fix: 收紧误判规则并补充聚合登录识别

setube · setube · commit a2d4fc56b544 · 2026-05-11T11:31:19.000+08:00
diff --git a/package.json b/package.json
@@ -1,7 +1,7 @@
 {
   "name": "stackprism",
   "private": true,
-  "version": "1.2.63",
+  "version": "1.2.64",
   "type": "module",
   "description": "StackPrism 用于检测网页前端、后端、CDN、SaaS、广告营销、统计、登录、支付、网站程序和主题模板线索。",
   "scripts": {
diff --git a/public/rules/page/data-infra-assets.json b/public/rules/page/data-infra-assets.json
@@ -345,7 +345,11 @@
               "name": "Apache NiFi",
               "kind": "数据流处理",
               "resourceHints": ["nifi"],
-              "patterns": ["(?:^|/)nifi/(?:assets|css|js|images)(?:/|[?#]|$)", "nifi[^\\s\"'<>]*\\.(?:js|css|svg|png)(?:\\?|$)"]
+              "patterns": [
+                "(?:^|/)nifi/(?:assets|css|js|images)(?:/|[?#]|$)",
+                "(?:^|/)apache[-_.]?nifi[^\\s\"'<>/]*\\.(?:js|css|svg|png)(?:[?#]|$)",
+                "(?:^|/)nifi[-_.][^\\s\"'<>/]*\\.(?:js|css|svg|png)(?:[?#]|$)"
+              ]
             },
             {
               "name": "Apache Flink Dashboard",
diff --git a/public/rules/page/third-party-logins.json b/public/rules/page/third-party-logins.json
@@ -27,6 +27,83 @@
           {
             "name": "微博登录",
             "patterns": ["api\\.weibo\\.com/oauth2/authorize", "WB2\\.anyWhere", "SinaWeibo", "微博登录", "weibo login"]
+          },
+          {
+            "name": "抖音登录",
+            "patterns": ["open\\.douyin\\.com/platform/oauth/connect", "douyin\\.com/[^\\s\"'<>]*(?:oauth|authorize|login)", "抖音登录"]
+          },
+          {
+            "name": "哔哩哔哩登录",
+            "patterns": ["passport\\.bilibili\\.com", "bilibili\\.com/[^\\s\"'<>]*(?:oauth|authorize|login)", "哔哩哔哩登录", "Bilibili登录"]
+          }
+        ]
+      },
+      {
+        "defaults": {
+          "kind": "聚合登录图标",
+          "confidence": "高",
+          "resourceOnly": true
+        },
+        "rules": [
+          {
+            "name": "QQ 登录",
+            "patterns": ["(?:^|/)assets/icon/qq\\.(?:png|svg|webp)(?:[?#]|[\"'<>\\s]|$)"]
+          },
+          {
+            "name": "微信登录",
+            "patterns": ["(?:^|/)assets/icon/(?:wx|wechat|weixin)\\.(?:png|svg|webp)(?:[?#]|[\"'<>\\s]|$)"]
+          },
+          {
+            "name": "微博登录",
+            "patterns": ["(?:^|/)assets/icon/(?:sina|weibo)\\.(?:png|svg|webp)(?:[?#]|[\"'<>\\s]|$)"]
+          },
+          {
+            "name": "支付宝登录",
+            "patterns": ["(?:^|/)assets/icon/alipay\\.(?:png|svg|webp)(?:[?#]|[\"'<>\\s]|$)"]
+          },
+          {
+            "name": "百度帐号登录",
+            "patterns": ["(?:^|/)assets/icon/baidu\\.(?:png|svg|webp)(?:[?#]|[\"'<>\\s]|$)"]
+          },
+          {
+            "name": "华为帐号登录",
+            "patterns": ["(?:^|/)assets/icon/huawei\\.(?:png|svg|webp)(?:[?#]|[\"'<>\\s]|$)"]
+          },
+          {
+            "name": "小米帐号登录",
+            "patterns": ["(?:^|/)assets/icon/xiaomi\\.(?:png|svg|webp)(?:[?#]|[\"'<>\\s]|$)"]
+          },
+          {
+            "name": "抖音登录",
+            "patterns": ["(?:^|/)assets/icon/douyin\\.(?:png|svg|webp)(?:[?#]|[\"'<>\\s]|$)"]
+          },
+          {
+            "name": "哔哩哔哩登录",
+            "patterns": ["(?:^|/)assets/icon/bilibili\\.(?:png|svg|webp)(?:[?#]|[\"'<>\\s]|$)"]
+          },
+          {
+            "name": "钉钉登录",
+            "patterns": ["(?:^|/)assets/icon/dingtalk\\.(?:png|svg|webp)(?:[?#]|[\"'<>\\s]|$)"]
+          },
+          {
+            "name": "飞书 / Lark 登录",
+            "patterns": ["(?:^|/)assets/icon/(?:feishu|lark)\\.(?:png|svg|webp)(?:[?#]|[\"'<>\\s]|$)"]
+          },
+          {
+            "name": "GitHub 登录",
+            "patterns": ["(?:^|/)assets/icon/github\\.(?:png|svg|webp)(?:[?#]|[\"'<>\\s]|$)"]
+          },
+          {
+            "name": "Gitee 登录",
+            "patterns": ["(?:^|/)assets/icon/gitee\\.(?:png|svg|webp)(?:[?#]|[\"'<>\\s]|$)"]
+          },
+          {
+            "name": "Google 登录",
+            "patterns": ["(?:^|/)assets/icon/google\\.(?:png|svg|webp)(?:[?#]|[\"'<>\\s]|$)"]
+          },
+          {
+            "name": "Microsoft 登录",
+            "patterns": ["(?:^|/)assets/icon/(?:microsoft|ms)\\.(?:png|svg|webp)(?:[?#]|[\"'<>\\s]|$)"]
           }
         ]
       },
diff --git a/public/rules/page/ui-frameworks.json b/public/rules/page/ui-frameworks.json
@@ -174,8 +174,10 @@
               },
               {
                 "name": "Layui",
-                "patterns": ["layui"],
-                "classPrefixes": ["layui-"],
+                "patterns": [
+                  "(?:^|/)layui(?:\\.all)?(?:\\.min)?\\.(?:js|css)(?:[?#]|[\"'<>\\s]|$)",
+                  "(?:^|/)layui/(?:layui|css/layui)[^\\s\"'<>]*\\.(?:js|css)(?:[?#]|[\"'<>\\s]|$)"
+                ],
                 "classNames": ["layui-btn", "layui-form"]
               }
             ]
diff --git a/public/rules/page/website-programs-extra.json b/public/rules/page/website-programs-extra.json
@@ -241,6 +241,17 @@
               "matchType": "regex",
               "patterns": ["spring-plus\\.net", "Pu!mdHd"],
               "matchIn": ["url", "html"]
+            },
+            {
+              "name": "彩虹聚合登录",
+              "kind": "聚合登录系统",
+              "url": "https://u.cccyun.cc",
+              "matchType": "regex",
+              "patterns": [
+                "彩虹聚合登录",
+                "(?=[\\s\\S]*(?:聚合登录\\s*-\\s*接口测试|/user/test\\.php(?:[?#\\s\"'<>]|$)))(?=[\\s\\S]*(?:name=[\"']alipayment[\"']|submitLogin\\s*\\(|ajax\\.php\\?act=test))"
+              ],
+              "matchIn": ["html"]
             }
           ]
         },
diff --git a/public/tech-links.json b/public/tech-links.json
@@ -1127,6 +1127,8 @@
     "QQ 登录": "https://connect.qq.com",
     "微信登录": "https://developers.weixin.qq.com/doc/oplatform/Website_App/WeChat_Login/Wechat_Login.html",
     "微博登录": "https://open.weibo.com/wiki/Connect/login",
+    "抖音登录": "https://developer.open-douyin.com",
+    "哔哩哔哩登录": "https://openhome.bilibili.com",
     "支付宝登录": "https://opendocs.alipay.com/open/289/105656",
     "钉钉登录": "https://open.dingtalk.com",
     "飞书 / Lark 登录": "https://open.feishu.cn",
@@ -1156,6 +1158,7 @@
     "CAS 单点登录": "https://apereo.github.io/cas",
     "SAML 登录": "https://en.wikipedia.org/wiki/SAML_2.0",
     "OpenID Connect / OAuth2": "https://openid.net/developers/how-connect-works",
+    "彩虹聚合登录": "https://u.cccyun.cc",
     "支付宝支付": "https://open.alipay.com",
     "微信支付": "https://pay.weixin.qq.com",
     "QQ 钱包": "https://qpay.qq.com",
diff --git a/src/background/bundle-license.ts b/src/background/bundle-license.ts
@@ -6,7 +6,7 @@ import { matchesCompiledRulePatterns, matchesRuleTextHints } from './rule-matche
 import { isDetectablePageUrl } from '@/utils/page-support'
 import { cleanTechnologyUrl } from '@/utils/url'
 
-const BUNDLE_LICENSE_SCHEMA_VERSION = 3
+const BUNDLE_LICENSE_SCHEMA_VERSION = 4
 const BUNDLE_LICENSE_SOURCE = 'JS 版权注释'
 const MAX_CANDIDATE_SCRIPTS = 5
 const MAX_FETCH_BYTES = 384 * 1024
@@ -143,6 +143,32 @@ const collectCandidateScripts = (data: any, tabUrl: string): string[] => {
 
 const buildBundleSignature = (scripts: string[]): string => scripts.join('\n')
 
+const comparablePageUrl = (value: unknown): string => {
+  try {
+    const url = new URL(String(value || ''))
+    url.hash = ''
+    return url.href
+  } catch {
+    return ''
+  }
+}
+
+const getBundlePageIdentity = (data: any, tab: any): { url: string; title: string } => {
+  const tabUrl = String(tab?.url || '')
+  const pageUrl = String(data?.page?.url || '')
+  const pageMatchesTab = pageUrl && comparablePageUrl(pageUrl) === comparablePageUrl(tabUrl)
+  if (pageMatchesTab) {
+    return {
+      url: pageUrl,
+      title: String(data?.page?.title || tab?.title || '')
+    }
+  }
+  return {
+    url: tabUrl,
+    title: String(tab?.title || '')
+  }
+}
+
 const readLimitedResponseText = async (response: Response, maxBytes: number): Promise<string> => {
   if (!response.body) {
     return (await response.text()).slice(0, maxBytes)
@@ -378,12 +404,13 @@ export const runBundleLicenseDetection = async (tabId: number): Promise<void> =>
   }
 
   const technologies = detectTechnologiesFromLicenseText(observations, pageRules.bundleLicenseLibraries || [])
+  const pageIdentity = getBundlePageIdentity(data, tab)
 
   data.bundle = {
     schemaVersion: BUNDLE_LICENSE_SCHEMA_VERSION,
     signature,
-    url: tab.url,
-    title: tab.title,
+    url: pageIdentity.url,
+    title: pageIdentity.title,
     updatedAt: Date.now(),
     scripts: observations.map(observation => ({
       url: observation.url,
diff --git a/src/background/merge.ts b/src/background/merge.ts
@@ -27,14 +27,20 @@ export const shortHeaderUrl = (raw: unknown): string => {
   }
 }
 
-export const normalizeDynamicFallbackTechName = (name: unknown): string =>
-  String(name || '')
+export const normalizeDynamicFallbackTechName = (name: unknown): string => {
+  const normalized = String(name || '')
     .toLowerCase()
     .replace(/^疑似前端库:\s*/, '')
     .replace(/(?:\.js|js)$/i, '')
     .replace(/(?:[._-]pkgd)$/i, '')
     .replace(/[^a-z0-9一-龥]+/g, '')
 
+  const aliases: Record<string, string> = {
+    slickcarousel: 'slick'
+  }
+  return aliases[normalized] || normalized
+}
+
 export const isFrontendFallback = (item: any) => item?.category === '前端库' && /^疑似前端库:/i.test(String(item?.name || '').trim())
 
 const isWordPressThemeDirectoryFallbackEvidence = (evidenceText: string) =>
diff --git a/src/injected/page-detector.ts b/src/injected/page-detector.ts
@@ -342,12 +342,16 @@ const detectPageTechnologies = (ruleConfig: Record<string, unknown> = {}) => {
   }
 
   function normalizeFallbackTechName(name) {
-    return String(name || '')
+    const normalized = String(name || '')
       .toLowerCase()
       .replace(/^疑似前端库:\s*/, '')
       .replace(/(?:\.js|js)$/i, '')
       .replace(/(?:[._-]pkgd)$/i, '')
       .replace(/[^a-z0-9\u4e00-\u9fa5]+/g, '')
+    const aliases = {
+      slickcarousel: 'slick'
+    }
+    return aliases[normalized] || normalized
   }
 
   function suppressFrontendFallbackDuplicates(items) {
@@ -1159,18 +1163,39 @@ ${html}`
 
   function scoreTailwind(classes) {
     const tokens = Object.keys(classes)
-    let score = 0
+    let utilityScore = 0
+    let specificScore = 0
+    let bootstrapScore = 0
+    let distinctUtilityCount = 0
     let count = 0
     const TAILWIND_PATTERN =
       /^(?:sm|md|lg|xl|2xl):|^-?(?:m|p|mt|mr|mb|ml|mx|my|pt|pr|pb|pl|px|py)-|^(?:text|bg|border|ring|shadow|rounded|grid|flex|items|justify|gap|space|w|h|min-w|max-w|min-h|max-h)-|^(?:hover|focus|active|disabled|dark):|\[[^\]]+\]/
+    const TAILWIND_SPECIFIC_PATTERN =
+      /^(?:sm|md|lg|xl|2xl|hover|focus|active|disabled|dark):|^\[[^\]]+\]$|^(?:text|bg|border|ring|from|to|via)-(?:slate|gray|zinc|neutral|stone|red|orange|amber|yellow|lime|green|emerald|teal|cyan|sky|blue|indigo|violet|purple|fuchsia|pink|rose)-(?:50|100|200|300|400|500|600|700|800|900|950)$|^(?:grid-cols|grid-rows|gap|space-x|space-y)-\d+$|^(?:w|h|min-w|max-w|min-h|max-h)-(?:screen|full|fit|min|max|\d+\/\d+)$/
+    const BOOTSTRAP_PATTERN =
+      /^(?:container(?:-(?:fluid|sm|md|lg|xl|xxl))?|row|col(?:-\d+|-(?:sm|md|lg|xl|xxl)(?:-\d+)?)?|btn(?:-.+)?|navbar(?:-.+)?|card(?:-.+)?|dropdown(?:-.+)?|modal(?:-.+)?|form(?:-.+)?|input-group(?:-.+)?|table(?:-.+)?|alert(?:-.+)?|badge(?:-.+)?|d-(?:none|inline|inline-block|block|grid|table|flex|inline-flex)|justify-content-.+|align-items-.+|text-(?:center|start|end|left|right|muted|primary|secondary|success|danger|warning|info|light|dark|white|body|black-50|white-50)|(?:m|p)[tblrxy]?-(?:[0-5]|auto)|mdi(?:-.+)?)$/
     for (const token of tokens) {
       if (count++ >= 5000) break
+      if (BOOTSTRAP_PATTERN.test(token)) {
+        const c = classes[token]
+        bootstrapScore += c < 3 ? c : 3
+      }
       if (TAILWIND_PATTERN.test(token)) {
         const c = classes[token]
-        score += c < 3 ? c : 3
+        utilityScore += c < 3 ? c : 3
+        distinctUtilityCount += 1
+        if (TAILWIND_SPECIFIC_PATTERN.test(token)) {
+          specificScore += c < 3 ? c : 3
+        }
       }
     }
-    return score
+    if (specificScore < 3 && bootstrapScore >= 8) {
+      return 0
+    }
+    if (specificScore < 2 && (distinctUtilityCount < 14 || utilityScore < 24)) {
+      return 0
+    }
+    return utilityScore + specificScore * 4
   }
 
   function getMetaContent(name) {

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "stackprism",`
`3`	`3`	`"private": true,`
`4`		`- "version": "1.2.63",`
	`4`	`+ "version": "1.2.64",`
`5`	`5`	`"type": "module",`
`6`	`6`	`"description": "StackPrism 用于检测网页前端、后端、CDN、SaaS、广告营销、统计、登录、支付、网站程序和主题模板线索。",`
`7`	`7`	`"scripts": {`
Original file line number	Diff line number	Diff line change
`@@ -174,8 +174,10 @@`
`174`	`174`	`},`
`175`	`175`	`{`
`176`	`176`	`"name": "Layui",`
`177`		`- "patterns": ["layui"],`
`178`		`- "classPrefixes": ["layui-"],`
	`177`	`+ "patterns": [`
	`178`	`+ "(?:^\|/)layui(?:\\.all)?(?:\\.min)?\\.(?:js\|css)(?:[?#]\|[\"'<>\\s]\|$)",`
	`179`	`+ "(?:^\|/)layui/(?:layui\|css/layui)[^\\s\"'<>]*\\.(?:js\|css)(?:[?#]\|[\"'<>\\s]\|$)"`
	`180`	`+ ],`
`179`	`181`	`"classNames": ["layui-btn", "layui-form"]`
`180`	`182`	`}`
`181`	`183`	`]`