Hugging Face's logo

Spaces:
hackaigc
/
sdl2-0
Running

App Files Community
hackaigc commited on
Commit
7099514
·
verified ·
1 Parent(s): 05eea73

Add 3 files

Browse files
Files changed (3) hide show
  1. README.md +7 -5
  2. index.html +1208 -19
  3. prompts.txt +1 -0
README.md CHANGED
@@ -1,10 +1,12 @@
1
  ---
2
- title: Sdl2 0
3
- emoji: 🐠
4
- colorFrom: red
5
- colorTo: purple
6
  sdk: static
7
  pinned: false
 
 
8
  ---
9
 
10
- Check out the configuration reference at https://huggingface.co/docs/hub/spaces-config-reference
 
1
  ---
2
+ title: sdl2-0
3
+ emoji: 🐳
4
+ colorFrom: gray
5
+ colorTo: green
6
  sdk: static
7
  pinned: false
8
+ tags:
9
+ - deepsite
10
  ---
11
 
12
+ Check out the configuration reference at https://huggingface.co/docs/hub/spaces-config-reference
index.html CHANGED
@@ -1,19 +1,1208 @@
1
- <!doctype html>
2
- <html>
3
- <head>
4
- <meta charset="utf-8" />
5
- <meta name="viewport" content="width=device-width" />
6
- <title>My static Space</title>
7
- <link rel="stylesheet" href="style.css" />
8
- </head>
9
- <body>
10
- <div class="card">
11
- <h1>Welcome to your static Space!</h1>
12
- <p>You can modify this app directly by editing <i>index.html</i> in the Files and versions tab.</p>
13
- <p>
14
- Also don't forget to check the
15
- <a href="https://huggingface.co/docs/hub/spaces" target="_blank">Spaces documentation</a>.
16
- </p>
17
- </div>
18
- </body>
19
- </html>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <!DOCTYPE html>
2
+ <html lang="en">
3
+ <head>
4
+ <meta charset="UTF-8">
5
+ <meta name="viewport" content="width=device-width, initial-scale=1.0">
6
+ <title>AI SDL Digital Twin Dashboard</title>
7
+ <script src="https://cdn.tailwindcss.com"></script>
8
+ <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css">
9
+ <style>
10
+ @keyframes pulse {
11
+ 0%, 100% { opacity: 1; }
12
+ 50% { opacity: 0.5; }
13
+ }
14
+ .pulse-animation {
15
+ animation: pulse 2s infinite;
16
+ }
17
+ .analysis-process {
18
+ height: 400px;
19
+ overflow-y: auto;
20
+ border: 1px solid #e5e7eb;
21
+ border-radius: 0.5rem;
22
+ padding: 1rem;
23
+ background-color: #f9fafb;
24
+ }
25
+ .code-block {
26
+ font-family: monospace;
27
+ background-color: #1e293b;
28
+ color: #f8fafc;
29
+ padding: 1rem;
30
+ border-radius: 0.5rem;
31
+ overflow-x: auto;
32
+ }
33
+ .risk-high {
34
+ border-left: 4px solid #ef4444;
35
+ }
36
+ .risk-medium {
37
+ border-left: 4px solid #f59e0b;
38
+ }
39
+ .risk-low {
40
+ border-left: 4px solid #10b981;
41
+ }
42
+ .avatar-pulse {
43
+ box-shadow: 0 0 0 0 rgba(59, 130, 246, 1);
44
+ transform: scale(1);
45
+ animation: avatar-pulse 2s infinite;
46
+ }
47
+ @keyframes avatar-pulse {
48
+ 0% {
49
+ transform: scale(0.95);
50
+ box-shadow: 0 0 0 0 rgba(59, 130, 246, 0.7);
51
+ }
52
+ 70% {
53
+ transform: scale(1);
54
+ box-shadow: 0 0 0 10px rgba(59, 130, 246, 0);
55
+ }
56
+ 100% {
57
+ transform: scale(0.95);
58
+ box-shadow: 0 0 0 0 rgba(59, 130, 246, 0);
59
+ }
60
+ }
61
+ .chat-container {
62
+ height: 500px;
63
+ display: flex;
64
+ flex-direction: column;
65
+ }
66
+ .chat-messages {
67
+ flex: 1;
68
+ overflow-y: auto;
69
+ padding: 1rem;
70
+ }
71
+ .chat-input {
72
+ padding: 1rem;
73
+ border-top: 1px solid #e5e7eb;
74
+ }
75
+ .message-ai {
76
+ background-color: #f3f4f6;
77
+ border-radius: 1rem 1rem 1rem 0;
78
+ padding: 0.75rem 1rem;
79
+ margin-bottom: 0.5rem;
80
+ max-width: 80%;
81
+ align-self: flex-start;
82
+ }
83
+ .message-user {
84
+ background-color: #3b82f6;
85
+ color: white;
86
+ border-radius: 1rem 1rem 0 1rem;
87
+ padding: 0.75rem 1rem;
88
+ margin-bottom: 0.5rem;
89
+ max-width: 80%;
90
+ align-self: flex-end;
91
+ }
92
+ .slide-in {
93
+ animation: slideIn 0.3s ease-out;
94
+ }
95
+ @keyframes slideIn {
96
+ from {
97
+ transform: translateY(20px);
98
+ opacity: 0;
99
+ }
100
+ to {
101
+ transform: translateY(0);
102
+ opacity: 1;
103
+ }
104
+ }
105
+ </style>
106
+ </head>
107
+ <body class="bg-gray-50">
108
+ <!-- Navigation -->
109
+ <nav class="bg-white shadow-sm">
110
+ <div class="max-w-7xl mx-auto px-4 sm:px-6 lg:px-8">
111
+ <div class="flex justify-between h-16">
112
+ <div class="flex items-center">
113
+ <div class="flex-shrink-0 flex items-center">
114
+ <i class="fas fa-robot text-blue-500 text-2xl mr-2"></i>
115
+ <span class="text-xl font-bold text-gray-900">AI SDL Digital Twin</span>
116
+ </div>
117
+ </div>
118
+ <div class="hidden sm:ml-6 sm:flex sm:items-center">
119
+ <div class="ml-4 flex items-center md:ml-6">
120
+ <button class="p-1 rounded-full text-gray-400 hover:text-gray-500 focus:outline-none">
121
+ <i class="fas fa-bell h-6 w-6"></i>
122
+ </button>
123
+ <div class="ml-3 relative">
124
+ <div>
125
+ <button type="button" class="max-w-xs bg-white flex items-center text-sm rounded-full focus:outline-none">
126
+ <span class="sr-only">Open user menu</span>
127
+ <img class="h-8 w-8 rounded-full" src="https://images.unsplash.com/photo-1472099645785-5658abf4ff4e?ixlib=rb-1.2.1&ixid=eyJhcHBfaWQiOjEyMDd9&auto=format&fit=facearea&facepad=2&w=256&h=256&q=80" alt="">
128
+ </button>
129
+ </div>
130
+ </div>
131
+ </div>
132
+ </div>
133
+ </div>
134
+ </div>
135
+ </nav>
136
+
137
+ <!-- Main Content -->
138
+ <div class="max-w-7xl mx-auto px-4 sm:px-6 lg:px-8 py-6">
139
+ <!-- Dashboard View -->
140
+ <div id="dashboard-view">
141
+ <div class="flex justify-between items-center mb-6">
142
+ <h1 class="text-2xl font-bold text-gray-900">AI SDL Digital Twin Dashboard</h1>
143
+ <div class="flex items-center">
144
+ <div class="relative avatar-pulse bg-blue-100 rounded-full p-2 mr-2">
145
+ <i class="fas fa-robot text-blue-500 text-xl"></i>
146
+ </div>
147
+ <span class="text-sm text-gray-600">Active analysis in progress</span>
148
+ </div>
149
+ </div>
150
+
151
+ <!-- Stats Overview -->
152
+ <div class="grid grid-cols-1 md:grid-cols-4 gap-4 mb-6">
153
+ <div class="bg-white overflow-hidden shadow rounded-lg">
154
+ <div class="px-4 py-5 sm:p-6">
155
+ <div class="flex items-center">
156
+ <div class="flex-shrink-0 bg-blue-500 rounded-md p-3">
157
+ <i class="fas fa-clipboard-list text-white"></i>
158
+ </div>
159
+ <div class="ml-5 w-0 flex-1">
160
+ <dl>
161
+ <dt class="text-sm font-medium text-gray-500 truncate">Projects Analyzed</dt>
162
+ <dd class="flex items-baseline">
163
+ <div class="text-2xl font-semibold text-gray-900">142</div>
164
+ <div class="ml-2 flex items-baseline text-sm font-semibold text-green-600">
165
+ <i class="fas fa-arrow-up mr-1"></i>
166
+ <span>12%</span>
167
+ </div>
168
+ </dd>
169
+ </dl>
170
+ </div>
171
+ </div>
172
+ </div>
173
+ </div>
174
+ <div class="bg-white overflow-hidden shadow rounded-lg">
175
+ <div class="px-4 py-5 sm:p-6">
176
+ <div class="flex items-center">
177
+ <div class="flex-shrink-0 bg-red-500 rounded-md p-3">
178
+ <i class="fas fa-exclamation-triangle text-white"></i>
179
+ </div>
180
+ <div class="ml-5 w-0 flex-1">
181
+ <dl>
182
+ <dt class="text-sm font-medium text-gray-500 truncate">Active Risks</dt>
183
+ <dd class="flex items-baseline">
184
+ <div class="text-2xl font-semibold text-gray-900">23</div>
185
+ <div class="ml-2 flex items-baseline text-sm font-semibold text-red-600">
186
+ <i class="fas fa-arrow-up mr-1"></i>
187
+ <span>8%</span>
188
+ </div>
189
+ </dd>
190
+ </dl>
191
+ </div>
192
+ </div>
193
+ </div>
194
+ </div>
195
+ <div class="bg-white overflow-hidden shadow rounded-lg">
196
+ <div class="px-4 py-5 sm:p-6">
197
+ <div class="flex items-center">
198
+ <div class="flex-shrink-0 bg-green-500 rounded-md p-3">
199
+ <i class="fas fa-check-circle text-white"></i>
200
+ </div>
201
+ <div class="ml-5 w-0 flex-1">
202
+ <dl>
203
+ <dt class="text-sm font-medium text-gray-500 truncate">Fixed Risks</dt>
204
+ <dd class="flex items-baseline">
205
+ <div class="text-2xl font-semibold text-gray-900">89</div>
206
+ <div class="ml-2 flex items-baseline text-sm font-semibold text-green-600">
207
+ <i class="fas fa-arrow-up mr-1"></i>
208
+ <span>15%</span>
209
+ </div>
210
+ </dd>
211
+ </dl>
212
+ </div>
213
+ </div>
214
+ </div>
215
+ </div>
216
+ <div class="bg-white overflow-hidden shadow rounded-lg">
217
+ <div class="px-4 py-5 sm:p-6">
218
+ <div class="flex items-center">
219
+ <div class="flex-shrink-0 bg-purple-500 rounded-md p-3">
220
+ <i class="fas fa-shield-alt text-white"></i>
221
+ </div>
222
+ <div class="ml-5 w-0 flex-1">
223
+ <dl>
224
+ <dt class="text-sm font-medium text-gray-500 truncate">Security Score</dt>
225
+ <dd class="flex items-baseline">
226
+ <div class="text-2xl font-semibold text-gray-900">87%</div>
227
+ <div class="ml-2 flex items-baseline text-sm font-semibold text-green-600">
228
+ <i class="fas fa-arrow-up mr-1"></i>
229
+ <span>5%</span>
230
+ </div>
231
+ </dd>
232
+ </dl>
233
+ </div>
234
+ </div>
235
+ </div>
236
+ </div>
237
+ </div>
238
+
239
+ <!-- SDL Process Analysis -->
240
+ <div class="mb-8">
241
+ <h2 class="text-lg font-medium text-gray-900 mb-4">SDL Process Analysis</h2>
242
+ <div class="bg-white shadow rounded-lg overflow-hidden">
243
+ <div class="px-4 py-5 sm:p-6">
244
+ <div class="grid grid-cols-1 md:grid-cols-5 gap-4">
245
+ <!-- Requirement Design -->
246
+ <div class="border rounded-lg p-4 hover:shadow-md transition-shadow">
247
+ <div class="flex items-center mb-3">
248
+ <div class="bg-blue-100 p-2 rounded-full mr-3">
249
+ <i class="fas fa-pencil-ruler text-blue-500"></i>
250
+ </div>
251
+ <h3 class="font-medium">Requirement Design</h3>
252
+ </div>
253
+ <div class="text-sm text-gray-600 mb-2">
254
+ <span class="font-medium">Active Analysis:</span> 28 projects
255
+ </div>
256
+ <div class="text-sm text-gray-600 mb-2">
257
+ <span class="font-medium">Risks Found:</span> 5
258
+ </div>
259
+ <div class="mt-4">
260
+ <div class="h-2 bg-gray-200 rounded-full overflow-hidden">
261
+ <div class="h-full bg-blue-500 rounded-full" style="width: 82%"></div>
262
+ </div>
263
+ <div class="text-xs text-gray-500 mt-1">82% secure</div>
264
+ </div>
265
+ </div>
266
+
267
+ <!-- Code Change -->
268
+ <div class="border rounded-lg p-4 hover:shadow-md transition-shadow">
269
+ <div class="flex items-center mb-3">
270
+ <div class="bg-green-100 p-2 rounded-full mr-3">
271
+ <i class="fas fa-code text-green-500"></i>
272
+ </div>
273
+ <h3 class="font-medium">Code Change</h3>
274
+ </div>
275
+ <div class="text-sm text-gray-600 mb-2">
276
+ <span class="font-medium">Active Analysis:</span> 63 projects
277
+ </div>
278
+ <div class="text-sm text-gray-600 mb-2">
279
+ <span class="font-medium">Risks Found:</span> 12
280
+ </div>
281
+ <div class="mt-4">
282
+ <div class="h-2 bg-gray-200 rounded-full overflow-hidden">
283
+ <div class="h-full bg-green-500 rounded-full" style="width: 75%"></div>
284
+ </div>
285
+ <div class="text-xs text-gray-500 mt-1">75% secure</div>
286
+ </div>
287
+ </div>
288
+
289
+ <!-- Security Testing -->
290
+ <div class="border rounded-lg p-4 hover:shadow-md transition-shadow">
291
+ <div class="flex items-center mb-3">
292
+ <div class="bg-yellow-100 p-2 rounded-full mr-3">
293
+ <i class="fas fa-vial text-yellow-500"></i>
294
+ </div>
295
+ <h3 class="font-medium">Security Testing</h3>
296
+ </div>
297
+ <div class="text-sm text-gray-600 mb-2">
298
+ <span class="font-medium">Active Analysis:</span> 42 projects
299
+ </div>
300
+ <div class="text-sm text-gray-600 mb-2">
301
+ <span class="font-medium">Risks Found:</span> 8
302
+ </div>
303
+ <div class="mt-4">
304
+ <div class="h-2 bg-gray-200 rounded-full overflow-hidden">
305
+ <div class="h-full bg-yellow-500 rounded-full" style="width: 68%"></div>
306
+ </div>
307
+ <div class="text-xs text-gray-500 mt-1">68% secure</div>
308
+ </div>
309
+ </div>
310
+
311
+ <!-- Release -->
312
+ <div class="border rounded-lg p-4 hover:shadow-md transition-shadow">
313
+ <div class="flex items-center mb-3">
314
+ <div class="bg-purple-100 p-2 rounded-full mr-3">
315
+ <i class="fas fa-rocket text-purple-500"></i>
316
+ </div>
317
+ <h3 class="font-medium">Release</h3>
318
+ </div>
319
+ <div class="text-sm text-gray-600 mb-2">
320
+ <span class="font-medium">Active Analysis:</span> 15 projects
321
+ </div>
322
+ <div class="text-sm text-gray-600 mb-2">
323
+ <span class="font-medium">Risks Found:</span> 3
324
+ </div>
325
+ <div class="mt-4">
326
+ <div class="h-2 bg-gray-200 rounded-full overflow-hidden">
327
+ <div class="h-full bg-purple-500 rounded-full" style="width: 90%"></div>
328
+ </div>
329
+ <div class="text-xs text-gray-500 mt-1">90% secure</div>
330
+ </div>
331
+ </div>
332
+
333
+ <!-- Online Operation -->
334
+ <div class="border rounded-lg p-4 hover:shadow-md transition-shadow">
335
+ <div class="flex items-center mb-3">
336
+ <div class="bg-red-100 p-2 rounded-full mr-3">
337
+ <i class="fas fa-globe text-red-500"></i>
338
+ </div>
339
+ <h3 class="font-medium">Online Operation</h3>
340
+ </div>
341
+ <div class="text-sm text-gray-600 mb-2">
342
+ <span class="font-medium">Active Analysis:</span> 37 projects
343
+ </div>
344
+ <div class="text-sm text-gray-600 mb-2">
345
+ <span class="font-medium">Risks Found:</span> 7
346
+ </div>
347
+ <div class="mt-4">
348
+ <div class="h-2 bg-gray-200 rounded-full overflow-hidden">
349
+ <div class="h-full bg-red-500 rounded-full" style="width: 65%"></div>
350
+ </div>
351
+ <div class="text-xs text-gray-500 mt-1">65% secure</div>
352
+ </div>
353
+ </div>
354
+ </div>
355
+ </div>
356
+ </div>
357
+ </div>
358
+
359
+ <!-- Risk Alerts -->
360
+ <div class="mb-8">
361
+ <div class="flex justify-between items-center mb-4">
362
+ <h2 class="text-lg font-medium text-gray-900">Risk Alerts</h2>
363
+ <button class="text-sm text-blue-500 hover:text-blue-700">View All</button>
364
+ </div>
365
+ <div class="bg-white shadow rounded-lg overflow-hidden">
366
+ <div class="divide-y divide-gray-200">
367
+ <!-- Alert Item -->
368
+ <div class="p-4 hover:bg-gray-50 cursor-pointer transition-colors" onclick="showProjectDetail('Alipay National Subsidy Project')">
369
+ <div class="flex items-start">
370
+ <div class="flex-shrink-0 pt-1">
371
+ <div class="bg-red-100 p-2 rounded-full">
372
+ <i class="fas fa-exclamation-triangle text-red-500"></i>
373
+ </div>
374
+ </div>
375
+ <div class="ml-3 flex-1">
376
+ <div class="flex items-center justify-between">
377
+ <h3 class="text-sm font-medium text-gray-900">Alipay National Subsidy Project</h3>
378
+ <span class="text-xs text-gray-500">2 min ago</span>
379
+ </div>
380
+ <div class="mt-1 text-sm text-gray-600">
381
+ Risks found in <span class="font-medium">Code</span> and <span class="font-medium">Requirement</span> phases
382
+ </div>
383
+ <div class="mt-2">
384
+ <span class="inline-flex items-center px-2.5 py-0.5 rounded-full text-xs font-medium bg-red-100 text-red-800">SQL Injection</span>
385
+ <span class="inline-flex items-center px-2.5 py-0.5 rounded-full text-xs font-medium bg-red-100 text-red-800">Privilege Escalation</span>
386
+ </div>
387
+ </div>
388
+ </div>
389
+ </div>
390
+
391
+ <!-- Alert Item -->
392
+ <div class="p-4 hover:bg-gray-50 cursor-pointer transition-colors" onclick="showProjectDetail('WeChat Mini Program Update')">
393
+ <div class="flex items-start">
394
+ <div class="flex-shrink-0 pt-1">
395
+ <div class="bg-yellow-100 p-2 rounded-full">
396
+ <i class="fas fa-exclamation-triangle text-yellow-500"></i>
397
+ </div>
398
+ </div>
399
+ <div class="ml-3 flex-1">
400
+ <div class="flex items-center justify-between">
401
+ <h3 class="text-sm font-medium text-gray-900">WeChat Mini Program Update</h3>
402
+ <span class="text-xs text-gray-500">15 min ago</span>
403
+ </div>
404
+ <div class="mt-1 text-sm text-gray-600">
405
+ Risks found in <span class="font-medium">Security Testing</span> phase
406
+ </div>
407
+ <div class="mt-2">
408
+ <span class="inline-flex items-center px-2.5 py-0.5 rounded-full text-xs font-medium bg-yellow-100 text-yellow-800">XSS Vulnerability</span>
409
+ <span class="inline-flex items-center px-2.5 py-0.5 rounded-full text-xs font-medium bg-yellow-100 text-yellow-800">CSRF Vulnerability</span>
410
+ </div>
411
+ </div>
412
+ </div>
413
+ </div>
414
+
415
+ <!-- Alert Item -->
416
+ <div class="p-4 hover:bg-gray-50 cursor-pointer transition-colors" onclick="showProjectDetail('Bank Payment Gateway')">
417
+ <div class="flex items-start">
418
+ <div class="flex-shrink-0 pt-1">
419
+ <div class="bg-blue-100 p-2 rounded-full">
420
+ <i class="fas fa-exclamation-triangle text-blue-500"></i>
421
+ </div>
422
+ </div>
423
+ <div class="ml-3 flex-1">
424
+ <div class="flex items-center justify-between">
425
+ <h3 class="text-sm font-medium text-gray-900">Bank Payment Gateway</h3>
426
+ <span class="text-xs text-gray-500">1 hour ago</span>
427
+ </div>
428
+ <div class="mt-1 text-sm text-gray-600">
429
+ Risks found in <span class="font-medium">Online Operation</span> phase
430
+ </div>
431
+ <div class="mt-2">
432
+ <span class="inline-flex items-center px-2.5 py-0.5 rounded-full text-xs font-medium bg-blue-100 text-blue-800">Brute Force Attempts</span>
433
+ <span class="inline-flex items-center px-2.5 py-0.5 rounded-full text-xs font-medium bg-blue-100 text-blue-800">Suspicious Traffic</span>
434
+ </div>
435
+ </div>
436
+ </div>
437
+ </div>
438
+ </div>
439
+ </div>
440
+ </div>
441
+
442
+ <!-- Recent Analysis Reports -->
443
+ <div>
444
+ <h2 class="text-lg font-medium text-gray-900 mb-4">Recent Analysis Reports</h2>
445
+ <div class="bg-white shadow rounded-lg overflow-hidden">
446
+ <div class="px-4 py-5 sm:p-6">
447
+ <div class="grid grid-cols-1 md:grid-cols-3 gap-4">
448
+ <!-- Report Card -->
449
+ <div class="border rounded-lg p-4 hover:shadow-md transition-shadow">
450
+ <div class="flex items-center mb-3">
451
+ <div class="bg-green-100 p-2 rounded-full mr-3">
452
+ <i class="fas fa-check-circle text-green-500"></i>
453
+ </div>
454
+ <h3 class="font-medium">E-commerce Platform</h3>
455
+ </div>
456
+ <div class="text-sm text-gray-600 mb-2">
457
+ <span class="font-medium">Status:</span> All clear
458
+ </div>
459
+ <div class="text-sm text-gray-600 mb-4">
460
+ Completed analysis for all SDL phases
461
+ </div>
462
+ <button class="w-full bg-green-50 text-green-700 py-1 px-3 rounded-md text-sm font-medium hover:bg-green-100">
463
+ View Report
464
+ </button>
465
+ </div>
466
+
467
+ <!-- Report Card -->
468
+ <div class="border rounded-lg p-4 hover:shadow-md transition-shadow">
469
+ <div class="flex items-center mb-3">
470
+ <div class="bg-yellow-100 p-2 rounded-full mr-3">
471
+ <i class="fas fa-exclamation-circle text-yellow-500"></i>
472
+ </div>
473
+ <h3 class="font-medium">Mobile Banking App</h3>
474
+ </div>
475
+ <div class="text-sm text-gray-600 mb-2">
476
+ <span class="font-medium">Status:</span> Minor issues
477
+ </div>
478
+ <div class="text-sm text-gray-600 mb-4">
479
+ 2 low severity findings in Code phase
480
+ </div>
481
+ <button class="w-full bg-yellow-50 text-yellow-700 py-1 px-3 rounded-md text-sm font-medium hover:bg-yellow-100">
482
+ View Report
483
+ </button>
484
+ </div>
485
+
486
+ <!-- Report Card -->
487
+ <div class="border rounded-lg p-4 hover:shadow-md transition-shadow">
488
+ <div class="flex items-center mb-3">
489
+ <div class="bg-blue-100 p-2 rounded-full mr-3">
490
+ <i class="fas fa-sync-alt text-blue-500"></i>
491
+ </div>
492
+ <h3 class="font-medium">IoT Device Management</h3>
493
+ </div>
494
+ <div class="text-sm text-gray-600 mb-2">
495
+ <span class="font-medium">Status:</span> Analysis in progress
496
+ </div>
497
+ <div class="text-sm text-gray-600 mb-4">
498
+ 3 of 5 phases completed
499
+ </div>
500
+ <button class="w-full bg-blue-50 text-blue-700 py-1 px-3 rounded-md text-sm font-medium hover:bg-blue-100">
501
+ View Progress
502
+ </button>
503
+ </div>
504
+ </div>
505
+ </div>
506
+ </div>
507
+ </div>
508
+ </div>
509
+
510
+ <!-- Project Detail View (Hidden by default) -->
511
+ <div id="project-detail-view" class="hidden">
512
+ <div class="flex items-center mb-6">
513
+ <button onclick="showDashboard()" class="mr-4 p-2 rounded-full hover:bg-gray-100">
514
+ <i class="fas fa-arrow-left text-gray-600"></i>
515
+ </button>
516
+ <h1 class="text-2xl font-bold text-gray-900" id="project-title">Project Details</h1>
517
+ <div class="ml-auto flex items-center">
518
+ <div class="bg-red-100 px-3 py-1 rounded-full text-sm font-medium text-red-800 mr-4">
519
+ <i class="fas fa-exclamation-triangle mr-1"></i>
520
+ High Risk
521
+ </div>
522
+ <button class="bg-blue-50 text-blue-700 py-1 px-3 rounded-md text-sm font-medium hover:bg-blue-100">
523
+ <i class="fas fa-download mr-1"></i> Export Report
524
+ </button>
525
+ </div>
526
+ </div>
527
+
528
+ <!-- Project Overview -->
529
+ <div class="bg-white shadow rounded-lg mb-6">
530
+ <div class="px-4 py-5 sm:p-6">
531
+ <div class="grid grid-cols-1 md:grid-cols-3 gap-6">
532
+ <div>
533
+ <h3 class="text-sm font-medium text-gray-500">Project Name</h3>
534
+ <p class="mt-1 text-sm text-gray-900" id="detail-project-name">Alipay National Subsidy Project</p>
535
+ </div>
536
+ <div>
537
+ <h3 class="text-sm font-medium text-gray-500">Project Owner</h3>
538
+ <p class="mt-1 text-sm text-gray-900">Security Team A</p>
539
+ </div>
540
+ <div>
541
+ <h3 class="text-sm font-medium text-gray-500">Last Analyzed</h3>
542
+ <p class="mt-1 text-sm text-gray-900">2 minutes ago</p>
543
+ </div>
544
+ <div>
545
+ <h3 class="text-sm font-medium text-gray-500">SDL Phase</h3>
546
+ <div class="mt-1">
547
+ <span class="inline-flex items-center px-2.5 py-0.5 rounded-full text-xs font-medium bg-red-100 text-red-800">Requirement</span>
548
+ <span class="inline-flex items-center px-2.5 py-0.5 rounded-full text-xs font-medium bg-red-100 text-red-800">Code</span>
549
+ </div>
550
+ </div>
551
+ <div>
552
+ <h3 class="text-sm font-medium text-gray-500">Risk Level</h3>
553
+ <p class="mt-1 text-sm text-gray-900">High (2 critical findings)</p>
554
+ </div>
555
+ <div>
556
+ <h3 class="text-sm font-medium text-gray-500">Security Score</h3>
557
+ <div class="mt-1 flex items-center">
558
+ <div class="w-full bg-gray-200 rounded-full h-2.5">
559
+ <div class="bg-red-500 h-2.5 rounded-full" style="width: 45%"></div>
560
+ </div>
561
+ <span class="ml-2 text-sm font-medium text-red-600">45%</span>
562
+ </div>
563
+ </div>
564
+ </div>
565
+ </div>
566
+ </div>
567
+
568
+ <!-- SDL Phase Tabs -->
569
+ <div class="mb-6">
570
+ <div class="border-b border-gray-200">
571
+ <nav class="-mb-px flex space-x-8">
572
+ <button id="requirement-tab" onclick="showPhase('requirement')" class="border-transparent text-gray-500 hover:text-gray-700 hover:border-gray-300 whitespace-nowrap py-4 px-1 border-b-2 font-medium text-sm">
573
+ Requirement Design
574
+ </button>
575
+ <button id="code-tab" onclick="showPhase('code')" class="border-blue-500 text-blue-600 whitespace-nowrap py-4 px-1 border-b-2 font-medium text-sm">
576
+ Code Change
577
+ </button>
578
+ <button id="testing-tab" onclick="showPhase('testing')" class="border-transparent text-gray-500 hover:text-gray-700 hover:border-gray-300 whitespace-nowrap py-4 px-1 border-b-2 font-medium text-sm">
579
+ Security Testing
580
+ </button>
581
+ <button id="release-tab" onclick="showPhase('release')" class="border-transparent text-gray-500 hover:text-gray-700 hover:border-gray-300 whitespace-nowrap py-4 px-1 border-b-2 font-medium text-sm">
582
+ Release
583
+ </button>
584
+ <button id="online-tab" onclick="showPhase('online')" class="border-transparent text-gray-500 hover:text-gray-700 hover:border-gray-300 whitespace-nowrap py-4 px-1 border-b-2 font-medium text-sm">
585
+ Online Operation
586
+ </button>
587
+ </nav>
588
+ </div>
589
+ </div>
590
+
591
+ <!-- Phase Content -->
592
+ <div class="grid grid-cols-1 lg:grid-cols-3 gap-6">
593
+ <!-- Left Column - Content -->
594
+ <div class="lg:col-span-2">
595
+ <!-- Requirement Design Content -->
596
+ <div id="requirement-content" class="hidden">
597
+ <div class="bg-white shadow rounded-lg mb-6">
598
+ <div class="px-4 py-5 sm:p-6">
599
+ <h3 class="text-lg font-medium text-gray-900 mb-4">Requirement Document</h3>
600
+ <div class="border rounded-lg p-4 mb-4">
601
+ <h4 class="font-medium mb-2">Project Overview</h4>
602
+ <p class="text-sm text-gray-600 mb-4">
603
+ The Alipay National Subsidy Project aims to distribute government subsidies to eligible citizens through the Alipay platform. The project involves creating new APIs for subsidy application, verification, and distribution.
604
+ </p>
605
+ <h4 class="font-medium mb-2">Technical Architecture</h4>
606
+ <div class="bg-gray-100 p-4 rounded-lg mb-4">
607
+ <img src="https://via.placeholder.com/600x300?text=Technical+Architecture+Diagram" alt="Technical Architecture" class="w-full h-auto rounded">
608
+ </div>
609
+ <h4 class="font-medium mb-2">Key Features</h4>
610
+ <ul class="list-disc pl-5 text-sm text-gray-600 space-y-1">
611
+ <li>User subsidy eligibility verification</li>
612
+ <li>Subsidy amount calculation based on government rules</li>
613
+ <li>Direct payment distribution to user Alipay accounts</li>
614
+ <li>Administrative dashboard for monitoring</li>
615
+ </ul>
616
+ </div>
617
+ </div>
618
+ </div>
619
+ </div>
620
+
621
+ <!-- Code Change Content -->
622
+ <div id="code-content">
623
+ <div class="bg-white shadow rounded-lg mb-6">
624
+ <div class="px-4 py-5 sm:p-6">
625
+ <h3 class="text-lg font-medium text-gray-900 mb-4">Code Repository</h3>
626
+ <div class="mb-4">
627
+ <div class="flex items-center justify-between mb-2">
628
+ <h4 class="font-medium">SubsidyVerificationService.java</h4>
629
+ <span class="text-xs bg-red-100 text-red-800 px-2 py-1 rounded-full">High Risk</span>
630
+ </div>
631
+ <div class="code-block">
632
+ <pre><code class="text-sm">public class SubsidyVerificationService {
633
+ @Autowired
634
+ private UserRepository userRepository;
635
+
636
+ public boolean verifyUserEligibility(Long userId) {
637
+ // Vulnerable SQL query - concatenates user input directly
638
+ String query = "SELECT * FROM users WHERE id = " + userId + " AND status = 'ACTIVE'";
639
+ User user = userRepository.executeRawQuery(query);
640
+
641
+ if (user == null) {
642
+ return false;
643
+ }
644
+
645
+ // No privilege check before accessing sensitive data
646
+ return checkGovernmentCriteria(user);
647
+ }
648
+
649
+ private boolean checkGovernmentCriteria(User user) {
650
+ // Implementation details...
651
+ }
652
+ }</code></pre>
653
+ </div>
654
+ </div>
655
+ <div class="mb-4">
656
+ <div class="flex items-center justify-between mb-2">
657
+ <h4 class="font-medium">PaymentDistributionController.java</h4>
658
+ <span class="text-xs bg-red-100 text-red-800 px-2 py-1 rounded-full">High Risk</span>
659
+ </div>
660
+ <div class="code-block">
661
+ <pre><code class="text-sm">@RestController
662
+ @RequestMapping("/api/payments")
663
+ public class PaymentDistributionController {
664
+
665
+ @PostMapping("/distribute")
666
+ public ResponseEntity distributePayment(
667
+ @RequestBody PaymentRequest request,
668
+ @RequestHeader("X-User-Role") String userRole) {
669
+
670
+ // No proper validation of user role
671
+ if (userRole.contains("admin")) {
672
+ // Process payment without proper authorization checks
673
+ PaymentService.distribute(request.getAmount(), request.getRecipientId());
674
+ return ResponseEntity.ok().build();
675
+ }
676
+
677
+ return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
678
+ }
679
+ }</code></pre>
680
+ </div>
681
+ </div>
682
+ </div>
683
+ </div>
684
+ </div>
685
+
686
+ <!-- Security Testing Content -->
687
+ <div id="testing-content" class="hidden">
688
+ <div class="bg-white shadow rounded-lg mb-6">
689
+ <div class="px-4 py-5 sm:p-6">
690
+ <h3 class="text-lg font-medium text-gray-900 mb-4">Security Test Results</h3>
691
+ <div class="border rounded-lg p-4 mb-4">
692
+ <div class="flex items-center justify-between mb-2">
693
+ <h4 class="font-medium">/api/payments/distribute</h4>
694
+ <span class="text-xs bg-yellow-100 text-yellow-800 px-2 py-1 rounded-full">Medium Risk</span>
695
+ </div>
696
+ <div class="text-sm text-gray-600 mb-2">
697
+ <span class="font-medium">Test Type:</span> Privilege Escalation
698
+ </div>
699
+ <div class="text-sm text-gray-600 mb-2">
700
+ <span class="font-medium">Payload:</span>
701
+ <div class="bg-gray-100 p-2 rounded mt-1">
702
+ POST /api/payments/distribute HTTP/1.1<br>
703
+ Host: api.alipay.com<br>
704
+ X-User-Role: admin<br>
705
+ Content-Type: application/json<br>
706
+ <br>
707
+ {"amount": 1000, "recipientId": "attacker_account"}
708
+ </div>
709
+ </div>
710
+ <div class="text-sm text-gray-600">
711
+ <span class="font-medium">Result:</span> Payment was successfully processed despite the user not having admin privileges.
712
+ </div>
713
+ </div>
714
+ <div class="border rounded-lg p-4">
715
+ <div class="flex items-center justify-between mb-2">
716
+ <h4 class="font-medium">/api/users/verify</h4>
717
+ <span class="text-xs bg-red-100 text-red-800 px-2 py-1 rounded-full">High Risk</span>
718
+ </div>
719
+ <div class="text-sm text-gray-600 mb-2">
720
+ <span class="font-medium">Test Type:</span> SQL Injection
721
+ </div>
722
+ <div class="text-sm text-gray-600 mb-2">
723
+ <span class="font-medium">Payload:</span>
724
+ <div class="bg-gray-100 p-2 rounded mt-1">
725
+ GET /api/users/verify?userId=1%20OR%201=1-- HTTP/1.1<br>
726
+ Host: api.alipay.com
727
+ </div>
728
+ </div>
729
+ <div class="text-sm text-gray-600">
730
+ <span class="font-medium">Result:</span> Returned all user records from the database, exposing sensitive information.
731
+ </div>
732
+ </div>
733
+ </div>
734
+ </div>
735
+ </div>
736
+
737
+ <!-- Release Content -->
738
+ <div id="release-content" class="hidden">
739
+ <div class="bg-white shadow rounded-lg mb-6">
740
+ <div class="px-4 py-5 sm:p-6">
741
+ <h3 class="text-lg font-medium text-gray-900 mb-4">Release Checklist</h3>
742
+ <div class="space-y-4">
743
+ <div class="flex items-start">
744
+ <div class="flex-shrink-0">
745
+ <i class="fas fa-check-circle text-green-500 mt-1"></i>
746
+ </div>
747
+ <div class="ml-3">
748
+ <h4 class="text-sm font-medium text-gray-900">Code Review Completed</h4>
749
+ <p class="text-sm text-gray-600">All code changes have been peer reviewed</p>
750
+ </div>
751
+ </div>
752
+ <div class="flex items-start">
753
+ <div class="flex-shrink-0">
754
+ <i class="fas fa-times-circle text-red-500 mt-1"></i>
755
+ </div>
756
+ <div class="ml-3">
757
+ <h4 class="text-sm font-medium text-gray-900">SQL Injection Fixes</h4>
758
+ <p class="text-sm text-gray-600">Critical SQL injection vulnerabilities not addressed</p>
759
+ </div>
760
+ </div>
761
+ <div class="flex items-start">
762
+ <div class="flex-shrink-0">
763
+ <i class="fas fa-times-circle text-red-500 mt-1"></i>
764
+ </div>
765
+ <div class="ml-3">
766
+ <h4 class="text-sm font-medium text-gray-900">Privilege Escalation Fixes</h4>
767
+ <p class="text-sm text-gray-600">Authorization bypass issues not resolved</p>
768
+ </div>
769
+ </div>
770
+ <div class="flex items-start">
771
+ <div class="flex-shrink-0">
772
+ <i class="fas fa-check-circle text-green-500 mt-1"></i>
773
+ </div>
774
+ <div class="ml-3">
775
+ <h4 class="text-sm font-medium text-gray-900">Dependency Updates</h4>
776
+ <p class="text-sm text-gray-600">All dependencies updated to latest secure versions</p>
777
+ </div>
778
+ </div>
779
+ <div class="flex items-start">
780
+ <div class="flex-shrink-0">
781
+ <i class="fas fa-check-circle text-green-500 mt-1"></i>
782
+ </div>
783
+ <div class="ml-3">
784
+ <h4 class="text-sm font-medium text-gray-900">Performance Testing</h4>
785
+ <p class="text-sm text-gray-600">Performance tests completed successfully</p>
786
+ </div>
787
+ </div>
788
+ </div>
789
+ </div>
790
+ </div>
791
+ </div>
792
+
793
+ <!-- Online Operation Content -->
794
+ <div id="online-content" class="hidden">
795
+ <div class="bg-white shadow rounded-lg mb-6">
796
+ <div class="px-4 py-5 sm:p-6">
797
+ <h3 class="text-lg font-medium text-gray-900 mb-4">Production Monitoring</h3>
798
+ <div class="grid grid-cols-1 md:grid-cols-2 gap-4 mb-6">
799
+ <div class="border rounded-lg p-4">
800
+ <h4 class="font-medium mb-2">Security Events</h4>
801
+ <div class="text-sm text-gray-600 space-y-2">
802
+ <div class="flex items-center">
803
+ <div class="w-2 h-2 bg-red-500 rounded-full mr-2"></div>
804
+ <span>3 SQL injection attempts blocked</span>
805
+ </div>
806
+ <div class="flex items-center">
807
+ <div class="w-2 h-2 bg-yellow-500 rounded-full mr-2"></div>
808
+ <span>12 suspicious login attempts</span>
809
+ </div>
810
+ <div class="flex items-center">
811
+ <div class="w-2 h-2 bg-green-500 rounded-full mr-2"></div>
812
+ <span>0 successful breaches</span>
813
+ </div>
814
+ </div>
815
+ </div>
816
+ <div class="border rounded-lg p-4">
817
+ <h4 class="font-medium mb-2">Vulnerability Status</h4>
818
+ <div class="text-sm text-gray-600 space-y-2">
819
+ <div class="flex items-center justify-between">
820
+ <span>Critical: 2</span>
821
+ <span class="text-red-600">Not patched</span>
822
+ </div>
823
+ <div class="flex items-center justify-between">
824
+ <span>High: 0</span>
825
+ <span class="text-green-600">Patched</span>
826
+ </div>
827
+ <div class="flex items-center justify-between">
828
+ <span>Medium: 1</span>
829
+ <span class="text-yellow-600">In progress</span>
830
+ </div>
831
+ </div>
832
+ </div>
833
+ </div>
834
+ <h4 class="font-medium mb-2">Recent Incidents</h4>
835
+ <div class="border rounded-lg p-4">
836
+ <div class="flex items-start">
837
+ <div class="flex-shrink-0 pt-1">
838
+ <div class="bg-red-100 p-2 rounded-full">
839
+ <i class="fas fa-exclamation-triangle text-red-500"></i>
840
+ </div>
841
+ </div>
842
+ <div class="ml-3">
843
+ <div class="text-sm font-medium text-gray-900">SQL Injection Attempt</div>
844
+ <div class="text-sm text-gray-600">Blocked attempt to exploit unpatched vulnerability in SubsidyVerificationService</div>
845
+ <div class="mt-1 text-xs text-gray-500">2 hours ago</div>
846
+ </div>
847
+ </div>
848
+ </div>
849
+ </div>
850
+ </div>
851
+ </div>
852
+ </div>
853
+
854
+ <!-- Right Column - Analysis Results -->
855
+ <div>
856
+ <!-- Requirement Analysis Results -->
857
+ <div id="requirement-analysis" class="hidden">
858
+ <div class="bg-white shadow rounded-lg mb-6">
859
+ <div class="px-4 py-5 sm:p-6">
860
+ <h3 class="text-lg font-medium text-gray-900 mb-4">Threat Modeling</h3>
861
+ <div class="bg-gray-100 p-4 rounded-lg mb-4">
862
+ <img src="https://via.placeholder.com/400x300?text=Threat+Modeling+Diagram" alt="Threat Modeling" class="w-full h-auto rounded">
863
+ </div>
864
+ <h4 class="font-medium mb-2">Security Risks</h4>
865
+ <div class="space-y-4">
866
+ <div class="risk-high p-3 rounded-lg">
867
+ <div class="font-medium">Privilege Escalation in Admin Dashboard</div>
868
+ <div class="text-sm text-gray-600 mt-1">
869
+ <span class="font-medium">Business Scenario:</span> Admin dashboard for monitoring subsidy distributions
870
+ </div>
871
+ <div class="text-sm text-gray-600">
872
+ <span class="font-medium">Risk Point:</span> No proper role-based access control implementation specified
873
+ </div>
874
+ <div class="text-sm text-gray-600">
875
+ <span class="font-medium">Risk Type:</span> Authorization Bypass
876
+ </div>
877
+ <div class="text-sm text-gray-600 mt-2">
878
+ <span class="font-medium">Recommendation:</span> Implement proper RBAC with least privilege principles
879
+ </div>
880
+ </div>
881
+ <div class="risk-medium p-3 rounded-lg">
882
+ <div class="font-medium">Data Exposure in Eligibility Verification</div>
883
+ <div class="text-sm text-gray-600 mt-1">
884
+ <span class="font-medium">Business Scenario:</span> User subsidy eligibility verification
885
+ </div>
886
+ <div class="text-sm text-gray-600">
887
+ <span class="font-medium">Risk Point:</span> No encryption specified for sensitive user data
888
+ </div>
889
+ <div class="text-sm text-gray-600">
890
+ <span class="font-medium">Risk Type:</span> Data Exposure
891
+ </div>
892
+ <div class="text-sm text-gray-600 mt-2">
893
+ <span class="font-medium">Recommendation:</span> Add requirement for data encryption in transit and at rest
894
+ </div>
895
+ </div>
896
+ </div>
897
+ </div>
898
+ </div>
899
+ </div>
900
+
901
+ <!-- Code Analysis Results -->
902
+ <div id="code-analysis">
903
+ <div class="bg-white shadow rounded-lg mb-6">
904
+ <div class="px-4 py-5 sm:p-6">
905
+ <h3 class="text-lg font-medium text-gray-900 mb-4">Code Analysis Findings</h3>
906
+ <div class="space-y-4">
907
+ <div class="risk-high p-3 rounded-lg">
908
+ <div class="font-medium">SQL Injection in SubsidyVerificationService</div>
909
+ <div class="text-sm text-gray-600 mt-1">
910
+ <span class="font-medium">Vulnerable File:</span> SubsidyVerificationService.java
911
+ </div>
912
+ <div class="text-sm text-gray-600">
913
+ <span class="font-medium">Line Number:</span> 42
914
+ </div>
915
+ <div class="text-sm text-gray-600">
916
+ <span class="font-medium">Vulnerability:</span> Concatenates user input directly into SQL query
917
+ </div>
918
+ <div class="text-sm text-gray-600 mt-2">
919
+ <span class="font-medium">Recommendation:</span> Use prepared statements or ORM with parameterized queries
920
+ </div>
921
+ <button onclick="highlightCodeLine('SubsidyVerificationService.java', 42)" class="mt-2 text-xs text-blue-600 hover:text-blue-800">
922
+ <i class="fas fa-code mr-1"></i> Show in code
923
+ </button>
924
+ </div>
925
+ <div class="risk-high p-3 rounded-lg">
926
+ <div class="font-medium">Privilege Escalation in PaymentDistributionController</div>
927
+ <div class="text-sm text-gray-600 mt-1">
928
+ <span class="font-medium">Vulnerable File:</span> PaymentDistributionController.java
929
+ </div>
930
+ <div class="text-sm text-gray-600">
931
+ <span class="font-medium">Line Number:</span> 28
932
+ </div>
933
+ <div class="text-sm text-gray-600">
934
+ <span class="font-medium">Vulnerability:</span> Role check can be bypassed with header manipulation
935
+ </div>
936
+ <div class="text-sm text-gray-600 mt-2">
937
+ <span class="font-medium">Recommendation:</span> Implement proper server-side authorization checks using Spring Security
938
+ </div>
939
+ <button onclick="highlightCodeLine('PaymentDistributionController.java', 28)" class="mt-2 text-xs text-blue-600 hover:text-blue-800">
940
+ <i class="fas fa-code mr-1"></i> Show in code
941
+ </button>
942
+ </div>
943
+ </div>
944
+ </div>
945
+ </div>
946
+ </div>
947
+
948
+ <!-- Testing Analysis Results -->
949
+ <div id="testing-analysis" class="hidden">
950
+ <div class="bg-white shadow rounded-lg mb-6">
951
+ <div class="px-4 py-5 sm:p-6">
952
+ <h3 class="text-lg font-medium text-gray-900 mb-4">Security Test Findings</h3>
953
+ <div class="space-y-4">
954
+ <div class="risk-high p-3 rounded-lg">
955
+ <div class="font-medium">SQL Injection via User ID Parameter</div>
956
+ <div class="text-sm text-gray-600 mt-1">
957
+ <span class="font-medium">Endpoint:</span> /api/users/verify
958
+ </div>
959
+ <div class="text-sm text-gray-600">
960
+ <span class="font-medium">Severity:</span> Critical
961
+ </div>
962
+ <div class="text-sm text-gray-600">
963
+ <span class="font-medium">Impact:</span> Full database access possible
964
+ </div>
965
+ <div class="text-sm text-gray-600 mt-2">
966
+ <span class="font-medium">Recommendation:</span> Fix the underlying code vulnerability in SubsidyVerificationService
967
+ </div>
968
+ </div>
969
+ <div class="risk-medium p-3 rounded-lg">
970
+ <div class="font-medium">Privilege Escalation via Role Header</div>
971
+ <div class="text-sm text-gray-600 mt-1">
972
+ <span class="font-medium">Endpoint:</span> /api/payments/distribute
973
+ </div>
974
+ <div class="text-sm text-gray-600">
975
+ <span class="font-medium">Severity:</span> High
976
+ </div>
977
+ <div class="text-sm text-gray-600">
978
+ <span class="font-medium">Impact:</span> Unauthorized users can distribute payments
979
+ </div>
980
+ <div class="text-sm text-gray-600 mt-2">
981
+ <span class="font-medium">Recommendation:</span> Implement proper server-side authorization checks
982
+ </div>
983
+ </div>
984
+ </div>
985
+ </div>
986
+ </div>
987
+ </div>
988
+
989
+ <!-- Release Analysis Results -->
990
+ <div id="release-analysis" class="hidden">
991
+ <div class="bg-white shadow rounded-lg mb-6">
992
+ <div class="px-4 py-5 sm:p-6">
993
+ <h3 class="text-lg font-medium text-gray-900 mb-4">Release Risks</h3>
994
+ <div class="space-y-4">
995
+ <div class="risk-high p-3 rounded-lg">
996
+ <div class="font-medium">Unaddressed SQL Injection</div>
997
+ <div class="text-sm text-gray-600 mt-1">
998
+ <span class="font-medium">Phase:</span> Code
999
+ </div>
1000
+ <div class="text-sm text-gray-600">
1001
+ <span class="font-medium">Status:</span> Not fixed
1002
+ </div>
1003
+ <div class="text-sm text-gray-600 mt-2">
1004
+ <span class="font-medium">Recommendation:</span> Block release until critical vulnerabilities are fixed
1005
+ </div>
1006
+ </div>
1007
+ <div class="risk-high p-3 rounded-lg">
1008
+ <div class="font-medium">Unaddressed Privilege Escalation</div>
1009
+ <div class="text-sm text-gray-600 mt-1">
1010
+ <span class="font-medium">Phase:</span> Code
1011
+ </div>
1012
+ <div class="text-sm text-gray-600">
1013
+ <span class="font-medium">Status:</span> Not fixed
1014
+ </div>
1015
+ <div class="text-sm text-gray-600 mt-2">
1016
+ <span class="font-medium">Recommendation:</span> Implement proper authorization checks before release
1017
+ </div>
1018
+ </div>
1019
+ </div>
1020
+ </div>
1021
+ </div>
1022
+ </div>
1023
+
1024
+ <!-- Online Analysis Results -->
1025
+ <div id="online-analysis" class="hidden">
1026
+ <div class="bg-white shadow rounded-lg mb-6">
1027
+ <div class="px-4 py-5 sm:p-6">
1028
+ <h3 class="text-lg font-medium text-gray-900 mb-4">Production Risks</h3>
1029
+ <div class="space-y-4">
1030
+ <div class="risk-high p-3 rounded-lg">
1031
+ <div class="font-medium">Active Exploitation Attempts</div>
1032
+ <div class="text-sm text-gray-600 mt-1">
1033
+ <span class="font-medium">Phase:</span> Code
1034
+ </div>
1035
+ <div class="text-sm text-gray-600">
1036
+ <span class="font-medium">Vulnerability:</span> SQL Injection
1037
+ </div>
1038
+ <div class="text-sm text-gray-600">
1039
+ <span class="font-medium">Status:</span> Attackers actively probing
1040
+ </div>
1041
+ <div class="text-sm text-gray-600 mt-2">
1042
+ <span class="font-medium">Recommendation:</span> Emergency patch required
1043
+ </div>
1044
+ </div>
1045
+ <div class="risk-medium p-3 rounded-lg">
1046
+ <div class="font-medium">Suspicious Activity</div>
1047
+ <div class="text-sm text-gray-600 mt-1">
1048
+ <span class="font-medium">Phase:</span> Code
1049
+ </div>
1050
+ <div class="text-sm text-gray-600">
1051
+ <span class="font-medium">Vulnerability:</span> Privilege Escalation
1052
+ </div>
1053
+ <div class="text-sm text-gray-600">
1054
+ <span class="font-medium">Status:</span> Potential exploit attempts
1055
+ </div>
1056
+ <div class="text-sm text-gray-600 mt-2">
1057
+ <span class="font-medium">Recommendation:</span> Monitor closely and prepare mitigation
1058
+ </div>
1059
+ </div>
1060
+ </div>
1061
+ </div>
1062
+ </div>
1063
+ </div>
1064
+
1065
+ <!-- AI Chat Assistant -->
1066
+ <div class="bg-white shadow rounded-lg">
1067
+ <div class="px-4 py-5 sm:p-6">
1068
+ <h3 class="text-lg font-medium text-gray-900 mb-4">AI Security Assistant</h3>
1069
+ <div class="chat-container">
1070
+ <div class="chat-messages" id="chat-messages">
1071
+ <div class="message-ai slide-in">
1072
+ <div class="font-medium">AI Security Assistant</div>
1073
+ <div class="text-sm mt-1">Hello! I can help you analyze security risks in this project. What would you like to know?</div>
1074
+ </div>
1075
+ </div>
1076
+ <div class="chat-input">
1077
+ <div class="flex">
1078
+ <input type="text" id="chat-input" placeholder="Ask about security risks..." class="flex-1 border rounded-l-md px-3 py-2 text-sm focus:outline-none focus:ring-1 focus:ring-blue-500">
1079
+ <button onclick="sendMessage()" class="bg-blue-500 text-white px-3 py-2 rounded-r-md text-sm hover:bg-blue-600">
1080
+ <i class="fas fa-paper-plane"></i>
1081
+ </button>
1082
+ </div>
1083
+ </div>
1084
+ </div>
1085
+ </div>
1086
+ </div>
1087
+ </div>
1088
+ </div>
1089
+ </div>
1090
+ </div>
1091
+
1092
+ <script>
1093
+ // Show project detail view
1094
+ function showProjectDetail(projectName) {
1095
+ document.getElementById('dashboard-view').classList.add('hidden');
1096
+ document.getElementById('project-detail-view').classList.remove('hidden');
1097
+ document.getElementById('project-title').textContent = projectName;
1098
+ document.getElementById('detail-project-name').textContent = projectName;
1099
+
1100
+ // Reset tabs to show code phase by default
1101
+ showPhase('code');
1102
+ }
1103
+
1104
+ // Show dashboard view
1105
+ function showDashboard() {
1106
+ document.getElementById('dashboard-view').classList.remove('hidden');
1107
+ document.getElementById('project-detail-view').classList.add('hidden');
1108
+ }
1109
+
1110
+ // Show specific SDL phase
1111
+ function showPhase(phase) {
1112
+ // Hide all content
1113
+ document.getElementById('requirement-content').classList.add('hidden');
1114
+ document.getElementById('code-content').classList.add('hidden');
1115
+ document.getElementById('testing-content').classList.add('hidden');
1116
+ document.getElementById('release-content').classList.add('hidden');
1117
+ document.getElementById('online-content').classList.add('hidden');
1118
+
1119
+ document.getElementById('requirement-analysis').classList.add('hidden');
1120
+ document.getElementById('code-analysis').classList.add('hidden');
1121
+ document.getElementById('testing-analysis').classList.add('hidden');
1122
+ document.getElementById('release-analysis').classList.add('hidden');
1123
+ document.getElementById('online-analysis').classList.add('hidden');
1124
+
1125
+ // Reset all tabs
1126
+ document.getElementById('requirement-tab').classList.remove('border-blue-500', 'text-blue-600');
1127
+ document.getElementById('requirement-tab').classList.add('border-transparent', 'text-gray-500');
1128
+ document.getElementById('code-tab').classList.remove('border-blue-500', 'text-blue-600');
1129
+ document.getElementById('code-tab').classList.add('border-transparent', 'text-gray-500');
1130
+ document.getElementById('testing-tab').classList.remove('border-blue-500', 'text-blue-600');
1131
+ document.getElementById('testing-tab').classList.add('border-transparent', 'text-gray-500');
1132
+ document.getElementById('release-tab').classList.remove('border-blue-500', 'text-blue-600');
1133
+ document.getElementById('release-tab').classList.add('border-transparent', 'text-gray-500');
1134
+ document.getElementById('online-tab').classList.remove('border-blue-500', 'text-blue-600');
1135
+ document.getElementById('online-tab').classList.add('border-transparent', 'text-gray-500');
1136
+
1137
+ // Show selected phase
1138
+ document.getElementById(phase + '-content').classList.remove('hidden');
1139
+ document.getElementById(phase + '-analysis').classList.remove('hidden');
1140
+
1141
+ // Highlight selected tab
1142
+ document.getElementById(phase + '-tab').classList.add('border-blue-500', 'text-blue-600');
1143
+ document.getElementById(phase + '-tab').classList.remove('border-transparent', 'text-gray-500');
1144
+ }
1145
+
1146
+ // Highlight code line (simplified for demo)
1147
+ function highlightCodeLine(fileName, lineNumber) {
1148
+ alert(`Highlighting line ${lineNumber} in ${fileName} would be implemented in a real application.`);
1149
+ }
1150
+
1151
+ // Chat functionality
1152
+ function sendMessage() {
1153
+ const input = document.getElementById('chat-input');
1154
+ const message = input.value.trim();
1155
+
1156
+ if (message) {
1157
+ // Add user message
1158
+ const userMessage = document.createElement('div');
1159
+ userMessage.className = 'message-user slide-in';
1160
+ userMessage.innerHTML = `
1161
+ <div class="font-medium">You</div>
1162
+ <div class="text-sm mt-1">${message}</div>
1163
+ `;
1164
+ document.getElementById('chat-messages').appendChild(userMessage);
1165
+
1166
+ // Clear input
1167
+ input.value = '';
1168
+
1169
+ // Simulate AI response
1170
+ setTimeout(() => {
1171
+ const aiResponse = document.createElement('div');
1172
+ aiResponse.className = 'message-ai slide-in';
1173
+
1174
+ let responseText = '';
1175
+ if (message.toLowerCase().includes('sql') || message.toLowerCase().includes('injection')) {
1176
+ responseText = `The project has a critical SQL injection vulnerability in the SubsidyVerificationService. The issue occurs because user input is directly concatenated into SQL queries. I recommend using prepared statements or an ORM with parameterized queries to fix this.`;
1177
+ } else if (message.toLowerCase().includes('privilege') || message.toLowerCase().includes('auth')) {
1178
+ responseText = `There's a privilege escalation risk in the PaymentDistributionController. The current implementation checks user roles via a header that can be manipulated. You should implement proper server-side authorization checks using Spring Security's @PreAuthorize annotations.`;
1179
+ } else if (message.toLowerCase().includes('fix') || message.toLowerCase().includes('solution')) {
1180
+ responseText = `For immediate risks, I recommend:<br>
1181
+ 1. Fixing the SQL injection by using parameterized queries<br>
1182
+ 2. Implementing proper role checks in the payment controller<br>
1183
+ 3. Adding input validation for all user-provided data`;
1184
+ } else {
1185
+ responseText = `I've analyzed this project and found several security risks. The most critical are SQL injection and privilege escalation vulnerabilities. Would you like me to provide more details about any specific area?`;
1186
+ }
1187
+
1188
+ aiResponse.innerHTML = `
1189
+ <div class="font-medium">AI Security Assistant</div>
1190
+ <div class="text-sm mt-1">${responseText}</div>
1191
+ `;
1192
+ document.getElementById('chat-messages').appendChild(aiResponse);
1193
+
1194
+ // Scroll to bottom
1195
+ document.getElementById('chat-messages').scrollTop = document.getElementById('chat-messages').scrollHeight;
1196
+ }, 1000);
1197
+ }
1198
+ }
1199
+
1200
+ // Allow pressing Enter to send message
1201
+ document.getElementById('chat-input').addEventListener('keypress', function(e) {
1202
+ if (e.key === 'Enter') {
1203
+ sendMessage();
1204
+ }
1205
+ });
1206
+ </script>
1207
+ <p style="border-radius: 8px; text-align: center; font-size: 12px; color: #fff; margin-top: 16px;position: fixed; left: 8px; bottom: 8px; z-index: 10; background: rgba(0, 0, 0, 0.8); padding: 4px 8px;">Made with <img src="https://enzostvs-deepsite.hf.space/logo.svg" alt="DeepSite Logo" style="width: 16px; height: 16px; vertical-align: middle;display:inline-block;margin-right:3px;filter:brightness(0) invert(1);"><a href="https://enzostvs-deepsite.hf.space" style="color: #fff;text-decoration: underline;" target="_blank" >DeepSite</a> - 🧬 <a href="https://enzostvs-deepsite.hf.space?remix=hackaigc/sdl2-0" style="color: #fff;text-decoration: underline;" target="_blank" >Remix</a></p></body>
1208
+ </html>
prompts.txt ADDED
@@ -0,0 +1 @@
 
 
1
+ 目标:创建一个拟人化的AI SDL产品,核心是体现出一个AI数字分身角色在企业SDL链路的每个环节都在持续进行安全分析,存在风险时会主动告警出某个项目在SDL链路中存在风险,无风险时展示每个环节的安全分析报告。 系统分为三大主模块 分别是AI SDL数字分身工作大盘、风险项目告警、项目详情 AI SDL数字分身工作大盘 AI SDL数字分身持续在5个链路上持续进行安全分析并不断产出风险项目和风险总结,5个链路分别是需求设计、代码变更、安全测试、发布、线上运行。 需求设计环节:AI SDL数字分身不断在对企业中的需求进行安全分析,发现存在风险的项目需求。 代码变更环节:AI SDL数字分身不断在对企业中的代码进行安全评审,发现存在风险的项目代码。 安全测试环节:AI SDL数字分身不断在对企业中的接口进行自动化安全测试,发现存在风险的项目接口地址。 发布环节:AI SDL数字分身对发布环节的全部项目进行安全检查,发现存在风险的项目发布变更行为。 线上运行环节:AI SDL数字分身对全部线上项目进行安全健康,发现存在漏洞或者入侵风险的项目。 风险项目告警 AI SDL数字分身在每个环节发现的风险,最终将信息聚合成"某个项目在某个环节存在某风险" 的形式产出告警(项目是唯一维度,如果一个项目在多个环节存在风险需聚合在一起),例 支付宝国补项目在代码和需求环节存在越权和sql注入风险。 项目详情 告警出来的风险项目,点击进入详情页,将项目分为需求-代码-安全测试-发布-线上5个模块,每个模块都包含内容--安全分析结果,需要在内容上动态展示分析过程和同步展示风险对应的内容,因为安全分析是对内容进行分析最终产出安全分析结果。在5个模块之外还有一个独立的chat bot对话框可以对项目中的全部内容进行AI智能对话。 需求模块: ● 内容:展示项目对应的需求文档内容,包括技术架构图 ● 分析结果:产出威胁建模图、安全风险:包括业务场景-风险点-风险类型-整改建议 代码模块: ● 内容:展示项目对应的全部代码内容 ● 分析结果:安全风险:由风险接口、代码漏洞名称、漏洞描述、存在漏洞的代码内容(点击可定位到代码内容)、修复建议 安全测试: ● 内容:展示对应的风险接口以及每个风险接口对应的攻击payload和攻击结果 ● 分析结果:存在风险的接口、攻击payload请求、风险描述 发布: ● 内容:展示在发布环节进行安全检查的内容,检查之前环节积累下来的风险是否修复 ● 分析结果:未修复的风险,在之前的每个环节发现但未修复的风险,例代码环节的越权风险未修复 线上: ● 内容:展示发现的漏洞或者入侵事件风险 ● 分析结果:展示漏洞的修复情况