# 三级等保小帮手

**Repository Path**: coderaaa/third-level-insurance-helper

## Basic Information

- **Project Name**: 三级等保小帮手
- **Description**: 二级等保/三级等保小帮手
可能会用到的代码，以及修改方法。
- **Primary Language**: Unknown
- **License**: MIT
- **Default Branch**: master
- **Homepage**: None
- **GVP Project**: No

## Statistics

- **Stars**: 0
- **Forks**: 0
- **Created**: 2026-01-08
- **Last Updated**: 2026-01-16

## Categories & Tags

**Categories**: Uncategorized

**Tags**: None

## README

# 三级等保小帮手

#### 介绍
二级/三级等保
可能会用到的代码，以及修改方法。
因为二级/三级等保，涉及的细节比较多和繁琐。
同时，又经常会遇到老旧代码。因此很多繁琐的修改，是绕不过去的。
所以结合自身实践，特别原创与整合了一些通用的方法。
希望能对处理二级/三级等保有所帮助。

#### 使用说明

1、js文件夹下

1）vue2.7.18.js
因为vue2.x 官方只更新到了2.7.16。仍然会有以下漏洞
CVE-2024-9506: ReDoS vulnerability in vue package that is exploitable through inefficient regex evaluation in the parseHTML function

所以，用kiro修改了一个尝试的版本。
版本号改为vue2.7.18，本来想写17的，但是感觉18更吉利。

2)json-validator.js
用于处理json时的一些漏洞。
如：DOM-based JSON注入漏洞。

使用例子一：

首先包含json-validator.js文件。
<script src="__STATIC__/js/json-validator.js"></script>

// 修复前（不安全）
var info = JSON.parse($("#info").val().toString());
var data = JSON.parse(JSON.stringify(obj));

// 修复后（安全）
var info = JsonValidator.safeParse($("#info").val().toString(), {});
var data = JsonValidator.deepClone(obj, {});

2、secutiry文件夹下

包含了12个中间件，专门处理安全问题。
示例适用于 thinkPhp 6.x
说明文档：saveMiddlewareHelp.html
使用例子：middleware_usage_example.php

---

# Cybersecurity Level Protection Helper

#### Introduction
Level 2/Level 3 Cybersecurity Protection
This repository contains code and modification methods that may be useful for compliance.
Since Level 2/Level 3 cybersecurity protection involves many detailed and tedious requirements,
and often deals with legacy code, many cumbersome modifications are unavoidable.
Therefore, based on practical experience, this project provides original and integrated common methods.
Hope this helps with Level 2/Level 3 cybersecurity protection compliance.

#### Usage Instructions

1. js folder

1) vue2.7.18.js
Since Vue 2.x official updates only reached 2.7.16, the following vulnerability still exists:
CVE-2024-9506: ReDoS vulnerability in vue package that is exploitable through inefficient regex evaluation in the parseHTML function

Therefore, a patched version was created using Kiro.
The version number is changed to vue2.7.18 (originally wanted to use 17, but 18 is more auspicious).

2) json-validator.js
Used to handle various JSON-related vulnerabilities.
For example: DOM-based JSON injection vulnerabilities.

Usage Example:

First, include the json-validator.js file.
<script src="__STATIC__/js/json-validator.js"></script>

// Before fix (unsafe)
var info = JSON.parse($("#info").val().toString());
var data = JSON.parse(JSON.stringify(obj));

// After fix (safe)
var info = JsonValidator.safeParse($("#info").val().toString(), {});
var data = JsonValidator.deepClone(obj, {});

2. security folder

Contains 12 middleware components specifically designed to handle security issues.
Examples are applicable to ThinkPHP 6.x
Documentation: saveMiddlewareHelp.html
Usage example: middleware_usage_example.php