From 3210bc727f998d0ddbaa4c806a92a0ce2f9687e1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=85=AC=E6=98=8E?= <83812544+Ed1s0nZ@users.noreply.github.com> Date: Fri, 3 Jul 2026 10:48:38 +0800 Subject: [PATCH] Add files via upload --- internal/database/database.go | 23 ++++++++++++++---- internal/database/vulnerability.go | 38 +++++++++++++++++++----------- 2 files changed, 42 insertions(+), 19 deletions(-) diff --git a/internal/database/database.go b/internal/database/database.go index 98e92425..13a6605c 100644 --- a/internal/database/database.go +++ b/internal/database/database.go @@ -5,8 +5,8 @@ import ( "fmt" "os" "path/filepath" - "sync" "strings" + "sync" "time" _ "github.com/mattn/go-sqlite3" @@ -388,9 +388,12 @@ func (db *DB) initTables() error { status TEXT NOT NULL DEFAULT 'open', vulnerability_type TEXT, target TEXT, - proof TEXT, + preconditions TEXT, + reproduction_steps TEXT, + evidence TEXT, impact TEXT, recommendation TEXT, + retest_notes TEXT, created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, updated_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, project_id TEXT, @@ -1224,9 +1227,12 @@ func (db *DB) migrateVulnerabilitiesConversationFK() error { status TEXT NOT NULL DEFAULT 'open', vulnerability_type TEXT, target TEXT, - proof TEXT, + preconditions TEXT, + reproduction_steps TEXT, + evidence TEXT, impact TEXT, recommendation TEXT, + retest_notes TEXT, created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, updated_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, project_id TEXT, @@ -1239,12 +1245,15 @@ func (db *DB) migrateVulnerabilitiesConversationFK() error { const copyRows = ` INSERT INTO vulnerabilities_new ( id, conversation_id, conversation_tag, task_tag, title, description, - severity, status, vulnerability_type, target, proof, impact, recommendation, + severity, status, vulnerability_type, target, preconditions, reproduction_steps, + evidence, impact, recommendation, retest_notes, created_at, updated_at, project_id ) SELECT id, conversation_id, conversation_tag, task_tag, title, description, - severity, status, vulnerability_type, target, proof, impact, recommendation, + severity, status, vulnerability_type, target, + COALESCE(preconditions, ''), COALESCE(reproduction_steps, ''), + COALESCE(evidence, ''), impact, recommendation, COALESCE(retest_notes, ''), created_at, updated_at, project_id FROM vulnerabilities;` if _, err := tx.Exec(copyRows); err != nil { @@ -1315,6 +1324,10 @@ func (db *DB) migrateVulnerabilitiesTable() error { {name: "conversation_tag", stmt: "ALTER TABLE vulnerabilities ADD COLUMN conversation_tag TEXT"}, {name: "task_tag", stmt: "ALTER TABLE vulnerabilities ADD COLUMN task_tag TEXT"}, {name: "project_id", stmt: "ALTER TABLE vulnerabilities ADD COLUMN project_id TEXT"}, + {name: "preconditions", stmt: "ALTER TABLE vulnerabilities ADD COLUMN preconditions TEXT"}, + {name: "reproduction_steps", stmt: "ALTER TABLE vulnerabilities ADD COLUMN reproduction_steps TEXT"}, + {name: "evidence", stmt: "ALTER TABLE vulnerabilities ADD COLUMN evidence TEXT"}, + {name: "retest_notes", stmt: "ALTER TABLE vulnerabilities ADD COLUMN retest_notes TEXT"}, } for _, col := range columns { diff --git a/internal/database/vulnerability.go b/internal/database/vulnerability.go index 6523310e..c7bef02a 100644 --- a/internal/database/vulnerability.go +++ b/internal/database/vulnerability.go @@ -72,14 +72,17 @@ func (f VulnerabilityListFilter) appendWhere(query string, args []interface{}) ( LOWER(COALESCE(description, '')) LIKE LOWER(?) OR LOWER(COALESCE(vulnerability_type, '')) LIKE LOWER(?) OR LOWER(COALESCE(target, '')) LIKE LOWER(?) OR - LOWER(COALESCE(proof, '')) LIKE LOWER(?) OR + LOWER(COALESCE(preconditions, '')) LIKE LOWER(?) OR + LOWER(COALESCE(reproduction_steps, '')) LIKE LOWER(?) OR + LOWER(COALESCE(evidence, '')) LIKE LOWER(?) OR LOWER(COALESCE(impact, '')) LIKE LOWER(?) OR LOWER(COALESCE(recommendation, '')) LIKE LOWER(?) OR + LOWER(COALESCE(retest_notes, '')) LIKE LOWER(?) OR LOWER(COALESCE(conversation_id, '')) LIKE LOWER(?) OR LOWER(COALESCE(conversation_tag, '')) LIKE LOWER(?) OR LOWER(COALESCE(task_tag, '')) LIKE LOWER(?) )` - for i := 0; i < 11; i++ { + for i := 0; i < 14; i++ { args = append(args, pattern) } } @@ -101,9 +104,12 @@ type Vulnerability struct { Status string `json:"status"` // open, confirmed, fixed, false_positive, ignored Type string `json:"type"` Target string `json:"target"` - Proof string `json:"proof"` + Preconditions string `json:"preconditions"` + ReproSteps string `json:"reproduction_steps"` + Evidence string `json:"evidence"` Impact string `json:"impact"` Recommendation string `json:"recommendation"` + RetestNotes string `json:"retest_notes"` CreatedAt time.Time `json:"created_at"` UpdatedAt time.Time `json:"updated_at"` } @@ -131,16 +137,16 @@ func (db *DB) CreateVulnerability(vuln *Vulnerability) (*Vulnerability, error) { query := ` INSERT INTO vulnerabilities ( id, conversation_id, project_id, conversation_tag, task_tag, title, description, severity, status, - vulnerability_type, target, proof, impact, recommendation, + vulnerability_type, target, preconditions, reproduction_steps, evidence, impact, recommendation, retest_notes, created_at, updated_at - ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) + ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) ` _, err := db.Exec( query, vuln.ID, nullIfEmpty(vuln.ConversationID), nullIfEmpty(vuln.ProjectID), vuln.ConversationTag, vuln.TaskTag, vuln.Title, vuln.Description, vuln.Severity, vuln.Status, vuln.Type, vuln.Target, - vuln.Proof, vuln.Impact, vuln.Recommendation, + vuln.Preconditions, vuln.ReproSteps, vuln.Evidence, vuln.Impact, vuln.Recommendation, vuln.RetestNotes, vuln.CreatedAt, vuln.UpdatedAt, ) if err != nil { @@ -155,7 +161,9 @@ func (db *DB) GetVulnerability(id string) (*Vulnerability, error) { var vuln Vulnerability query := ` SELECT id, COALESCE(conversation_id,''), COALESCE(project_id,''), title, description, severity, status, - conversation_tag, task_tag, vulnerability_type, target, proof, impact, recommendation, + conversation_tag, task_tag, vulnerability_type, target, + COALESCE(preconditions,''), COALESCE(reproduction_steps,''), COALESCE(evidence,''), + impact, recommendation, COALESCE(retest_notes,''), COALESCE((SELECT bt.id FROM batch_tasks bt WHERE bt.conversation_id = vulnerabilities.conversation_id LIMIT 1), '') AS task_id, COALESCE((SELECT bt.queue_id FROM batch_tasks bt WHERE bt.conversation_id = vulnerabilities.conversation_id LIMIT 1), '') AS task_queue_id, created_at, updated_at @@ -166,7 +174,7 @@ func (db *DB) GetVulnerability(id string) (*Vulnerability, error) { err := db.QueryRow(query, id).Scan( &vuln.ID, &vuln.ConversationID, &vuln.ProjectID, &vuln.Title, &vuln.Description, &vuln.Severity, &vuln.Status, &vuln.ConversationTag, &vuln.TaskTag, &vuln.Type, &vuln.Target, - &vuln.Proof, &vuln.Impact, &vuln.Recommendation, + &vuln.Preconditions, &vuln.ReproSteps, &vuln.Evidence, &vuln.Impact, &vuln.Recommendation, &vuln.RetestNotes, &vuln.TaskID, &vuln.TaskQueueID, &vuln.CreatedAt, &vuln.UpdatedAt, ) @@ -184,7 +192,9 @@ func (db *DB) GetVulnerability(id string) (*Vulnerability, error) { func (db *DB) ListVulnerabilities(limit, offset int, filter VulnerabilityListFilter) ([]*Vulnerability, error) { query := ` SELECT id, COALESCE(conversation_id,''), COALESCE(project_id,''), title, description, severity, status, conversation_tag, task_tag, - vulnerability_type, target, proof, impact, recommendation, + vulnerability_type, target, + COALESCE(preconditions,''), COALESCE(reproduction_steps,''), COALESCE(evidence,''), + impact, recommendation, COALESCE(retest_notes,''), COALESCE((SELECT bt.id FROM batch_tasks bt WHERE bt.conversation_id = vulnerabilities.conversation_id LIMIT 1), '') AS task_id, COALESCE((SELECT bt.queue_id FROM batch_tasks bt WHERE bt.conversation_id = vulnerabilities.conversation_id LIMIT 1), '') AS task_queue_id, created_at, updated_at @@ -209,7 +219,7 @@ func (db *DB) ListVulnerabilities(limit, offset int, filter VulnerabilityListFil err := rows.Scan( &vuln.ID, &vuln.ConversationID, &vuln.ProjectID, &vuln.Title, &vuln.Description, &vuln.Severity, &vuln.Status, &vuln.ConversationTag, &vuln.TaskTag, &vuln.Type, &vuln.Target, - &vuln.Proof, &vuln.Impact, &vuln.Recommendation, + &vuln.Preconditions, &vuln.ReproSteps, &vuln.Evidence, &vuln.Impact, &vuln.Recommendation, &vuln.RetestNotes, &vuln.TaskID, &vuln.TaskQueueID, &vuln.CreatedAt, &vuln.UpdatedAt, ) @@ -245,16 +255,16 @@ func (db *DB) UpdateVulnerability(id string, vuln *Vulnerability) error { query := ` UPDATE vulnerabilities SET project_id = ?, conversation_tag = ?, task_tag = ?, title = ?, description = ?, severity = ?, status = ?, - vulnerability_type = ?, target = ?, proof = ?, impact = ?, - recommendation = ?, updated_at = ? + vulnerability_type = ?, target = ?, preconditions = ?, reproduction_steps = ?, evidence = ?, impact = ?, + recommendation = ?, retest_notes = ?, updated_at = ? WHERE id = ? ` _, err := db.Exec( query, nullIfEmpty(vuln.ProjectID), vuln.ConversationTag, vuln.TaskTag, vuln.Title, vuln.Description, vuln.Severity, vuln.Status, - vuln.Type, vuln.Target, vuln.Proof, vuln.Impact, - vuln.Recommendation, vuln.UpdatedAt, id, + vuln.Type, vuln.Target, vuln.Preconditions, vuln.ReproSteps, vuln.Evidence, vuln.Impact, + vuln.Recommendation, vuln.RetestNotes, vuln.UpdatedAt, id, ) if err != nil { return fmt.Errorf("更新漏洞失败: %w", err)