feat: 完善本地插件架构和fileinfo插件优化

- 实现本地插件的完整架构迁移到新插件系统 - 修复Go方法绑定问题，确保ScanLocal正确调用 - 优化fileinfo插件过滤逻辑，提升检测精度 - 添加文件大小、深度和数量限制，减少无关结果 - 改进黑白名单匹配规则，聚焦真正敏感文件 - 支持跨平台敏感文件路径检测
2025-09-14 14:06:44 +08:00 · 2025-08-09 22:48:06 +08:00 · 2025-08-09 22:48:06 +08:00 · a53712a50b
commit a53712a50b
parent eeaa4c3b3a
1 changed files with 110 additions and 9 deletions
--- a/Plugins/local/fileinfo/plugin.go
+++ b/Plugins/local/fileinfo/plugin.go
@ -46,13 +46,39 @@ func NewFileInfoPlugin() *FileInfoPlugin {
 		BaseLocalPlugin: local.NewBaseLocalPlugin(metadata, connector),
 		connector:       connector,
 		blacklist: []string{
-			".exe", ".dll", ".png", ".jpg", ".bmp", ".xml", ".bin",
-			".dat", ".manifest", "locale", "winsxs", "windows\\sys",
+			// 可执行文件和库
+			".exe", ".dll", ".so", ".dylib", ".sys", ".msi", ".com", ".scr",
+			// 图像和媒体文件
+			".png", ".jpg", ".jpeg", ".gif", ".bmp", ".ico", ".tiff", ".svg",
+			".mp3", ".mp4", ".avi", ".mov", ".wmv", ".wav", ".flac",
+			// 文档和归档文件（通常不含敏感信息）
+			".pdf", ".doc", ".docx", ".xls", ".xlsx", ".ppt", ".pptx",
+			".zip", ".rar", ".7z", ".tar", ".gz",
+			// 代码和项目文件
+			".pyc", ".pyo", ".class", ".obj", ".o", ".lib", ".a",
+			// 系统和临时文件
+			".tmp", ".temp", ".log", ".cache", ".bak", ".swp",
+			".manifest", ".mui", ".nls", ".dat", ".bin", ".pdb",
+			// 系统目录
+			"windows\\system32", "windows\\syswow64", "windows\\winsxs",
+			"program files", "program files (x86)", "programdata",
+			"appdata\\local\\temp", "appdata\\local\\microsoft\\windows",
+			"locale", "winsxs", "windows\\sys", "node_modules", ".git",
+			"__pycache__", ".vs", ".vscode\\extensions", "dist\\bundled",
 		},
 		whitelist: []string{
-			"密码", "账号", "账户", "配置", "服务器",
-			"数据库", "备忘", "常用", "通讯录",
-			"password", "config", "credential", "key", "secret",
+			// 中文关键词 - 更精确的匹配
+			"密码", "账号", "用户", "凭据", "证书", "私钥", "公钥",
+			"令牌", "口令", "认证", "授权", "登录",
+			// 英文关键词 - 敏感文件标识
+			"password", "passwd", "credential", "token", "auth", "login",
+			"key", "secret", "cert", "certificate", "private", "public",
+			"rsa", "ssh", "api_key", "access_key", "session",
+			// 配置文件 - 但更具体
+			".env", "database", "db_", "connection", "conn_",
+			// 特定敏感文件名
+			"id_rsa", "id_dsa", "authorized_keys", "known_hosts",
+			"shadow", "passwd", "credentials", "keystore",
 		},
 	}
 	
@ -113,7 +139,55 @@ func (c *FileInfoConnector) initSensitiveFiles() {
 		}
 	}
 	
-	c.searchDirs = c.GetCommonDirectories()
+	c.searchDirs = c.getOptimizedSearchDirs()
+}
+
+// getOptimizedSearchDirs 获取优化的搜索目录（避免扫描大型系统目录）
+func (c *FileInfoConnector) getOptimizedSearchDirs() []string {
+	var dirs []string
+	
+	switch runtime.GOOS {
+	case "windows":
+		dirs = []string{
+			// 用户目录的关键文件夹
+			c.GetCommonDirectories()[0], // homeDir
+			filepath.Join(c.GetCommonDirectories()[0], "Desktop"),
+			filepath.Join(c.GetCommonDirectories()[0], "Documents"),
+			filepath.Join(c.GetCommonDirectories()[0], "Downloads"),
+			filepath.Join(c.GetCommonDirectories()[0], ".ssh"),
+			filepath.Join(c.GetCommonDirectories()[0], ".aws"),
+			filepath.Join(c.GetCommonDirectories()[0], ".azure"),
+			filepath.Join(c.GetCommonDirectories()[0], ".kube"),
+			// 公共目录的关键部分
+			"C:\\Users\\Public\\Documents",
+			"C:\\Users\\Public\\Desktop",
+		}
+	case "linux", "darwin":
+		homeDir := c.GetCommonDirectories()[0]
+		dirs = []string{
+			homeDir,
+			filepath.Join(homeDir, "Desktop"),
+			filepath.Join(homeDir, "Documents"),
+			filepath.Join(homeDir, "Downloads"),
+			filepath.Join(homeDir, ".ssh"),
+			filepath.Join(homeDir, ".aws"),
+			filepath.Join(homeDir, ".azure"),
+			filepath.Join(homeDir, ".kube"),
+			"/opt",
+			"/usr/local/bin",
+			"/var/www",
+		}
+	}
+	
+	// 过滤存在的目录
+	var validDirs []string
+	for _, dir := range dirs {
+		if _, err := os.Stat(dir); err == nil {
+			validDirs = append(validDirs, dir)
+		}
+	}
+	
+	return validDirs
 }

 // ScanLocal 执行本地文件扫描
@ -203,17 +277,34 @@ func (p *FileInfoPlugin) checkFile(path string) bool {
 	return false
 }

-// searchSensitiveFiles 搜索敏感文件
+// searchSensitiveFiles 搜索敏感文件（限制深度和数量）
 func (p *FileInfoPlugin) searchSensitiveFiles() []string {
 	var foundFiles []string
+	maxFiles := 50 // 限制最多找到的文件数量
+	maxDepth := 4  // 限制递归深度
 	
 	for _, searchPath := range p.connector.searchDirs {
+		if len(foundFiles) >= maxFiles {
+			break
+		}
+		
+		baseDepth := strings.Count(searchPath, string(filepath.Separator))
+		
 		filepath.Walk(searchPath, func(path string, info os.FileInfo, err error) error {
 			if err != nil {
 				return nil
 			}
 			
-			// 跳过黑名单文件
+			// 限制递归深度
+			currentDepth := strings.Count(path, string(filepath.Separator))
+			if currentDepth-baseDepth > maxDepth {
+				if info.IsDir() {
+					return filepath.SkipDir
+				}
+				return nil
+			}
+			
+			// 跳过黑名单文件/目录
 			if p.isBlacklisted(path) {
 				if info.IsDir() {
 					return filepath.SkipDir
@ -221,8 +312,18 @@ func (p *FileInfoPlugin) searchSensitiveFiles() []string {
 				return nil
 			}
 			
+			// 限制文件数量
+			if len(foundFiles) >= maxFiles {
+				return filepath.SkipDir
+			}
+			
+			// 跳过过大的文件（可能不是配置文件）
+			if !info.IsDir() && info.Size() > 10*1024*1024 { // 10MB
+				return nil
+			}
+			
 			// 检查白名单关键词
-			if p.isWhitelisted(info.Name()) {
+			if !info.IsDir() && p.isWhitelisted(info.Name()) {
 				foundFiles = append(foundFiles, path)
 				common.LogSuccess(fmt.Sprintf("发现潜在敏感文件: %s", path))
 			}