Accept: application/json</code></pre>
+                                    </div>
+                                </div>
+                                <div class="mt-2">
+                                    <h5 class="font-medium text-sm mb-1">测试结果:</h5>
+                                    <div class="code-block">
+                                        <pre><code class="language-json">{
+    "id": "1002",
+    "userId": "user2",
+    "amount": 150.00,
+    "items": [
+        {"name": "商品A", "price": 50.00},
+        {"name": "商品B", "price": 100.00}
+    ]
+}</code></pre>
+                                    </div>
+                                </div>
+                            </div>
+                            <div>
+                                <h4 class="font-medium mb-2">测试接口: /api/orders?userId={userId}</h4>
+                                <div class="code-block">
+                                    <pre><code class="language-http">GET /api/orders?userId=user1 HTTP/1.1
+Host: api.alipay-subsidy.com
+Authorization: Bearer user1_token
+Accept: application/json</code></pre>
+                                </div>
+                                <div class="mt-2">
+                                    <h5 class="font-medium text-sm mb-1">SQL注入Payload:</h5>
+                                    <div class="code-block">
+                                        <pre><code class="language-http"># 基础注入测试
+GET /api/orders?userId=user1' OR '1'='1 HTTP/1.1
+Host: api.alipay-subsidy.com
+Authorization: Bearer user1_token
+Accept: application/json
+# 联合查询获取其他表数据
+GET /api/orders?userId=user1' UNION SELECT 1,username,password FROM users-- HTTP/1.1
+Host: api.alipay-subsidy.com
+Authorization: Bearer user1_token
+Accept: application/json</code></pre>
+                                    </div>
+                                </div>
+                                <div class="mt-2">
+                                    <h5 class="font-medium text-sm mb-1">测试结果:</h5>
+                                    <div class="code-block">
+                                        <pre><code class="language-json">{
+    "error": "Internal Server Error",
+    "status": 500,
+    "message": "Error executing SQL query"
+}</code></pre>
+                                    </div>
+                                </div>
+                            </div>
+                        </div>
+                    </div>
+                    <!-- Right Panel - Security Analysis -->
+                    <div class="content-panel bg-white">
+                        <h3 class="text-lg font-medium text-gray-800 mb-4">安全测试分析</h3>
+                        <div class="space-y-4">
+                            <div class="risk-high p-4 rounded-lg">
+                                <div class="flex justify-between items-start">
+                                    <div>
+                                        <h4 class="font-medium mb-1">水平越权漏洞</h4>
+                                        <p class="text-sm text-gray-600">订单信息越权访问</p>
+                                    </div>
+                                    <span class="bg-orange-500 text-white text-xs px-2 py-0.5 rounded-full">中高危</span>
+                                </div>
+                                <div class="mt-2">
+                                    <p class="text-gray-600">风险接口:</p>
+                                    <p class="text-sm font-mono">/api/orders/{orderId}</p>
+                                </div>
+                                <div class="mt-2">
+                                    <p class="text-gray-600">风险描述:</p>
+                                    <p class="text-sm">攻击者可以通过修改orderId参数访问其他用户的订单信息，导致敏感数据泄露。</p>
+                                </div>
+                                <div class="mt-2">
+                                    <p class="text-gray-600">攻击手法:</p>
+                                    <ol class="list-decimal list-inside text-sm space-y-1">
+                                        <li>攻击者登录自己的账号，获取一个合法的订单ID（如1001）</li>
+                                        <li>修改请求中的orderid参数，尝试访问其他订单ID（如1002、1003等）</li>
+                                        <li>服务器未进行权限校验，攻击者成功获取其他用户的订单信息</li>
+                                        <li>通过自动化工具（如Burp Suite或脚本），批量枚举订单ID获取大量用户数据</li>
+                                    </ol>
+                                </div>
+                                <div class="mt-2">
+                                    <p class="text-gray-600">修复建议:</p>
+                                    <p class="text-sm">1. 服务端增加订单所属用户校验<br>2. 实现数据级权限控制<br>3. 对订单ID增加访问频率限制</p>
+                                </div>
+                            </div>
+                            <div class="risk-critical p-4 rounded-lg">
+                                <div class="flex justify-between items-start">
+                                    <div>
+                                        <h4 class="font-medium mb-1">SQL注入漏洞</h4>
+                                        <p class="text-sm text-gray-600">订单查询SQL注入</p>
+                                    </div>
+                                    <span class="bg-red-600 text-white text-xs px-2 py-0.5 rounded-full">高危</span>
+                                </div>
+                                <div class="mt-2">
+                                    <p class="text-gray-600">风险接口:</p>
+                                    <p class="text-sm font-mono">/api/orders?userId={userId}</p>
+                                </div>
+                                <div class="mt-2">
+                                    <p class="text-gray-600">风险描述:</p>
+                                    <p class="text-sm">接口存在SQL注入漏洞，攻击者可以构造恶意输入执行任意SQL命令，可能导致数据库信息泄露甚至服务器被控制。</p>
+                                </div>
+                                <div class="mt-2">
+                                    <p class="text-gray-600">攻击Payload:</p>
+                                    <div class="code-block">
+                                        <pre><code class="language-sql">user1' UNION SELECT 1,username,password FROM users--</code></pre>
+                                    </div>
+                                </div>
+                                <div class="mt-2">
+                                    <p class="text-gray-600">修复建议:</p>
+                                    <p class="text-sm">1. 使用预编译语句(PreparedStatement)替代字符串拼接<br>2. 实施输入验证和参数化查询<br>3. 限制数据库账户权限</p>
+                                </div>
+                            </div>
+                        </div>
+                    </div>
+                </div>
+            </div>
+            <!-- Release Check Tab -->
+            <div id="release" class="tab-content">
+                <div class="content-container">
+                    <!-- Left Panel - Release Content -->
+                    <div class="content-panel bg-white">
+                        <h3 class="text-lg font-medium text-gray-800 mb-4">发布安全检查</h3>
+                        <div class="space-y-4">
+                            <div class="p-4 border rounded-lg">
+                                <h4 class="font-medium mb-2">安全检查项</h4>
+                                <div class="space-y-3">
+                                    <div class="flex items-center">
+                                        <svg class="w-5 h-5 text-green-500 mr-2" fill="none" stroke="currentColor" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg">
+                                            <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M5 13l4 4L19 7"></path>
+                                        </svg>
+                                        <span>代码静态扫描通过</span>
+                                    </div>
+                                    <div class="flex items-center">
+                                        <svg class="w-5 h-5 text-green-500 mr-2" fill="none" stroke="currentColor" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg">
+                                            <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M5 13l4 4L19 7"></path>
+                                        </svg>
+                                        <span>依赖库无已知漏洞</span>
+                                    </div>
+                                    <div class="flex items-center">
+                                        <svg class="w-5 h-5 text-red-500 mr-2" fill="none" stroke="currentColor" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg">
+                                            <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M6 18L18 6M6 6l12 12"></path>
+                                        </svg>
+                                        <span>越权风险未完全修复</span>
+                                    </div>
+                                    <div class="flex items-center">
+                                        <svg class="w-5 h-5 text-yellow-500 mr-2" fill="none" stroke="currentColor" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg">
+                                            <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z"></path>
+                                        </svg>
+                                        <span>SQL注入风险部分修复</span>
+                                    </div>
+                                </div>
+                            </div>
+                            <div class="p-4 border rounded-lg">
+                                <h4 class="font-medium mb-2">发布检查记录</h4>
+                                <div class="text-sm space-y-2">
+                                    <div class="flex justify-between">
+                                        <span>2023-06-10 14:30</span>
+                                        <span class="text-red-600">安全检查不通过</span>
+                                    </div>
+                                    <div class="flex justify-between">
+                                        <span>2023-06-12 09:15</span>
+                                        <span class="text-yellow-500">部分风险未修复</span>
+                                    </div>
+                                    <div class="flex justify-between">
+                                        <span>2023-06-14 16:45</span>
+                                        <span class="text-yellow-500">关键风险仍存在</span>
+                                    </div>
+                                </div>
+                            </div>
+                            <!-- Enhanced Release Decision Section -->
+                            <div class="release-decision">
+                                <div class="flex items-center mb-4">
+                                    <svg class="w-8 h-8 text-red-500 mr-3" fill="none" stroke="currentColor" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg">
+                                        <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z"></path>
+                                    </svg>
+                                    <div>
+                                        <h4 class="text-xl font-bold">发布决策</h4>
+                                        <p class="text-sm text-gray-600">安全团队最终评审结果</p>
+                                    </div>
+                                </div>
+                                <div class="flex items-center mb-3">
+                                    <svg class="w-6 h-6 text-red-500 mr-2" fill="none" stroke="currentColor" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg">
+                                        <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M6 18L18 6M6 6l12 12"></path>
+                                    </svg>
+                                    <span class="font-bold text-lg">拒绝发布</span>
+                                </div>
+                                <div class="bg-white p-4 rounded-lg border border-red-200">
+                                    <h5 class="font-medium mb-2">拒绝原因</h5>
+                                    <ul class="list-disc list-inside text-sm space-y-1">
+                                        <li>存在未修复的高危SQL注入漏洞</li>
+                                        <li>越权访问风险未完全解决</li>
+                                        <li>关键安全测试用例未通过</li>
+                                    </ul>
+                                </div>
+                                <div class="mt-4">
+                                    <h5 class="font-medium mb-2">后续行动</h5>
+                                    <ol class="list-decimal list-inside text-sm space-y-1">
+                                        <li>修复所有高风险安全问题</li>
+                                        <li>重新进行安全测试验证</li>
+                                        <li>重新提交发布申请</li>
+                                    </ol>
+                                </div>
+                                <div class="mt-4 text-sm">
+                                    <p class="text-gray-600">决策人: 安全团队 - 张安全</p>
+                                    <p class="text-gray-600">决策时间: 2023-06-15 10:30</p>
+                                </div>
+                            </div>
+                        </div>
+                    </div>
+                    <!-- Right Panel - Security Analysis -->
+                    <div class="content-panel bg-white">
+                        <h3 class="text-lg font-medium text-gray-800 mb-4">未修复风险分析</h3>
+                        <div class="space-y-4">
+                            <div class="risk-critical p-4 rounded-lg">
+                                <div class="flex justify-between items-start">
+                                    <div>
+                                        <h4 class="font-medium mb-1">需求环节: 越权访问风险</h4>
+                                        <p class="text-sm text-gray-600">用户权限控制不足</p>
+                                    </div>
+                                    <span class="bg-red-600 text-white text-xs px-2 py-0.5 rounded-full">未修复</span>
+                                </div>
+                                <div class="mt-2 text-sm">
+                                    <p>风险描述: 用户权限校验不足，可能导致越权访问敏感数据</p>
+                                    <p class="mt-1">影响范围: 补贴审批、订单查询等核心功能</p>
+                                </div>
+                                <div class="mt-2">
+                                    <p class="text-gray-600">修复进度:</p>
+                                    <div class="w-full bg-gray-200 rounded-full h-2.5 mt-1">
+                                        <div class="bg-red-600 h-2.5 rounded-full" style="width: 20%"></div>
+                                    </div>
+                                    <p class="text-xs mt-1 text-gray-600">仅完成需求分析，未进行代码实现</p>
+                                </div>
+                            </div>
+                            <div class="risk-high p-4 rounded-lg">
+                                <div class="flex justify-between items-start">
+                                    <div>
+                                        <h4 class="font-medium mb-1">代码环节: SQL注入风险</h4>
+                                        <p class="text-sm text-gray-600">OrderService.java</p>
+                                    </div>
+                                    <span class="bg-orange-500 text-white text-xs px-2 py-0.5 rounded-full">部分修复</span>
+                                </div>
+                                <div class="mt-2 text-sm">
+                                    <p>风险描述: 直接拼接SQL语句，存在注入风险</p>
+                                    <p class="mt-1">影响接口: /api/orders?userId={userId}</p>
+                                </div>
+                                <div class="mt-2">
+                                    <p class="text-gray-600">修复进度:</p>
+                                    <div class="w-full bg-gray-200 rounded-full h-2.5 mt-1">
+                                        <div class="bg-orange-500 h-2.5 rounded-full" style="width: 70%"></div>
+                                    </div>
+                                    <p class="text-xs mt-1 text-gray-600">主接口已修复，但部分边缘接口仍存在风险</p>
+                                </div>
+                            </div>
+                            <div class="risk-medium p-4 rounded-lg">
+                                <div class="flex justify-between items-start">
+                                    <div>
+                                        <h4 class="font-medium mb-1">安全测试: 水平越权</h4>
+                                        <p class="text-sm text-gray-600">订单信息越权访问</p>
+                                    </div>
+                                    <span class="bg-yellow-500 text-white text-xs px-2 py-0.5 rounded-full">已修复待验证</span>
+                                </div>
+                                <div class="mt-2 text-sm">
+                                    <p>风险描述: 通过修改orderid参数可访问他人订单信息</p>
+                                    <p class="mt-1">影响接口: /api/orders/{orderId}</p>
+                                </div>
+                                <div class="mt-2">
+                                    <p class="text-gray-600">修复进度:</p>
+                                    <div class="w-full bg-gray-200 rounded-full h-2.5 mt-1">
+                                        <div class="bg-yellow-500 h-2.5 rounded-full" style="width: 90%"></div>
+                                    </div>
+                                    <p class="text-xs mt-1 text-gray-600">代码已修复，等待安全团队验证</p>
+                                </div>
+                            </div>
+                        </div>
+                    </div>
+                </div>
+            </div>
+            <!-- Production Monitoring Tab -->
+            <div id="production" class="tab-content">
+                <div class="content-container">
+                    <!-- Left Panel - Production Content -->
+                    <div class="content-panel bg-white">
+                        <h3 class="text-lg font-medium text-gray-800 mb-4">线上监控数据</h3>
+                        <div class="space-y-6">
+                            <div>
+                                <h4 class="font-medium mb-2">安全事件记录</h4>
+                                <div class="border rounded-lg overflow-hidden">
+                                    <table class="min-w-full divide-y divide-gray-200">
+                                        <thead class="bg-gray-50">
+                                            <tr>
+                                                <th class="px-4 py-2 text-left text-xs font-medium text-gray-500 uppercase">时间</th>
+                                                <th class="px-4 py-2 text-left text-xs font-medium text-gray-500 uppercase">事件类型</th>
+                                                <th class="px-4 py-2 text-left text-xs font-medium text-gray-500 uppercase">状态</th>
+                                            </tr>
+                                        </thead>
+                                        <tbody class="bg-white divide-y divide-gray-200">
+                                            <tr>
+                                                <td class="px-4 py-2 whitespace-nowrap text-sm text-gray-900">2023-06-08 03:15</td>
+                                                <td class="px-4 py-2 whitespace-nowrap text-sm text-gray-900">异常登录尝试</td>
+                                                <td class="px-4 py-2 whitespace-nowrap">
+                                                    <span class="px-2 py-1 text-xs rounded-full bg-green-100 text-green-800">已处理</span>
+                                                </td>
+                                            </tr>
+                                            <tr>
+                                                <td class="px-4 py-2 whitespace-nowrap text-sm text-gray-900">2023-06-10 14:30</td>
+                                                <td class="px-4 py-2 whitespace-nowrap text-sm text-gray-900">SQL注入攻击</td>
+                                                <td class="px-4 py-2 whitespace-nowrap">
+                                                    <span class="px-2 py-1 text-xs rounded-full bg-red-100 text-red-800">待修复</span>
+                                                </td>
+                                            </tr>
+                                            <tr>
+                                                <td class="px-4 py-2 whitespace-nowrap text-sm text-gray-900">2023-06-12 09:15</td>
+                                                <td class="px-4 py-2 whitespace-nowrap text-sm text-gray-900">批量订单查询</td>
+                                                <td class="px-4 py-2 whitespace-nowrap">
+                                                    <span class="px-2 py-1 text-xs rounded-full bg-yellow-100 text-yellow-800">监控中</span>
+                                                </td>
+                                            </tr>
+                                        </tbody>
+                                    </table>
+                                </div>
+                            </div>
+                            <!-- Added Vulnerability Status Module -->
+                            <div>
+                                <h4 class="font-medium mb-2">漏洞及修复状态</h4>
+                                <div class="border rounded-lg p-4">
+                                    <div class="space-y-4">
+                                        <div class="vulnerability-item">
+                                            <div class="flex justify-between items-center">
+                                                <h5 class="font-medium">SQL注入漏洞</h5>
+                                                <span class="px-2 py-1 text-xs rounded-full bg-red-100 text-red-800">未修复</span>
+                                            </div>
+                                            <p class="text-sm text-gray-600 mt-1">影响接口: /api/orders?userId={userId}</p>
+                                            <div class="mt-2">
+                                                <p class="text-xs text-gray-500">发现时间: 2023-06-10</p>
+                                                <p class="text-xs text-gray-500">最后检测: 2023-06-15</p>
+                                            </div>
+                                        </div>
+                                        <div class="vulnerability-item">
+                                            <div class="flex justify-between items-center">
+                                                <h5 class="font-medium">越权访问漏洞</h5>
+                                                <span class="px-2 py-1 text-xs rounded-full bg-yellow-100 text-yellow-800">修复中</span>
+                                            </div>
+                                            <p class="text-sm text-gray-600 mt-1">影响接口: /api/orders/{orderId}</p>
+                                            <div class="mt-2">
+                                                <p class="text-xs text-gray-500">发现时间: 2023-06-08</p>
+                                                <p class="text-xs text-gray-500">预计修复: 2023-06-20</p>
+                                            </div>
+                                        </div>
+                                        <div class="vulnerability-item">
+                                            <div class="flex justify-between items-center">
+                                                <h5 class="font-medium">敏感信息泄露</h5>
+                                                <span class="px-2 py-1 text-xs rounded-full bg-green-100 text-green-800">已修复</span>
+                                            </div>
+                                            <p class="text-sm text-gray-600 mt-1">影响接口: /api/user/profile</p>
+                                            <div class="mt-2">
+                                                <p class="text-xs text-gray-500">发现时间: 2023-06-05</p>
+                                                <p class="text-xs text-gray-500">修复时间: 2023-06-12</p>
+                                            </div>
+                                        </div>
+                                    </div>
+                                </div>
+                            </div>
+                        </div>
+                    </div>
+                    <!-- Right Panel - Security Analysis -->
+                    <div class="content-panel bg-white">
+                        <h3 class="text-lg font-medium text-gray-800 mb-4">线上风险分析</h3>
+                        <div class="space-y-4">
+                            <div class="risk-critical p-4 rounded-lg">
+                                <div class="flex justify-between items-start">
+                                    <div>
+                                        <h4 class="font-medium mb-1">SQL注入攻击</h4>
+                                        <p class="text-sm text-gray-600">2023-06-10 14:30</p>
+                                    </div>
+                                    <span class="bg-red-600 text-white text-xs px-2 py-0.5 rounded-full">高危</span>
+                                </div>
+                                <div class="mt-2 text-sm">
+                                    <p>攻击描述: 攻击者尝试通过userId参数注入SQL命令</p>
+                                    <p class="mt-1">攻击Payload: <code class="bg-gray-100 px-1 rounded">user1' UNION SELECT 1,username,password FROM users--</code></p>
+                                    <p class="mt-1">影响范围: 订单查询接口</p>
+                                </div>
+                                <div class="mt-2">
+                                    <p class="text-gray-600">修复情况:</p>
+                                    <div class="flex items-center mt-1">
+                                        <svg class="w-5 h-5 text-yellow-500 mr-1" fill="none" stroke="currentColor" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg">
+                                            <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z"></path>
+                                        </svg>
+                                        <span>已热修复，待版本更新</span>
+                                    </div>
+                                </div>
+                            </div>
+                            <div class="risk-high p-4 rounded-lg">
+                                <div class="flex justify-between items-start">
+                                    <div>
+                                        <h4 class="font-medium mb-1">批量订单查询</h4>
+                                        <p class="text-sm text-gray-600">2023-06-12 09:15</p>
+                                    </div>
+                                    <span class="bg-orange-500 text-white text-xs px-2 py-0.5 rounded-full">中高危</span>
+                                </div>
+                                <div class="mt-2 text-sm">
+                                    <p>攻击描述: 同一IP在短时间内发起大量订单查询请求</p>
+                                    <p class="mt-1">请求频率: 120次/分钟</p>
+                                    <p class="mt-1">影响范围: 订单查询接口</p>
+                                </div>
+                                <div class="mt-2">
+                                    <p class="text-gray-600">处理措施:</p>
+                                    <ol class="list-decimal list-inside text-sm space-y-1 mt-1">
+                                        <li>已临时封禁攻击IP</li>
+                                        <li>增加接口频率限制(60次/分钟)</li>
+                                        <li>增加异常行为监控告警</li>
+                                    </ol>
+                                </div>
+                            </div>
+                            <div class="risk-medium p-4 rounded-lg">
+                                <div class="flex justify-between items-start">
+                                    <div>
+                                        <h4 class="font-medium mb-1">异常登录尝试</h4>
+                                        <p class="text-sm text-gray-600">2023-06-08 03:15</p>
+                                    </div>
+                                    <span class="bg-yellow-500 text-white text-xs px-2 py-0.5 rounded-full">中危</span>
+                                </div>
+                                <div class="mt-2 text-sm">
+                                    <p>攻击描述: 来自异常地理位置的登录尝试</p>
+                                    <p class="mt-1">攻击IP: 192.168.34.56 (俄罗斯)</p>
+                                    <p class="mt-1">攻击方式: 密码爆破</p>
+                                </div>
+                                <div class="mt-2">
+                                    <p class="text-gray-600">处理结果:</p>
+                                    <div class="flex items-center mt-1">
+                                        <svg class="w-5 h-5 text-green-500 mr-1" fill="none" stroke="currentColor" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg">
+                                            <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M5 13l4 4L19 7"></path>
+                                        </svg>
+                                        <span>已阻止，账户安全</span>
+                                    </div>
+                                </div>
+                            </div>
+                        </div>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </div>
+    <script>
+        // Initialize Mermaid with proper configuration
+        mermaid.initialize({
+            startOnLoad: true,
+            theme: 'default',
+            flowchart: {
+                useMaxWidth: true,
+                htmlLabels: true
+            },
+            securityLevel: 'loose',
+            themeCSS: `
+                .risk-marker {
+                    fill: #ef4444;
+                    stroke: #ef4444;
+                }
+            `
+        });
+        // Re-render Mermaid diagrams when tab is switched
+        function renderMermaidDiagrams() {
+            const mermaidElements = document.querySelectorAll('.mermaid');
+            mermaidElements.forEach(el => {
+                // Only render if not already rendered
+                if (!el.querySelector('svg')) {
+                    const graphDefinition = el.textContent.trim();
+                    try {
+                        mermaid.init(undefined, el);
+                    } catch (e) {
+                        console.error('Mermaid rendering error:', e);
+                    }
+                }
+            });
+        }
+        // Initialize Highlight.js
+        document.addEventListener('DOMContentLoaded', (event) => {
+            document.querySelectorAll('pre code').forEach((el) => {
+                hljs.highlightElement(el);
+            });
+            // Initial render of Mermaid diagrams
+            renderMermaidDiagrams();
+        });
+        // Switch tabs
+        function switchTab(tabId) {
+            // Hide all tab contents
+            document.querySelectorAll('.tab-content').forEach(tab => {
+                tab.classList.remove('active');
+            });
+            // Remove active class from all tabs
+            document.querySelectorAll('.nav-tabs button').forEach(tab => {
+                tab.classList.remove('active');
+            });
+            // Show selected tab content
+            document.getElementById(tabId).classList.add('active');
+            // Add active class to clicked tab
+            event.currentTarget.classList.add('active');
+            // Render Mermaid diagrams in the newly shown tab
+            setTimeout(renderMermaidDiagrams, 100);
+        }
+        // Highlight text in requirements
+        function highlightText(text) {
+            const elements = document.querySelectorAll('.highlight-risk');
+            elements.forEach(el => {
+                el.classList.remove('highlight-risk');
+            });
+            // Simple text matching for demonstration
+            const allElements = document.querySelectorAll('#requirements p, #requirements h4');
+            allElements.forEach(el => {
+                if (el.textContent.includes(text)) {
+                    el.classList.add('highlight-risk');
+                    el.scrollIntoView({ behavior: 'smooth', block: 'center' });
+                }
+            });
+        }
+        // Highlight code line
+        function highlightCode(lineId) {
+            const elements = document.querySelectorAll('.vulnerable-line');
+            elements.forEach(el => {
+                el.classList.remove('vulnerable-line-highlight');
+            });
+            const targetElement = document.getElementById(lineId);
+            if (targetElement) {
+                targetElement.classList.add('vulnerable-line-highlight');
+                targetElement.scrollIntoView({ behavior: 'smooth', block: 'center' });
+            }
+        }
+    </script>
+<p style="border-radius: 8px; text-align: center; font-size: 12px; color: #fff; margin-top: 16px;position: fixed; left: 8px; bottom: 8px; z-index: 10; background: rgba(0, 0, 0, 0.8); padding: 4px 8px;">Made with <img src="https://enzostvs-deepsite.hf.space/logo.svg" alt="DeepSite Logo" style="width: 16px; height: 16px; vertical-align: middle;display:inline-block;margin-right:3px;filter:brightness(0) invert(1);"><a href="https://enzostvs-deepsite.hf.space" style="color: #fff;text-decoration: underline;" target="_blank" >DeepSite</a> - 🧬 <a href="https://enzostvs-deepsite.hf.space?remix=capta1n/project9" style="color: #fff;text-decoration: underline;" target="_blank" >Remix</a></p></body>
+</html>

prompts.txt ADDED Viewed

	@@ -0,0 +1 @@


1	+ 项目概要模块增加以下内容：1、应用名称：soc-AI-SDL 2、代码分支地址：git@gitlab.alibaba-inc.com:soc-AI-SDL/soc-AI-SDL.git::/feature/20250414_24651171_tmp_1_stage_1 发布检查模块：突出发布决策内容模块线上监控模块：1、增加漏洞及修复状态模块 2、删除风险趋势模块