feat(rules): 增强多条检测规则并修复 Vercel 误报

[moyanj]

改动内容

• React Router: 添加 __reactRouterVersion 全局变量检测
• Vue: 添加 __VUE_DEVTOOLS_GLOBAL_HOOK__ 全局变量检测
• Discourse: 增强检测（meta generator、discourse-version、更多 globals、selectors）
• OpenList: 新增规则（meta generator、OPENLIST_CONFIG）
• Cloudreve: 新增规则（cloudreve-frontend）
• VuePress: 添加 meta generator 标签检测
• Vercel: 修复误报，移除 x-matched-path 作为判断依据
• nmap-service-probes 特征提取: 从 nmap 服务匹配规则中提取高价值 Web 技术栈特征
  • server-products: 新增 WEBrick、Python http.server、GoAhead、lighttpd、Payara、IBM HTTP Server、Sinopia、NodeBB、RESTHeart
  • powered-by-products: 新增 Sinopia、NodeBB、RESTHeart、Payara Server、Servlet、JSP
  • interesting-headers: 新增 kbn-name/kbn-version、liferay-portal、x-hudson/x-hudson-cli-port、x-app-name、x-cascade
  • header-patterns: 新增 Kibana（kbn 响应头）、Grafana（grafana_sess cookie）、Jenkins（X-Hudson 响应头）、SonarQube（_sonar_session cookie）、Sinatra（X-Cascade + __sinatra__ 资源路径）、Perl Mojolicious、Liferay Portal

改动文件

• public/rules/headers/header-patterns.json
• public/rules/headers/interesting-headers.json
• public/rules/headers/powered-by-products.json
• public/rules/headers/server-products.json
• public/rules/page/frontend-extra.json
• public/rules/page/frontend-frameworks.json
• public/rules/page/website-programs.json

Summary by Sourcery

增强前端技术检测规则，解决 Vercel 误报问题，并从 nmap-service-probes 中提取高价值 Web 技术栈识别特征。

新特性：

• 通过 __reactRouterVersion 全局变量添加 React Router 检测。
• 通过 __VUE_DEVTOOLS_GLOBAL_HOOK__ 全局变量添加 Vue 检测。
• 使用 meta generator 标签和 OPENLIST_CONFIG 全局变量添加 OpenList 检测。
• 基于 cloudreve-frontend 标识符添加 Cloudreve 检测。
• 通过 meta generator 标签添加 VuePress 检测。
• 从 nmap-service-probes 提取 Kibana、Grafana、Jenkins、SonarQube、Sinatra、Perl Mojolicious、Liferay Portal 等技术的响应头和 Cookie 识别特征。
• 新增 WEBrick、Python http.server、GoAhead、lighttpd、Payara、IBM HTTP Server 等 Web 服务器识别规则。

错误修复：

• 调整 Vercel 检测规则，不再依赖 x-matched-path 请求头，以消除误报。

增强内容：

• 通过增加额外的 meta 标签、请求头、全局变量和选择器来强化 Discourse 检测。
• 扩展响应头监听列表，新增 kbn-name、kbn-version、liferay-portal、x-hudson、x-app-name、x-cascade 等应用专属头。

Original summary in English

Summary by Sourcery

Enhance frontend technology detection rules, address Vercel false positives, and extract high-value web tech stack identification features from nmap-service-probes.

New Features:

• Add React Router detection via the __reactRouterVersion global variable.
• Add Vue detection via the VUE_DEVTOOLS_GLOBAL_HOOK global variable.
• Add OpenList detection using meta generator tags and the OPENLIST_CONFIG global.
• Add Cloudreve detection based on the cloudreve-frontend identifier.
• Add VuePress detection via meta generator tags.
• Extract Kibana, Grafana, Jenkins, SonarQube, Sinatra, Perl Mojolicious, Liferay Portal identification features from nmap-service-probes (response headers and cookies).
• Add WEBrick, Python http.server, GoAhead, lighttpd, Payara, IBM HTTP Server web server identification rules.

Bug Fixes:

• Adjust Vercel detection rules to eliminate false positives by no longer relying on the x-matched-path header.

Enhancements:

• Strengthen Discourse detection using additional meta tags, headers, globals, and selectors.
• Extend response header watch list with app-specific headers: kbn-name, kbn-version, liferay-portal, x-hudson, x-app-name, x-cascade.

[sourcery-ai]

审阅者指南（在小型 PR 上折叠）

审阅者指南

此 PR 通过添加新的全局变量和 meta 标签启发式规则，细化了多个前端框架与网站程序的检测规则，同时收紧了基于响应头的 Vercel 检测，以减少误报。

文件级变更

变更	详情	文件
增强基于响应头的检测并修复 Vercel 误报。	调整了响应头匹配模式，不再使用 x-matched-path 作为 Vercel 检测信号 细化或新增响应头启发式规则，以更好地区分 Vercel 与其他服务提供商	public/rules/headers/header-patterns.json
加强 Discourse 的前端额外规则，并新增 OpenList 和 Cloudreve 的检测。	通过 meta generator、discourse-version、额外全局变量以及 CSS 选择器扩展 Discourse 检测 使用 meta generator 和 OPENLIST_CONFIG 全局变量新增 OpenList 检测规则 引入以 cloudreve-frontend 资源或标记为键的 Cloudreve 检测	public/rules/page/frontend-extra.json
通过全局变量新增 React Router 和 Vue 框架检测。	通过 __reactRouterVersion 全局变量新增 React Router 检测 通过 VUE_DEVTOOLS_GLOBAL_HOOK 全局变量新增 Vue 检测	public/rules/page/frontend-frameworks.json
改进 VuePress 等网站程序的检测。	通过 meta generator 标签新增 VuePress 检测 在相关场景下，将网站程序规则与新的框架及应用特定启发式规则对齐	public/rules/page/website-programs.json

---

提示与命令

与 Sourcery 交互

• 触发新的审阅： 在 pull request 上评论 @sourcery-ai review。
• 继续讨论： 直接回复 Sourcery 的审阅评论。
• 从审阅评论生成 GitHub issue： 通过回复审阅评论，请求 Sourcery 从该评论创建 issue。你也可以在审阅评论中回复 @sourcery-ai issue 来从中创建 issue。
• 生成 pull request 标题： 在 pull request 标题的任意位置写入 @sourcery-ai，即可随时生成标题。你也可以在 pull request 上评论 @sourcery-ai title 来（重新）生成标题。
• 生成 pull request 摘要： 在 pull request 正文的任意位置写入 @sourcery-ai summary，即可在你想要的位置随时生成 PR 摘要。你也可以在 pull request 上评论 @sourcery-ai summary 来（重新）生成摘要。
• 生成审阅者指南： 在 pull request 上评论 @sourcery-ai guide，即可随时（重新）生成审阅者指南。
• 解决所有 Sourcery 评论： 在 pull request 上评论 @sourcery-ai resolve，以解决所有 Sourcery 评论。如果你已经处理完所有评论且不想再看到它们，这会很有用。
• 忽略所有 Sourcery 审阅： 在 pull request 上评论 @sourcery-ai dismiss，以忽略所有现有的 Sourcery 审阅。若你希望从一次全新的审阅开始，这尤其有用——别忘了再评论 @sourcery-ai review 来触发新的审阅！

自定义你的体验

访问你的 仪表盘 以：

• 启用或禁用审阅功能，例如 Sourcery 生成的 pull request 摘要、审阅者指南等。
• 更改审阅语言。
• 添加、移除或编辑自定义审阅指令。
• 调整其他审阅设置。

获取帮助

• 如有问题或反馈，请联系支持团队。
• 访问我们的文档以获取详细指南和信息。
• 关注我们在 X/Twitter、LinkedIn 或 GitHub 的账号，与 Sourcery 团队保持联系。

Original review guide in English

Reviewer's guide (collapsed on small PRs)

Reviewer's Guide

This PR refines several detection rules for frontend frameworks and website programs by adding new global variable and meta tag heuristics, while tightening header-based Vercel detection to reduce false positives.

File-Level Changes

Change	Details	Files
Enhance header-based detection and fix Vercel false positives.	Adjusted header matching patterns to stop using x-matched-path as a Vercel detection signal Refined or added header heuristics to better distinguish Vercel from other providers	public/rules/headers/header-patterns.json
Strengthen frontend extra rules for Discourse and add new detections for OpenList and Cloudreve.	Expanded Discourse detection using meta generator, discourse-version, additional globals, and CSS selectors Added OpenList detection rules using meta generator and OPENLIST_CONFIG global Introduced Cloudreve detection keyed on cloudreve-frontend assets or markers	public/rules/page/frontend-extra.json
Add new React Router and Vue framework detection via global variables.	Added detection of React Router via __reactRouterVersion global Added detection of Vue via VUE_DEVTOOLS_GLOBAL_HOOK global	public/rules/page/frontend-frameworks.json
Improve website program detections for VuePress and other apps.	Added VuePress detection via meta generator tag Aligned website program rules with the new framework and app-specific heuristics where relevant	public/rules/page/website-programs.json

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey - 我在这里给出一些整体性的反馈：

• 对于新的基于全局变量的检测（例如 React Router、Vue、Discourse），在可行的情况下可以考虑再增加一个确认信号（比如一个选择器或 meta 标签），以降低那些偶然定义了类似全局变量的网站带来新的误报风险。
• 针对新的基于 meta generator 的规则（Discourse、OpenList、VuePress）以及对 Vercel 头部的调整，建议检查是否与现有模式存在重叠或冲突；同时可以考虑对 generator 字符串匹配进行标准化（例如统一使用不区分大小写匹配和锚定），这样可以使不同规则之间的行为更加可预期。

供 AI 代理使用的提示词

Please address the comments from this code review:

## Overall Comments
- For the new global-variable based detections (e.g., React Router, Vue, Discourse), consider adding an additional confirming signal (like a selector or meta tag) where feasible to reduce the risk of new false positives from sites that accidentally define similar globals.
- The new meta generator–based rules (Discourse, OpenList, VuePress) and the Vercel header adjustments should be checked for overlap/conflicts with existing patterns; it may help to standardize generator string matching (e.g., consistent use of case-insensitive matching and anchoring) so behavior is predictable across different rules.

---

Sourcery 对开源项目是免费的——如果你觉得我们的评审有帮助，欢迎分享 ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{帮我变得更有用！请在每条评论上点击 👍 或 👎，我会根据这些反馈改进为你提供的代码评审。}

Original comment in English

Hey - I've left some high level feedback:

• For the new global-variable based detections (e.g., React Router, Vue, Discourse), consider adding an additional confirming signal (like a selector or meta tag) where feasible to reduce the risk of new false positives from sites that accidentally define similar globals.
• The new meta generator–based rules (Discourse, OpenList, VuePress) and the Vercel header adjustments should be checked for overlap/conflicts with existing patterns; it may help to standardize generator string matching (e.g., consistent use of case-insensitive matching and anchoring) so behavior is predictable across different rules.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- For the new global-variable based detections (e.g., React Router, Vue, Discourse), consider adding an additional confirming signal (like a selector or meta tag) where feasible to reduce the risk of new false positives from sites that accidentally define similar globals.
- The new meta generator–based rules (Discourse, OpenList, VuePress) and the Vercel header adjustments should be checked for overlap/conflicts with existing patterns; it may help to standardize generator string matching (e.g., consistent use of case-insensitive matching and anchoring) so behavior is predictable across different rules.

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}