CodeReview/backend/app/services/agent/knowledge/vulnerabilities/__init__.py

"""
漏洞类型知识模块

包含各种漏洞类型的专业知识
"""

from .injection import SQL_INJECTION, NOSQL_INJECTION, COMMAND_INJECTION, CODE_INJECTION
from .xss import XSS_REFLECTED, XSS_STORED, XSS_DOM
from .auth import AUTH_BYPASS, IDOR, BROKEN_ACCESS_CONTROL
from .crypto import WEAK_CRYPTO, HARDCODED_SECRETS
from .ssrf import SSRF
from .deserialization import INSECURE_DESERIALIZATION
from .path_traversal import PATH_TRAVERSAL
from .xxe import XXE
from .race_condition import RACE_CONDITION

# 所有漏洞知识文档
ALL_VULNERABILITY_DOCS = [
    # 注入类
    SQL_INJECTION,
    NOSQL_INJECTION,
    COMMAND_INJECTION,
    CODE_INJECTION,
    # XSS类
    XSS_REFLECTED,
    XSS_STORED,
    XSS_DOM,
    # 认证授权类
    AUTH_BYPASS,
    IDOR,
    BROKEN_ACCESS_CONTROL,
    # 加密类
    WEAK_CRYPTO,
    HARDCODED_SECRETS,
    # 其他
    SSRF,
    INSECURE_DESERIALIZATION,
    PATH_TRAVERSAL,
    XXE,
    RACE_CONDITION,
]

__all__ = [
    "ALL_VULNERABILITY_DOCS",
    "SQL_INJECTION",
    "NOSQL_INJECTION", 
    "COMMAND_INJECTION",
    "CODE_INJECTION",
    "XSS_REFLECTED",
    "XSS_STORED",
    "XSS_DOM",
    "AUTH_BYPASS",
    "IDOR",
    "BROKEN_ACCESS_CONTROL",
    "WEAK_CRYPTO",
    "HARDCODED_SECRETS",
    "SSRF",
    "INSECURE_DESERIALIZATION",
    "PATH_TRAVERSAL",
    "XXE",
    "RACE_CONDITION",
]
feat(agent): implement comprehensive agent architecture with knowledge base and persistence layer - Add database migrations for agent checkpoints and tree node tracking - Implement core agent execution framework with executor, state management, and message handling - Create knowledge base system with framework-specific modules (Django, FastAPI, Flask, Express, React, Supabase) - Add vulnerability knowledge modules covering authentication, cryptography, injection, XSS, XXE, SSRF, path traversal, deserialization, and race conditions - Introduce new agent tools: thinking tool, reporting tool, and agent-specific utilities - Implement LLM memory compression and prompt caching for improved performance - Add agent registry and persistence layer for checkpoint management - Refactor agent implementations (analysis, recon, verification, orchestrator) with enhanced capabilities - Remove legacy agent implementations (analysis_v2, react_agent) - Update API endpoints for agent task creation and project management - Add frontend components for agent task creation and enhanced audit UI - Consolidate agent service architecture with improved separation of concerns - This refactoring provides a scalable foundation for multi-agent collaboration with knowledge-driven decision making and state persistence 2025-12-12 15:27:12 +08:00			`"""`
			`漏洞类型知识模块`

			`包含各种漏洞类型的专业知识`
			`"""`

			`from .injection import SQL_INJECTION, NOSQL_INJECTION, COMMAND_INJECTION, CODE_INJECTION`
			`from .xss import XSS_REFLECTED, XSS_STORED, XSS_DOM`
			`from .auth import AUTH_BYPASS, IDOR, BROKEN_ACCESS_CONTROL`
			`from .crypto import WEAK_CRYPTO, HARDCODED_SECRETS`
			`from .ssrf import SSRF`
			`from .deserialization import INSECURE_DESERIALIZATION`
			`from .path_traversal import PATH_TRAVERSAL`
			`from .xxe import XXE`
			`from .race_condition import RACE_CONDITION`

			`# 所有漏洞知识文档`
			`ALL_VULNERABILITY_DOCS = [`
			`# 注入类`
			`SQL_INJECTION,`
			`NOSQL_INJECTION,`
			`COMMAND_INJECTION,`
			`CODE_INJECTION,`
			`# XSS类`
			`XSS_REFLECTED,`
			`XSS_STORED,`
			`XSS_DOM,`
			`# 认证授权类`
			`AUTH_BYPASS,`
			`IDOR,`
			`BROKEN_ACCESS_CONTROL,`
			`# 加密类`
			`WEAK_CRYPTO,`
			`HARDCODED_SECRETS,`
			`# 其他`
			`SSRF,`
			`INSECURE_DESERIALIZATION,`
			`PATH_TRAVERSAL,`
			`XXE,`
			`RACE_CONDITION,`
			`]`

			`__all__ = [`
			`"ALL_VULNERABILITY_DOCS",`
			`"SQL_INJECTION",`
			`"NOSQL_INJECTION",`
			`"COMMAND_INJECTION",`
			`"CODE_INJECTION",`
			`"XSS_REFLECTED",`
			`"XSS_STORED",`
			`"XSS_DOM",`
			`"AUTH_BYPASS",`
			`"IDOR",`
			`"BROKEN_ACCESS_CONTROL",`
			`"WEAK_CRYPTO",`
			`"HARDCODED_SECRETS",`
			`"SSRF",`
			`"INSECURE_DESERIALIZATION",`
			`"PATH_TRAVERSAL",`
			`"XXE",`
			`"RACE_CONDITION",`
			`]`