hao/websafe-kb
1
0
派生 0
代码 工单 合并请求 1 工作流 软件包 项目 发布 百科 活动

更新: 2531 个文件 - 2026-03-17 21:00:03

浏览代码
这个提交包含在:
hao
2026-03-17 21:00:04 -07:00
父节点 a3edc88834
当前提交 080e55a98c
修改 2531 个文件,包含 135521 行新增3725 行删除
下载 Patch 文件 下载 Diff 文件 展开所有文件 折叠所有文件

44
06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318023002/logs/doctor.json 普通文件
查看文件

@@ -0,0 +1,44 @@
{
"status": "failed",
"ok": false,
"checks": [
{
"name": "docker-cli",
"ok": true,
"detail": "docker CLI available"
},
{
"name": "docker-daemon",
"ok": true,
"detail": "context=desktop-linux"
},
{
"name": "playwright-import",
"ok": true,
"detail": "playwright Python package import passed"
},
{
"name": "playwright-browser",
"ok": false,
"detail": "chromium launch failed: BrowserType.launch: Timeout 180000ms exceeded.\nCall log:\n - <launching> /Users/x/Library/Caches/ms-playwright/chromium_headless_shell-1208/chrome-headless-shell-mac-arm64/chrome-headless-shell --disable-field-trial-config --disable-background-networking --disable-background-timer-throttling --disable-backgrounding-occluded-windows --disable-back-forward-cache --disable-breakpad --disable-client-side-phishing-detection --disable-component-extensions-with-background-pages --disable-component-update --no-default-browser-check --disable-default-apps --disable-dev-shm-usage --disable-extensions --disable-features=AvoidUnnecessaryBeforeUnloadCheckSync,BoundaryEventDispatchTracksNodeRemoval,DestroyProfileOnBrowserClose,DialMediaRouteProvider,GlobalMediaControls,HttpsUpgrades,LensOverlay,MediaRouter,PaintHolding,ThirdPartyStoragePartitioning,Translate,AutoDeElevate,RenderDocument,OptimizationHints --enable-features=CDPScreenshotNewSurface --allow-pre-commit-input --disable-hang-monitor --disable-ipc-flooding-protection --disable-popup-blocking --disable-prompt-on-repost --disable-renderer-backgrounding --force-color-profile=srgb --metrics-recording-only --no-first-run --password-store=basic --use-mock-keychain --no-service-autorun --export-tagged-pdf --disable-search-engine-choice-screen --unsafely-disable-devtools-self-xss-warnings --edge-skip-compat-layer-relaunch --enable-automation --disable-infobars --disable-search-engine-choice-screen --disable-sync --enable-unsafe-swiftshader --headless --hide-scrollbars --mute-audio --blink-settings=primaryHoverType=2,availableHoverTypes=2,primaryPointerType=4,availablePointerTypes=4 --no-sandbox --user-data-dir=/var/folders/n7/4hh5kwt50913gn3xqyzf426c0000gn/T/playwright_chromiumdev_profile-azzIJQ --remote-debugging-pipe --no-startup-window\n - <launched> pid=25167\n"
},
{
"name": "ports",
"ok": true,
"detail": "checked 1 host port bindings",
"bindings": [
{
"profile_id": "gitea-ssrf",
"service": "app",
"binding": "18105:3000",
"port": 18105
}
]
}
],
"profile_ids": [
"gitea-ssrf"
],
"failure_count": 1,
"summary": "chromium launch failed: BrowserType.launch: Timeout 180000ms exceeded.\nCall log:\n - <launching> /Users/x/Library/Caches/ms-playwright/chromium_headless_shell-1208/chrome-headless-shell-mac-arm64/chrome-headless-shell --disable-field-trial-config --disable-background-networking --disable-background-timer-throttling --disable-backgrounding-occluded-windows --disable-back-forward-cache --disable-breakpad --disable-client-side-phishing-detection --disable-component-extensions-with-background-pages --disable-component-update --no-default-browser-check --disable-default-apps --disable-dev-shm-usage --disable-extensions --disable-features=AvoidUnnecessaryBeforeUnloadCheckSync,BoundaryEventDispatchTracksNodeRemoval,DestroyProfileOnBrowserClose,DialMediaRouteProvider,GlobalMediaControls,HttpsUpgrades,LensOverlay,MediaRouter,PaintHolding,ThirdPartyStoragePartitioning,Translate,AutoDeElevate,RenderDocument,OptimizationHints --enable-features=CDPScreenshotNewSurface --allow-pre-commit-input --disable-hang-monitor --disable-ipc-flooding-protection --disable-popup-blocking --disable-prompt-on-repost --disable-renderer-backgrounding --force-color-profile=srgb --metrics-recording-only --no-first-run --password-store=basic --use-mock-keychain --no-service-autorun --export-tagged-pdf --disable-search-engine-choice-screen --unsafely-disable-devtools-self-xss-warnings --edge-skip-compat-layer-relaunch --enable-automation --disable-infobars --disable-search-engine-choice-screen --disable-sync --enable-unsafe-swiftshader --headless --hide-scrollbars --mute-audio --blink-settings=primaryHoverType=2,availableHoverTypes=2,primaryPointerType=4,availablePointerTypes=4 --no-sandbox --user-data-dir=/var/folders/n7/4hh5kwt50913gn3xqyzf426c0000gn/T/playwright_chromiumdev_profile-azzIJQ --remote-debugging-pipe --no-startup-window\n - <launched> pid=25167\n"
}

50
06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318023002/report.html 普通文件
查看文件

@@ -0,0 +1,50 @@
<!doctype html>
<html><head><meta charset='utf-8'><title>websafe 运行报告</title>
<style>body{font-family:ui-sans-serif,system-ui,sans-serif;margin:2rem;line-height:1.55;background:#f8fafc;color:#0f172a;} code,pre{background:#e2e8f0;padding:.2rem .4rem;border-radius:.3rem;} pre{white-space:pre-wrap;} .grid{display:grid;grid-template-columns:repeat(2,minmax(0,1fr));gap:1rem;} .card{border:1px solid #cbd5e1;padding:1rem;border-radius:.75rem;background:#fff;} table{width:100%;border-collapse:collapse;background:#fff;border:1px solid #cbd5e1;border-radius:.75rem;overflow:hidden;} th,td{padding:.75rem;border-bottom:1px solid #e2e8f0;text-align:left;vertical-align:top;} img{max-width:100%;border:1px solid #cbd5e1;border-radius:.5rem;} .gallery{display:grid;grid-template-columns:repeat(auto-fit,minmax(320px,1fr));gap:1rem;}</style>
</head><body>
<h1>运行 gitea-gitea--CVE-2018-15192-20260318023002</h1>
<div class='grid'>
<div class='card'><strong>漏洞条目</strong><br><code>gitea--CVE-2018-15192</code></div>
<div class='card'><strong>实证状态</strong><br><code>blocked-artifact</code></div>
<div class='card'><strong>复现 Profile</strong><br><code>gitea-ssrf</code></div>
<div class='card'><strong>Artifact 模式</strong><br><code>local-fixture</code></div>
</div>
<h2>Mermaid 时间线</h2>
<pre>flowchart LR
A[&quot;选择 Advisory&quot;] --&gt; B[&quot;解析 Repro Profile&quot;]
B --&gt; C[&quot;生成 Compose 环境&quot;]
C --&gt; D[&quot;采集基线快照&quot;]
D --&gt; E[&quot;执行受控攻击步骤&quot;]
E --&gt; F[&quot;浏览器回放验证&quot;]
F --&gt; G[&quot;收集日志与证据&quot;]
G --&gt; H[&quot;回写 Registry 与报告&quot;]
H --&gt; I[&quot;阻塞: chromium launch failed: BrowserType.launch: Timeout 180000ms&quot;]</pre>
<h2>运行时间线</h2>
<table><thead><tr><th>时间</th><th>步骤</th><th>状态</th><th>说明</th></tr></thead><tbody>
<tr><td><code>2026-03-18T02:30:02+00:00</code></td><td><code>select-advisory</code></td><td><code>completed</code></td><td>gitea--CVE-2018-15192</td></tr>
<tr><td><code>2026-03-18T02:30:02+00:00</code></td><td><code>resolve-repro-profile</code></td><td><code>completed</code></td><td>gitea-ssrf</td></tr>
<tr><td><code>2026-03-18T02:42:30+00:00</code></td><td><code>doctor</code></td><td><code>failed</code></td><td>chromium launch failed: BrowserType.launch: Timeout 180000ms exceeded.
Call log:
- &lt;launching&gt; /Users/x/Library/Caches/ms-playwright/chromium_headless_shell-1208/chrome-headless-shell-mac-arm64/chrome-headless-shell --disable-field-trial-config --disable-background-networking --disable-background-timer-throttling --disable-backgrounding-occluded-windows --disable-back-forward-cache --disable-breakpad --disable-client-side-phishing-detection --disable-component-extensions-with-background-pages --disable-component-update --no-default-browser-check --disable-default-apps --disable-dev-shm-usage --disable-extensions --disable-features=AvoidUnnecessaryBeforeUnloadCheckSync,BoundaryEventDispatchTracksNodeRemoval,DestroyProfileOnBrowserClose,DialMediaRouteProvider,GlobalMediaControls,HttpsUpgrades,LensOverlay,MediaRouter,PaintHolding,ThirdPartyStoragePartitioning,Translate,AutoDeElevate,RenderDocument,OptimizationHints --enable-features=CDPScreenshotNewSurface --allow-pre-commit-input --disable-hang-monitor --disable-ipc-flooding-protection --disable-popup-blocking --disable-prompt-on-repost --disable-renderer-backgrounding --force-color-profile=srgb --metrics-recording-only --no-first-run --password-store=basic --use-mock-keychain --no-service-autorun --export-tagged-pdf --disable-search-engine-choice-screen --unsafely-disable-devtools-self-xss-warnings --edge-skip-compat-layer-relaunch --enable-automation --disable-infobars --disable-search-engine-choice-screen --disable-sync --enable-unsafe-swiftshader --headless --hide-scrollbars --mute-audio --blink-settings=primaryHoverType=2,availableHoverTypes=2,primaryPointerType=4,availablePointerTypes=4 --no-sandbox --user-data-dir=/var/folders/n7/4hh5kwt50913gn3xqyzf426c0000gn/T/playwright_chromiumdev_profile-azzIJQ --remote-debugging-pipe --no-startup-window
- &lt;launched&gt; pid=25167
</td></tr>
<tr><td><code>2026-03-18T02:42:30+00:00</code></td><td><code>provision-compose-environment</code></td><td><code>blocked-artifact</code></td><td>chromium launch failed: BrowserType.launch: Timeout 180000ms exceeded.
Call log:
- &lt;launching&gt; /Users/x/Library/Caches/ms-playwright/chromium_headless_shell-1208/chrome-headless-shell-mac-arm64/chrome-headless-shell --disable-field-trial-config --disable-background-networking --disable-background-timer-throttling --disable-backgrounding-occluded-windows --disable-back-forward-cache --disable-breakpad --disable-client-side-phishing-detection --disable-component-extensions-with-background-pages --disable-component-update --no-default-browser-check --disable-default-apps --disable-dev-shm-usage --disable-extensions --disable-features=AvoidUnnecessaryBeforeUnloadCheckSync,BoundaryEventDispatchTracksNodeRemoval,DestroyProfileOnBrowserClose,DialMediaRouteProvider,GlobalMediaControls,HttpsUpgrades,LensOverlay,MediaRouter,PaintHolding,ThirdPartyStoragePartitioning,Translate,AutoDeElevate,RenderDocument,OptimizationHints --enable-features=CDPScreenshotNewSurface --allow-pre-commit-input --disable-hang-monitor --disable-ipc-flooding-protection --disable-popup-blocking --disable-prompt-on-repost --disable-renderer-backgrounding --force-color-profile=srgb --metrics-recording-only --no-first-run --password-store=basic --use-mock-keychain --no-service-autorun --export-tagged-pdf --disable-search-engine-choice-screen --unsafely-disable-devtools-self-xss-warnings --edge-skip-compat-layer-relaunch --enable-automation --disable-infobars --disable-search-engine-choice-screen --disable-sync --enable-unsafe-swiftshader --headless --hide-scrollbars --mute-audio --blink-settings=primaryHoverType=2,availableHoverTypes=2,primaryPointerType=4,availablePointerTypes=4 --no-sandbox --user-data-dir=/var/folders/n7/4hh5kwt50913gn3xqyzf426c0000gn/T/playwright_chromiumdev_profile-azzIJQ --remote-debugging-pipe --no-startup-window
- &lt;launched&gt; pid=25167
</td></tr>
<tr><td><code>2026-03-18T02:42:30+00:00</code></td><td><code>wait-ready</code></td><td><code>skipped</code></td><td>provisioning blocked</td></tr>
<tr><td><code>2026-03-18T02:42:30+00:00</code></td><td><code>seed-environment</code></td><td><code>skipped</code></td><td>runtime steps unavailable</td></tr>
<tr><td><code>2026-03-18T02:42:30+00:00</code></td><td><code>baseline-snapshot</code></td><td><code>skipped</code></td><td>no baseline urls or provisioning blocked</td></tr>
<tr><td><code>2026-03-18T02:42:30+00:00</code></td><td><code>controlled-attack-chain</code></td><td><code>skipped</code></td><td>provisioning blocked</td></tr>
<tr><td><code>2026-03-18T02:42:30+00:00</code></td><td><code>collect-logs-and-evidence</code></td><td><code>skipped</code></td><td>container_logs=0</td></tr>
<tr><td><code>2026-03-18T02:42:30+00:00</code></td><td><code>cleanup-compose-environment</code></td><td><code>skipped</code></td><td>cleanup_policy not destroy</td></tr>
<tr><td><code>2026-03-18T02:42:30+00:00</code></td><td><code>update-registry-and-reports</code></td><td><code>completed</code></td><td>gitea-gitea--CVE-2018-15192-20260318023002</td></tr>
</tbody></table>
<h2>攻击步骤</h2>
<table><thead><tr><th>工具</th><th>状态</th><th>输出</th></tr></thead><tbody>
<tr><td><code>-</code></td><td><code>skipped</code></td><td><code>当前没有攻击步骤</code></td></tr>
</tbody></table>
<h2>证据清单</h2><ul>
</ul>
</body></html>

69
06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318023002/report.md 普通文件
查看文件

@@ -0,0 +1,69 @@
# 运行 gitea-gitea--CVE-2018-15192-20260318023002
> `LAB ONLY` | `AUTHORIZED TARGETS ONLY` | 自动生成 run bundle
- 漏洞条目: `gitea--CVE-2018-15192`
- 系统: `gitea`
- Repro Profile: `gitea-ssrf`
- 实证状态: `blocked-artifact`
- 实证方式: `real`
- Artifact 模式: `local-fixture`
- 启动时间: `2026-03-18T02:30:02+00:00`
- 完成时间: `2026-03-18T02:42:30+00:00`
- 阻塞原因: `chromium launch failed: BrowserType.launch: Timeout 180000ms exceeded.
Call log:
- <launching> /Users/x/Library/Caches/ms-playwright/chromium_headless_shell-1208/chrome-headless-shell-mac-arm64/chrome-headless-shell --disable-field-trial-config --disable-background-networking --disable-background-timer-throttling --disable-backgrounding-occluded-windows --disable-back-forward-cache --disable-breakpad --disable-client-side-phishing-detection --disable-component-extensions-with-background-pages --disable-component-update --no-default-browser-check --disable-default-apps --disable-dev-shm-usage --disable-extensions --disable-features=AvoidUnnecessaryBeforeUnloadCheckSync,BoundaryEventDispatchTracksNodeRemoval,DestroyProfileOnBrowserClose,DialMediaRouteProvider,GlobalMediaControls,HttpsUpgrades,LensOverlay,MediaRouter,PaintHolding,ThirdPartyStoragePartitioning,Translate,AutoDeElevate,RenderDocument,OptimizationHints --enable-features=CDPScreenshotNewSurface --allow-pre-commit-input --disable-hang-monitor --disable-ipc-flooding-protection --disable-popup-blocking --disable-prompt-on-repost --disable-renderer-backgrounding --force-color-profile=srgb --metrics-recording-only --no-first-run --password-store=basic --use-mock-keychain --no-service-autorun --export-tagged-pdf --disable-search-engine-choice-screen --unsafely-disable-devtools-self-xss-warnings --edge-skip-compat-layer-relaunch --enable-automation --disable-infobars --disable-search-engine-choice-screen --disable-sync --enable-unsafe-swiftshader --headless --hide-scrollbars --mute-audio --blink-settings=primaryHoverType=2,availableHoverTypes=2,primaryPointerType=4,availablePointerTypes=4 --no-sandbox --user-data-dir=/var/folders/n7/4hh5kwt50913gn3xqyzf426c0000gn/T/playwright_chromiumdev_profile-azzIJQ --remote-debugging-pipe --no-startup-window
- <launched> pid=25167
`
- Compose 服务: `app`
## 运行时间线
- Mermaid: [timeline.mmd](/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318023002/timeline.mmd)
| 时间 | 步骤 | 状态 | 说明 |
|------|------|------|------|
| `2026-03-18T02:30:02+00:00` | `select-advisory` | `completed` | gitea--CVE-2018-15192 |
| `2026-03-18T02:30:02+00:00` | `resolve-repro-profile` | `completed` | gitea-ssrf |
| `2026-03-18T02:42:30+00:00` | `doctor` | `failed` | chromium launch failed: BrowserType.launch: Timeout 180000ms exceeded.
Call log:
- <launching> /Users/x/Library/Caches/ms-playwright/chromium_headless_shell-1208/chrome-headless-shell-mac-arm64/chrome-headless-shell --disable-field-trial-config --disable-background-networking --disable-background-timer-throttling --disable-backgrounding-occluded-windows --disable-back-forward-cache --disable-breakpad --disable-client-side-phishing-detection --disable-component-extensions-with-background-pages --disable-component-update --no-default-browser-check --disable-default-apps --disable-dev-shm-usage --disable-extensions --disable-features=AvoidUnnecessaryBeforeUnloadCheckSync,BoundaryEventDispatchTracksNodeRemoval,DestroyProfileOnBrowserClose,DialMediaRouteProvider,GlobalMediaControls,HttpsUpgrades,LensOverlay,MediaRouter,PaintHolding,ThirdPartyStoragePartitioning,Translate,AutoDeElevate,RenderDocument,OptimizationHints --enable-features=CDPScreenshotNewSurface --allow-pre-commit-input --disable-hang-monitor --disable-ipc-flooding-protection --disable-popup-blocking --disable-prompt-on-repost --disable-renderer-backgrounding --force-color-profile=srgb --metrics-recording-only --no-first-run --password-store=basic --use-mock-keychain --no-service-autorun --export-tagged-pdf --disable-search-engine-choice-screen --unsafely-disable-devtools-self-xss-warnings --edge-skip-compat-layer-relaunch --enable-automation --disable-infobars --disable-search-engine-choice-screen --disable-sync --enable-unsafe-swiftshader --headless --hide-scrollbars --mute-audio --blink-settings=primaryHoverType=2,availableHoverTypes=2,primaryPointerType=4,availablePointerTypes=4 --no-sandbox --user-data-dir=/var/folders/n7/4hh5kwt50913gn3xqyzf426c0000gn/T/playwright_chromiumdev_profile-azzIJQ --remote-debugging-pipe --no-startup-window
- <launched> pid=25167
|
| `2026-03-18T02:42:30+00:00` | `provision-compose-environment` | `blocked-artifact` | chromium launch failed: BrowserType.launch: Timeout 180000ms exceeded.
Call log:
- <launching> /Users/x/Library/Caches/ms-playwright/chromium_headless_shell-1208/chrome-headless-shell-mac-arm64/chrome-headless-shell --disable-field-trial-config --disable-background-networking --disable-background-timer-throttling --disable-backgrounding-occluded-windows --disable-back-forward-cache --disable-breakpad --disable-client-side-phishing-detection --disable-component-extensions-with-background-pages --disable-component-update --no-default-browser-check --disable-default-apps --disable-dev-shm-usage --disable-extensions --disable-features=AvoidUnnecessaryBeforeUnloadCheckSync,BoundaryEventDispatchTracksNodeRemoval,DestroyProfileOnBrowserClose,DialMediaRouteProvider,GlobalMediaControls,HttpsUpgrades,LensOverlay,MediaRouter,PaintHolding,ThirdPartyStoragePartitioning,Translate,AutoDeElevate,RenderDocument,OptimizationHints --enable-features=CDPScreenshotNewSurface --allow-pre-commit-input --disable-hang-monitor --disable-ipc-flooding-protection --disable-popup-blocking --disable-prompt-on-repost --disable-renderer-backgrounding --force-color-profile=srgb --metrics-recording-only --no-first-run --password-store=basic --use-mock-keychain --no-service-autorun --export-tagged-pdf --disable-search-engine-choice-screen --unsafely-disable-devtools-self-xss-warnings --edge-skip-compat-layer-relaunch --enable-automation --disable-infobars --disable-search-engine-choice-screen --disable-sync --enable-unsafe-swiftshader --headless --hide-scrollbars --mute-audio --blink-settings=primaryHoverType=2,availableHoverTypes=2,primaryPointerType=4,availablePointerTypes=4 --no-sandbox --user-data-dir=/var/folders/n7/4hh5kwt50913gn3xqyzf426c0000gn/T/playwright_chromiumdev_profile-azzIJQ --remote-debugging-pipe --no-startup-window
- <launched> pid=25167
|
| `2026-03-18T02:42:30+00:00` | `wait-ready` | `skipped` | provisioning blocked |
| `2026-03-18T02:42:30+00:00` | `seed-environment` | `skipped` | runtime steps unavailable |
| `2026-03-18T02:42:30+00:00` | `baseline-snapshot` | `skipped` | no baseline urls or provisioning blocked |
| `2026-03-18T02:42:30+00:00` | `controlled-attack-chain` | `skipped` | provisioning blocked |
| `2026-03-18T02:42:30+00:00` | `collect-logs-and-evidence` | `skipped` | container_logs=0 |
| `2026-03-18T02:42:30+00:00` | `cleanup-compose-environment` | `skipped` | cleanup_policy not destroy |
| `2026-03-18T02:42:30+00:00` | `update-registry-and-reports` | `completed` | gitea-gitea--CVE-2018-15192-20260318023002 |
## Compose 拓扑
- Compose 文件: `-`
- 服务列表: `app`
## 攻击步骤
| 工具/步骤 | 状态 | 结果 |
|-----------|------|------|
| `-` | `skipped` | `no attack steps` |
## 证据摘要
- Baseline: `0`
- 攻击步骤: `0`
- 浏览器证据: `0`
- 容器日志: `0`
- 请求日志: `0`
## 最小化验证说明
- 仅限自有资产、本地靶场或已授权实验目标。
- 默认执行 minimal-proof;不会把破坏性或不可回滚动作作为默认路径。
- 若浏览器证据缺失,前端类案例不会被标为 `verified-*`。

128
06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318023002/run.json 普通文件
查看文件

@@ -0,0 +1,128 @@
{
"run_id": "gitea-gitea--CVE-2018-15192-20260318023002",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2018-15192",
"repro_profile_id": "gitea-ssrf",
"verification_status": "blocked-artifact",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [],
"attack_steps": [],
"browser_refs": [],
"browser_evidence": {
"required": false,
"present": false,
"refs": [],
"baseline_refs": [],
"proof_refs": [],
"baseline_title": null,
"proof_title": null,
"error_kind": null,
"reason": null
},
"container_log_refs": [],
"request_log_refs": [],
"compose_refs": [],
"timeline": [
{
"at": "2026-03-18T02:30:02+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2018-15192"
},
{
"at": "2026-03-18T02:30:02+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-ssrf"
},
{
"at": "2026-03-18T02:42:30+00:00",
"step": "doctor",
"status": "failed",
"detail": "chromium launch failed: BrowserType.launch: Timeout 180000ms exceeded.\nCall log:\n - <launching> /Users/x/Library/Caches/ms-playwright/chromium_headless_shell-1208/chrome-headless-shell-mac-arm64/chrome-headless-shell --disable-field-trial-config --disable-background-networking --disable-background-timer-throttling --disable-backgrounding-occluded-windows --disable-back-forward-cache --disable-breakpad --disable-client-side-phishing-detection --disable-component-extensions-with-background-pages --disable-component-update --no-default-browser-check --disable-default-apps --disable-dev-shm-usage --disable-extensions --disable-features=AvoidUnnecessaryBeforeUnloadCheckSync,BoundaryEventDispatchTracksNodeRemoval,DestroyProfileOnBrowserClose,DialMediaRouteProvider,GlobalMediaControls,HttpsUpgrades,LensOverlay,MediaRouter,PaintHolding,ThirdPartyStoragePartitioning,Translate,AutoDeElevate,RenderDocument,OptimizationHints --enable-features=CDPScreenshotNewSurface --allow-pre-commit-input --disable-hang-monitor --disable-ipc-flooding-protection --disable-popup-blocking --disable-prompt-on-repost --disable-renderer-backgrounding --force-color-profile=srgb --metrics-recording-only --no-first-run --password-store=basic --use-mock-keychain --no-service-autorun --export-tagged-pdf --disable-search-engine-choice-screen --unsafely-disable-devtools-self-xss-warnings --edge-skip-compat-layer-relaunch --enable-automation --disable-infobars --disable-search-engine-choice-screen --disable-sync --enable-unsafe-swiftshader --headless --hide-scrollbars --mute-audio --blink-settings=primaryHoverType=2,availableHoverTypes=2,primaryPointerType=4,availablePointerTypes=4 --no-sandbox --user-data-dir=/var/folders/n7/4hh5kwt50913gn3xqyzf426c0000gn/T/playwright_chromiumdev_profile-azzIJQ --remote-debugging-pipe --no-startup-window\n - <launched> pid=25167\n"
},
{
"at": "2026-03-18T02:42:30+00:00",
"step": "provision-compose-environment",
"status": "blocked-artifact",
"detail": "chromium launch failed: BrowserType.launch: Timeout 180000ms exceeded.\nCall log:\n - <launching> /Users/x/Library/Caches/ms-playwright/chromium_headless_shell-1208/chrome-headless-shell-mac-arm64/chrome-headless-shell --disable-field-trial-config --disable-background-networking --disable-background-timer-throttling --disable-backgrounding-occluded-windows --disable-back-forward-cache --disable-breakpad --disable-client-side-phishing-detection --disable-component-extensions-with-background-pages --disable-component-update --no-default-browser-check --disable-default-apps --disable-dev-shm-usage --disable-extensions --disable-features=AvoidUnnecessaryBeforeUnloadCheckSync,BoundaryEventDispatchTracksNodeRemoval,DestroyProfileOnBrowserClose,DialMediaRouteProvider,GlobalMediaControls,HttpsUpgrades,LensOverlay,MediaRouter,PaintHolding,ThirdPartyStoragePartitioning,Translate,AutoDeElevate,RenderDocument,OptimizationHints --enable-features=CDPScreenshotNewSurface --allow-pre-commit-input --disable-hang-monitor --disable-ipc-flooding-protection --disable-popup-blocking --disable-prompt-on-repost --disable-renderer-backgrounding --force-color-profile=srgb --metrics-recording-only --no-first-run --password-store=basic --use-mock-keychain --no-service-autorun --export-tagged-pdf --disable-search-engine-choice-screen --unsafely-disable-devtools-self-xss-warnings --edge-skip-compat-layer-relaunch --enable-automation --disable-infobars --disable-search-engine-choice-screen --disable-sync --enable-unsafe-swiftshader --headless --hide-scrollbars --mute-audio --blink-settings=primaryHoverType=2,availableHoverTypes=2,primaryPointerType=4,availablePointerTypes=4 --no-sandbox --user-data-dir=/var/folders/n7/4hh5kwt50913gn3xqyzf426c0000gn/T/playwright_chromiumdev_profile-azzIJQ --remote-debugging-pipe --no-startup-window\n - <launched> pid=25167\n"
},
{
"at": "2026-03-18T02:42:30+00:00",
"step": "wait-ready",
"status": "skipped",
"detail": "provisioning blocked"
},
{
"at": "2026-03-18T02:42:30+00:00",
"step": "seed-environment",
"status": "skipped",
"detail": "runtime steps unavailable"
},
{
"at": "2026-03-18T02:42:30+00:00",
"step": "baseline-snapshot",
"status": "skipped",
"detail": "no baseline urls or provisioning blocked"
},
{
"at": "2026-03-18T02:42:30+00:00",
"step": "controlled-attack-chain",
"status": "skipped",
"detail": "provisioning blocked"
},
{
"at": "2026-03-18T02:42:30+00:00",
"step": "collect-logs-and-evidence",
"status": "skipped",
"detail": "container_logs=0"
},
{
"at": "2026-03-18T02:42:30+00:00",
"step": "cleanup-compose-environment",
"status": "skipped",
"detail": "cleanup_policy not destroy"
},
{
"at": "2026-03-18T02:42:30+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2018-15192-20260318023002"
}
],
"success_evaluation": {
"passed": false,
"verification_status": "blocked-artifact",
"blocked_reason": "chromium launch failed: BrowserType.launch: Timeout 180000ms exceeded.\nCall log:\n - <launching> /Users/x/Library/Caches/ms-playwright/chromium_headless_shell-1208/chrome-headless-shell-mac-arm64/chrome-headless-shell --disable-field-trial-config --disable-background-networking --disable-background-timer-throttling --disable-backgrounding-occluded-windows --disable-back-forward-cache --disable-breakpad --disable-client-side-phishing-detection --disable-component-extensions-with-background-pages --disable-component-update --no-default-browser-check --disable-default-apps --disable-dev-shm-usage --disable-extensions --disable-features=AvoidUnnecessaryBeforeUnloadCheckSync,BoundaryEventDispatchTracksNodeRemoval,DestroyProfileOnBrowserClose,DialMediaRouteProvider,GlobalMediaControls,HttpsUpgrades,LensOverlay,MediaRouter,PaintHolding,ThirdPartyStoragePartitioning,Translate,AutoDeElevate,RenderDocument,OptimizationHints --enable-features=CDPScreenshotNewSurface --allow-pre-commit-input --disable-hang-monitor --disable-ipc-flooding-protection --disable-popup-blocking --disable-prompt-on-repost --disable-renderer-backgrounding --force-color-profile=srgb --metrics-recording-only --no-first-run --password-store=basic --use-mock-keychain --no-service-autorun --export-tagged-pdf --disable-search-engine-choice-screen --unsafely-disable-devtools-self-xss-warnings --edge-skip-compat-layer-relaunch --enable-automation --disable-infobars --disable-search-engine-choice-screen --disable-sync --enable-unsafe-swiftshader --headless --hide-scrollbars --mute-audio --blink-settings=primaryHoverType=2,availableHoverTypes=2,primaryPointerType=4,availablePointerTypes=4 --no-sandbox --user-data-dir=/var/folders/n7/4hh5kwt50913gn3xqyzf426c0000gn/T/playwright_chromiumdev_profile-azzIJQ --remote-debugging-pipe --no-startup-window\n - <launched> pid=25167\n",
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": false,
"detail": "baseline checks were incomplete"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": false,
"detail": "runner did not confirm success"
}
]
},
"historical_status": "blocked-artifact",
"latest_status": "blocked-artifact",
"started_at": "2026-03-18T02:30:02+00:00",
"finished_at": "2026-03-18T02:42:30+00:00",
"blocked_reason": "chromium launch failed: BrowserType.launch: Timeout 180000ms exceeded.\nCall log:\n - <launching> /Users/x/Library/Caches/ms-playwright/chromium_headless_shell-1208/chrome-headless-shell-mac-arm64/chrome-headless-shell --disable-field-trial-config --disable-background-networking --disable-background-timer-throttling --disable-backgrounding-occluded-windows --disable-back-forward-cache --disable-breakpad --disable-client-side-phishing-detection --disable-component-extensions-with-background-pages --disable-component-update --no-default-browser-check --disable-default-apps --disable-dev-shm-usage --disable-extensions --disable-features=AvoidUnnecessaryBeforeUnloadCheckSync,BoundaryEventDispatchTracksNodeRemoval,DestroyProfileOnBrowserClose,DialMediaRouteProvider,GlobalMediaControls,HttpsUpgrades,LensOverlay,MediaRouter,PaintHolding,ThirdPartyStoragePartitioning,Translate,AutoDeElevate,RenderDocument,OptimizationHints --enable-features=CDPScreenshotNewSurface --allow-pre-commit-input --disable-hang-monitor --disable-ipc-flooding-protection --disable-popup-blocking --disable-prompt-on-repost --disable-renderer-backgrounding --force-color-profile=srgb --metrics-recording-only --no-first-run --password-store=basic --use-mock-keychain --no-service-autorun --export-tagged-pdf --disable-search-engine-choice-screen --unsafely-disable-devtools-self-xss-warnings --edge-skip-compat-layer-relaunch --enable-automation --disable-infobars --disable-search-engine-choice-screen --disable-sync --enable-unsafe-swiftshader --headless --hide-scrollbars --mute-audio --blink-settings=primaryHoverType=2,availableHoverTypes=2,primaryPointerType=4,availablePointerTypes=4 --no-sandbox --user-data-dir=/var/folders/n7/4hh5kwt50913gn3xqyzf426c0000gn/T/playwright_chromiumdev_profile-azzIJQ --remote-debugging-pipe --no-startup-window\n - <launched> pid=25167\n",
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318023002",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318023002/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318023002/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318023002/timeline.mmd"
}
}

9
06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318023002/timeline.mmd 普通文件
查看文件

@@ -0,0 +1,9 @@
flowchart LR
A["选择 Advisory"] --> B["解析 Repro Profile"]
B --> C["生成 Compose 环境"]
C --> D["采集基线快照"]
D --> E["执行受控攻击步骤"]
E --> F["浏览器回放验证"]
F --> G["收集日志与证据"]
G --> H["回写 Registry 与报告"]
H --> I["阻塞: chromium launch failed: BrowserType.launch: Timeout 180000ms"]

26
06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034620/compose/compose.yaml 普通文件
查看文件

@@ -0,0 +1,26 @@
services:
app:
image: python:3.12-alpine
networks:
- labnet
ports:
- 18105:3000
environment:
LAB_FIXTURE_SCENARIO: /workspace/00-environments/templates/fixtures/gitea/ssrf/scenario.json
PORT: '3000'
command:
- python
- /workspace/00-environments/templates/fixtures/shared/python_fixture.py
working_dir: /workspace
volumes:
- /Users/x/websafe:/workspace:ro
healthcheck:
test:
- CMD-SHELL
- wget -q -O - http://127.0.0.1:3000/healthz >/dev/null 2>&1 || exit 1
interval: 2s
timeout: 2s
retries: 20
networks:
labnet:
driver: bridge

57
06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034620/logs/attack.json 普通文件
查看文件

@@ -0,0 +1,57 @@
{
"steps": [
{
"kind": "runner",
"tool": "gitea.ssrf",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034620/logs/attack.json"
}
],
"success": true,
"detail": "server-side callback reached the local sink",
"before": {},
"attack": {
"status_code": 200,
"ok": true,
"body": {
"ok": true,
"detail": "server-side callback reached the local sink",
"case_id": "gitea--CVE-2018-15192"
}
},
"after": {},
"proof": {
"status_code": 200,
"ok": true,
"body": {
"success": true,
"detail": "server-side callback reached the local sink",
"case_id": "gitea--CVE-2018-15192",
"sink_hits": 1,
"uploads": [],
"events": [
{
"event": "seed",
"detail": "gitea--CVE-2018-15192"
},
{
"event": "sink-hit",
"detail": "case_id=gitea--CVE-2018-15192"
},
{
"event": "attack",
"detail": "server-side callback reached the local sink"
}
]
}
},
"assertions": [
{
"name": "proof-success",
"kind": "runner-proof",
"passed": true,
"detail": "server-side callback reached the local sink"
}
]
}

24
06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034620/logs/baseline.json 普通文件
查看文件

@@ -0,0 +1,24 @@
{
"observations": [
{
"url": "http://127.0.0.1:18105/",
"status_code": 200,
"headers": {
"Server": "BaseHTTP/0.6 Python/3.12.13",
"Date": "Wed, 18 Mar 2026 03:46:23 GMT",
"Content-Type": "text/html; charset=utf-8",
"Content-Length": "979"
},
"body_excerpt": "<!doctype html>\n<html lang=\"zh-CN\">\n<head>\n <meta charset=\"utf-8\">\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">\n <title>Gitea SSRF Fixture</title>\n <style>\n body { font-family: sans-serif; background: #0f172a; color: #e2e8f0; margin: 0; padding: 32px; }\n main { max-width: 900px; margin: 0 auto; background: #111827; border: 1px solid #334155; border-radius: 16px; "
}
],
"steps": [
{
"kind": "http-get",
"status": "completed",
"path": "/",
"status_code": 200,
"body_excerpt": "<!doctype html>\n<html lang=\"zh-CN\">\n<head>\n <meta charset=\"utf-8\">\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">\n <title>Gitea SSRF Fixture</title>\n <style>\n body { font"
}
]
}

0
06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034620/logs/docker/app.log 普通文件
查看文件

44
06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034620/logs/doctor.json 普通文件
查看文件

@@ -0,0 +1,44 @@
{
"status": "passed",
"ok": true,
"checks": [
{
"name": "docker-cli",
"ok": true,
"detail": "docker CLI available"
},
{
"name": "docker-daemon",
"ok": true,
"detail": "context=desktop-linux"
},
{
"name": "playwright-import",
"ok": true,
"detail": "not required for selected profiles"
},
{
"name": "playwright-browser",
"ok": true,
"detail": "not required for selected profiles"
},
{
"name": "ports",
"ok": true,
"detail": "checked 1 host port bindings",
"bindings": [
{
"profile_id": "gitea-ssrf",
"service": "app",
"binding": "18105:3000",
"port": 18105
}
]
}
],
"profile_ids": [
"gitea-ssrf"
],
"failure_count": 0,
"summary": "all checks passed"
}

12
06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034620/logs/ready.json 普通文件
查看文件

@@ -0,0 +1,12 @@
{
"status": "completed",
"detail": "baseline urls ready (1)",
"elapsed_seconds": 0.0,
"observations": [
{
"url": "http://127.0.0.1:18105/",
"status_code": 200
}
],
"compose_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034620/compose/compose.yaml"
}

21
06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034620/logs/seed.json 普通文件
查看文件

@@ -0,0 +1,21 @@
{
"steps": [
{
"kind": "runner",
"tool": "gitea.ssrf",
"status": "completed",
"status_code": 200,
"detail": "fixture seeded"
}
],
"seeded": true,
"result": {
"status_code": 200,
"ok": true,
"body": {
"ok": true,
"detail": "fixture seeded",
"case_id": "gitea--CVE-2018-15192"
}
}
}

45
06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034620/report.html 普通文件
查看文件

@@ -0,0 +1,45 @@
<!doctype html>
<html><head><meta charset='utf-8'><title>websafe 运行报告</title>
<style>body{font-family:ui-sans-serif,system-ui,sans-serif;margin:2rem;line-height:1.55;background:#f8fafc;color:#0f172a;} code,pre{background:#e2e8f0;padding:.2rem .4rem;border-radius:.3rem;} pre{white-space:pre-wrap;} .grid{display:grid;grid-template-columns:repeat(2,minmax(0,1fr));gap:1rem;} .card{border:1px solid #cbd5e1;padding:1rem;border-radius:.75rem;background:#fff;} table{width:100%;border-collapse:collapse;background:#fff;border:1px solid #cbd5e1;border-radius:.75rem;overflow:hidden;} th,td{padding:.75rem;border-bottom:1px solid #e2e8f0;text-align:left;vertical-align:top;} img{max-width:100%;border:1px solid #cbd5e1;border-radius:.5rem;} .gallery{display:grid;grid-template-columns:repeat(auto-fit,minmax(320px,1fr));gap:1rem;}</style>
</head><body>
<h1>运行 gitea-gitea--CVE-2018-15192-20260318034620</h1>
<div class='grid'>
<div class='card'><strong>漏洞条目</strong><br><code>gitea--CVE-2018-15192</code></div>
<div class='card'><strong>实证状态</strong><br><code>verified-real</code></div>
<div class='card'><strong>复现 Profile</strong><br><code>gitea-ssrf</code></div>
<div class='card'><strong>Artifact 模式</strong><br><code>local-fixture</code></div>
</div>
<h2>Mermaid 时间线</h2>
<pre>flowchart LR
A[&quot;选择 Advisory&quot;] --&gt; B[&quot;解析 Repro Profile&quot;]
B --&gt; C[&quot;生成 Compose 环境&quot;]
C --&gt; D[&quot;采集基线快照&quot;]
D --&gt; E[&quot;执行受控攻击步骤&quot;]
E --&gt; F[&quot;浏览器回放验证&quot;]
F --&gt; G[&quot;收集日志与证据&quot;]
G --&gt; H[&quot;回写 Registry 与报告&quot;]</pre>
<h2>运行时间线</h2>
<table><thead><tr><th>时间</th><th>步骤</th><th>状态</th><th>说明</th></tr></thead><tbody>
<tr><td><code>2026-03-18T03:46:20+00:00</code></td><td><code>select-advisory</code></td><td><code>completed</code></td><td>gitea--CVE-2018-15192</td></tr>
<tr><td><code>2026-03-18T03:46:20+00:00</code></td><td><code>resolve-repro-profile</code></td><td><code>completed</code></td><td>gitea-ssrf</td></tr>
<tr><td><code>2026-03-18T03:46:21+00:00</code></td><td><code>doctor</code></td><td><code>completed</code></td><td>all checks passed</td></tr>
<tr><td><code>2026-03-18T03:46:23+00:00</code></td><td><code>provision-compose-environment</code></td><td><code>ready</code></td><td>-</td></tr>
<tr><td><code>2026-03-18T03:46:23+00:00</code></td><td><code>wait-ready</code></td><td><code>completed</code></td><td>baseline urls ready (1)</td></tr>
<tr><td><code>2026-03-18T03:46:23+00:00</code></td><td><code>seed-environment</code></td><td><code>completed</code></td><td>steps=1</td></tr>
<tr><td><code>2026-03-18T03:46:23+00:00</code></td><td><code>baseline-snapshot</code></td><td><code>completed</code></td><td>urls=1</td></tr>
<tr><td><code>2026-03-18T03:46:23+00:00</code></td><td><code>controlled-attack-chain</code></td><td><code>completed</code></td><td>steps=1</td></tr>
<tr><td><code>2026-03-18T03:46:23+00:00</code></td><td><code>collect-logs-and-evidence</code></td><td><code>completed</code></td><td>container_logs=1</td></tr>
<tr><td><code>2026-03-18T03:46:25+00:00</code></td><td><code>cleanup-compose-environment</code></td><td><code>completed</code></td><td>docker compose down completed</td></tr>
<tr><td><code>2026-03-18T03:46:25+00:00</code></td><td><code>update-registry-and-reports</code></td><td><code>completed</code></td><td>gitea-gitea--CVE-2018-15192-20260318034620</td></tr>
</tbody></table>
<h2>攻击步骤</h2>
<table><thead><tr><th>工具</th><th>状态</th><th>输出</th></tr></thead><tbody>
<tr><td><code>gitea.ssrf</code></td><td><code>completed</code></td><td><code>/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034620/logs/attack.json</code></td></tr>
</tbody></table>
<h2>证据清单</h2><ul>
<li><code>compose/compose.yaml</code></li>
<li><code>logs/docker/app.log</code></li>
<li><code>logs/attack.json</code></li>
<li><code>logs/baseline.json</code></li>
</ul>
</body></html>

66
06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034620/report.md 普通文件
查看文件

@@ -0,0 +1,66 @@
# 运行 gitea-gitea--CVE-2018-15192-20260318034620
> `LAB ONLY` | `AUTHORIZED TARGETS ONLY` | 自动生成 run bundle
- 漏洞条目: `gitea--CVE-2018-15192`
- 系统: `gitea`
- Repro Profile: `gitea-ssrf`
- 实证状态: `verified-real`
- 实证方式: `real`
- Artifact 模式: `local-fixture`
- 启动时间: `2026-03-18T03:46:20+00:00`
- 完成时间: `2026-03-18T03:46:25+00:00`
- 阻塞原因: `-`
- Compose 服务: `app`
## 运行时间线
- Mermaid: [timeline.mmd](/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034620/timeline.mmd)
| 时间 | 步骤 | 状态 | 说明 |
|------|------|------|------|
| `2026-03-18T03:46:20+00:00` | `select-advisory` | `completed` | gitea--CVE-2018-15192 |
| `2026-03-18T03:46:20+00:00` | `resolve-repro-profile` | `completed` | gitea-ssrf |
| `2026-03-18T03:46:21+00:00` | `doctor` | `completed` | all checks passed |
| `2026-03-18T03:46:23+00:00` | `provision-compose-environment` | `ready` | - |
| `2026-03-18T03:46:23+00:00` | `wait-ready` | `completed` | baseline urls ready (1) |
| `2026-03-18T03:46:23+00:00` | `seed-environment` | `completed` | steps=1 |
| `2026-03-18T03:46:23+00:00` | `baseline-snapshot` | `completed` | urls=1 |
| `2026-03-18T03:46:23+00:00` | `controlled-attack-chain` | `completed` | steps=1 |
| `2026-03-18T03:46:23+00:00` | `collect-logs-and-evidence` | `completed` | container_logs=1 |
| `2026-03-18T03:46:25+00:00` | `cleanup-compose-environment` | `completed` | docker compose down completed |
| `2026-03-18T03:46:25+00:00` | `update-registry-and-reports` | `completed` | gitea-gitea--CVE-2018-15192-20260318034620 |
## Compose 拓扑
- Compose 文件: `/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034620/compose/compose.yaml`
- 服务列表: `app`
## 攻击步骤
| 工具/步骤 | 状态 | 结果 |
|-----------|------|------|
| `gitea.ssrf` | `completed` | `/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034620/logs/attack.json` |
## 证据摘要
- Baseline: `1`
- 攻击步骤: `1`
- 浏览器证据: `0`
- 容器日志: `1`
- 请求日志: `2`
## 容器日志
- `logs/docker/app.log`
## 请求与基线日志
- `logs/attack.json`
- `logs/baseline.json`
## 最小化验证说明
- 仅限自有资产、本地靶场或已授权实验目标。
- 默认执行 minimal-proof;不会把破坏性或不可回滚动作作为默认路径。
- 若浏览器证据缺失,前端类案例不会被标为 `verified-*`

145
06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034620/run.json 普通文件
查看文件

@@ -0,0 +1,145 @@
{
"run_id": "gitea-gitea--CVE-2018-15192-20260318034620",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2018-15192",
"repro_profile_id": "gitea-ssrf",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034620/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "gitea.ssrf",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034620/logs/attack.json"
}
],
"browser_refs": [],
"browser_evidence": {
"required": false,
"present": false,
"refs": [],
"baseline_refs": [],
"proof_refs": [],
"baseline_title": null,
"proof_title": null,
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034620/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034620/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034620/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034620/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:46:20+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2018-15192"
},
{
"at": "2026-03-18T03:46:20+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-ssrf"
},
{
"at": "2026-03-18T03:46:21+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:46:23+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:46:23+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:46:23+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:46:23+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:46:23+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:46:23+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:46:25+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:46:25+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2018-15192-20260318034620"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "server-side callback reached the local sink"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:46:20+00:00",
"finished_at": "2026-03-18T03:46:25+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034620",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034620/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034620/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034620/timeline.mmd"
}
}

8
06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034620/timeline.mmd 普通文件
查看文件

@@ -0,0 +1,8 @@
flowchart LR
A["选择 Advisory"] --> B["解析 Repro Profile"]
B --> C["生成 Compose 环境"]
C --> D["采集基线快照"]
D --> E["执行受控攻击步骤"]
E --> F["浏览器回放验证"]
F --> G["收集日志与证据"]
G --> H["回写 Registry 与报告"]

26
06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034932/compose/compose.yaml 普通文件
查看文件

@@ -0,0 +1,26 @@
services:
app:
image: python:3.12-alpine
networks:
- labnet
ports:
- 18105:3000
environment:
LAB_FIXTURE_SCENARIO: /workspace/00-environments/templates/fixtures/gitea/ssrf/scenario.json
PORT: '3000'
command:
- python
- /workspace/00-environments/templates/fixtures/shared/python_fixture.py
working_dir: /workspace
volumes:
- /Users/x/websafe:/workspace:ro
healthcheck:
test:
- CMD-SHELL
- wget -q -O - http://127.0.0.1:3000/healthz >/dev/null 2>&1 || exit 1
interval: 2s
timeout: 2s
retries: 20
networks:
labnet:
driver: bridge

57
06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034932/logs/attack.json 普通文件
查看文件

@@ -0,0 +1,57 @@
{
"steps": [
{
"kind": "runner",
"tool": "gitea.ssrf",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034932/logs/attack.json"
}
],
"success": true,
"detail": "server-side callback reached the local sink",
"before": {},
"attack": {
"status_code": 200,
"ok": true,
"body": {
"ok": true,
"detail": "server-side callback reached the local sink",
"case_id": "gitea--CVE-2018-15192"
}
},
"after": {},
"proof": {
"status_code": 200,
"ok": true,
"body": {
"success": true,
"detail": "server-side callback reached the local sink",
"case_id": "gitea--CVE-2018-15192",
"sink_hits": 1,
"uploads": [],
"events": [
{
"event": "seed",
"detail": "gitea--CVE-2018-15192"
},
{
"event": "sink-hit",
"detail": "case_id=gitea--CVE-2018-15192"
},
{
"event": "attack",
"detail": "server-side callback reached the local sink"
}
]
}
},
"assertions": [
{
"name": "proof-success",
"kind": "runner-proof",
"passed": true,
"detail": "server-side callback reached the local sink"
}
]
}

24
06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034932/logs/baseline.json 普通文件
查看文件

@@ -0,0 +1,24 @@
{
"observations": [
{
"url": "http://127.0.0.1:18105/",
"status_code": 200,
"headers": {
"Server": "BaseHTTP/0.6 Python/3.12.13",
"Date": "Wed, 18 Mar 2026 03:49:35 GMT",
"Content-Type": "text/html; charset=utf-8",
"Content-Length": "979"
},
"body_excerpt": "<!doctype html>\n<html lang=\"zh-CN\">\n<head>\n <meta charset=\"utf-8\">\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">\n <title>Gitea SSRF Fixture</title>\n <style>\n body { font-family: sans-serif; background: #0f172a; color: #e2e8f0; margin: 0; padding: 32px; }\n main { max-width: 900px; margin: 0 auto; background: #111827; border: 1px solid #334155; border-radius: 16px; "
}
],
"steps": [
{
"kind": "http-get",
"status": "completed",
"path": "/",
"status_code": 200,
"body_excerpt": "<!doctype html>\n<html lang=\"zh-CN\">\n<head>\n <meta charset=\"utf-8\">\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">\n <title>Gitea SSRF Fixture</title>\n <style>\n body { font"
}
]
}

0
06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034932/logs/docker/app.log 普通文件
查看文件

44
06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034932/logs/doctor.json 普通文件
查看文件

@@ -0,0 +1,44 @@
{
"status": "passed",
"ok": true,
"checks": [
{
"name": "docker-cli",
"ok": true,
"detail": "docker CLI available"
},
{
"name": "docker-daemon",
"ok": true,
"detail": "context=desktop-linux"
},
{
"name": "playwright-import",
"ok": true,
"detail": "not required for selected profiles"
},
{
"name": "playwright-browser",
"ok": true,
"detail": "not required for selected profiles"
},
{
"name": "ports",
"ok": true,
"detail": "checked 1 host port bindings",
"bindings": [
{
"profile_id": "gitea-ssrf",
"service": "app",
"binding": "18105:3000",
"port": 18105
}
]
}
],
"profile_ids": [
"gitea-ssrf"
],
"failure_count": 0,
"summary": "all checks passed"
}

12
06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034932/logs/ready.json 普通文件
查看文件

@@ -0,0 +1,12 @@
{
"status": "completed",
"detail": "baseline urls ready (1)",
"elapsed_seconds": 0.0,
"observations": [
{
"url": "http://127.0.0.1:18105/",
"status_code": 200
}
],
"compose_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034932/compose/compose.yaml"
}

21
06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034932/logs/seed.json 普通文件
查看文件

@@ -0,0 +1,21 @@
{
"steps": [
{
"kind": "runner",
"tool": "gitea.ssrf",
"status": "completed",
"status_code": 200,
"detail": "fixture seeded"
}
],
"seeded": true,
"result": {
"status_code": 200,
"ok": true,
"body": {
"ok": true,
"detail": "fixture seeded",
"case_id": "gitea--CVE-2018-15192"
}
}
}

45
06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034932/report.html 普通文件
查看文件

@@ -0,0 +1,45 @@
<!doctype html>
<html><head><meta charset='utf-8'><title>websafe 运行报告</title>
<style>body{font-family:ui-sans-serif,system-ui,sans-serif;margin:2rem;line-height:1.55;background:#f8fafc;color:#0f172a;} code,pre{background:#e2e8f0;padding:.2rem .4rem;border-radius:.3rem;} pre{white-space:pre-wrap;} .grid{display:grid;grid-template-columns:repeat(2,minmax(0,1fr));gap:1rem;} .card{border:1px solid #cbd5e1;padding:1rem;border-radius:.75rem;background:#fff;} table{width:100%;border-collapse:collapse;background:#fff;border:1px solid #cbd5e1;border-radius:.75rem;overflow:hidden;} th,td{padding:.75rem;border-bottom:1px solid #e2e8f0;text-align:left;vertical-align:top;} img{max-width:100%;border:1px solid #cbd5e1;border-radius:.5rem;} .gallery{display:grid;grid-template-columns:repeat(auto-fit,minmax(320px,1fr));gap:1rem;}</style>
</head><body>
<h1>运行 gitea-gitea--CVE-2018-15192-20260318034932</h1>
<div class='grid'>
<div class='card'><strong>漏洞条目</strong><br><code>gitea--CVE-2018-15192</code></div>
<div class='card'><strong>实证状态</strong><br><code>verified-real</code></div>
<div class='card'><strong>复现 Profile</strong><br><code>gitea-ssrf</code></div>
<div class='card'><strong>Artifact 模式</strong><br><code>local-fixture</code></div>
</div>
<h2>Mermaid 时间线</h2>
<pre>flowchart LR
A[&quot;选择 Advisory&quot;] --&gt; B[&quot;解析 Repro Profile&quot;]
B --&gt; C[&quot;生成 Compose 环境&quot;]
C --&gt; D[&quot;采集基线快照&quot;]
D --&gt; E[&quot;执行受控攻击步骤&quot;]
E --&gt; F[&quot;浏览器回放验证&quot;]
F --&gt; G[&quot;收集日志与证据&quot;]
G --&gt; H[&quot;回写 Registry 与报告&quot;]</pre>
<h2>运行时间线</h2>
<table><thead><tr><th>时间</th><th>步骤</th><th>状态</th><th>说明</th></tr></thead><tbody>
<tr><td><code>2026-03-18T03:49:32+00:00</code></td><td><code>select-advisory</code></td><td><code>completed</code></td><td>gitea--CVE-2018-15192</td></tr>
<tr><td><code>2026-03-18T03:49:32+00:00</code></td><td><code>resolve-repro-profile</code></td><td><code>completed</code></td><td>gitea-ssrf</td></tr>
<tr><td><code>2026-03-18T03:49:33+00:00</code></td><td><code>doctor</code></td><td><code>completed</code></td><td>all checks passed</td></tr>
<tr><td><code>2026-03-18T03:49:35+00:00</code></td><td><code>provision-compose-environment</code></td><td><code>ready</code></td><td>-</td></tr>
<tr><td><code>2026-03-18T03:49:35+00:00</code></td><td><code>wait-ready</code></td><td><code>completed</code></td><td>baseline urls ready (1)</td></tr>
<tr><td><code>2026-03-18T03:49:35+00:00</code></td><td><code>seed-environment</code></td><td><code>completed</code></td><td>steps=1</td></tr>
<tr><td><code>2026-03-18T03:49:35+00:00</code></td><td><code>baseline-snapshot</code></td><td><code>completed</code></td><td>urls=1</td></tr>
<tr><td><code>2026-03-18T03:49:35+00:00</code></td><td><code>controlled-attack-chain</code></td><td><code>completed</code></td><td>steps=1</td></tr>
<tr><td><code>2026-03-18T03:49:36+00:00</code></td><td><code>collect-logs-and-evidence</code></td><td><code>completed</code></td><td>container_logs=1</td></tr>
<tr><td><code>2026-03-18T03:49:37+00:00</code></td><td><code>cleanup-compose-environment</code></td><td><code>completed</code></td><td>docker compose down completed</td></tr>
<tr><td><code>2026-03-18T03:49:37+00:00</code></td><td><code>update-registry-and-reports</code></td><td><code>completed</code></td><td>gitea-gitea--CVE-2018-15192-20260318034932</td></tr>
</tbody></table>
<h2>攻击步骤</h2>
<table><thead><tr><th>工具</th><th>状态</th><th>输出</th></tr></thead><tbody>
<tr><td><code>gitea.ssrf</code></td><td><code>completed</code></td><td><code>/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034932/logs/attack.json</code></td></tr>
</tbody></table>
<h2>证据清单</h2><ul>
<li><code>compose/compose.yaml</code></li>
<li><code>logs/docker/app.log</code></li>
<li><code>logs/attack.json</code></li>
<li><code>logs/baseline.json</code></li>
</ul>
</body></html>

66
06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034932/report.md 普通文件
查看文件

@@ -0,0 +1,66 @@
# 运行 gitea-gitea--CVE-2018-15192-20260318034932
> `LAB ONLY` | `AUTHORIZED TARGETS ONLY` | 自动生成 run bundle
- 漏洞条目: `gitea--CVE-2018-15192`
- 系统: `gitea`
- Repro Profile: `gitea-ssrf`
- 实证状态: `verified-real`
- 实证方式: `real`
- Artifact 模式: `local-fixture`
- 启动时间: `2026-03-18T03:49:32+00:00`
- 完成时间: `2026-03-18T03:49:37+00:00`
- 阻塞原因: `-`
- Compose 服务: `app`
## 运行时间线
- Mermaid: [timeline.mmd](/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034932/timeline.mmd)
| 时间 | 步骤 | 状态 | 说明 |
|------|------|------|------|
| `2026-03-18T03:49:32+00:00` | `select-advisory` | `completed` | gitea--CVE-2018-15192 |
| `2026-03-18T03:49:32+00:00` | `resolve-repro-profile` | `completed` | gitea-ssrf |
| `2026-03-18T03:49:33+00:00` | `doctor` | `completed` | all checks passed |
| `2026-03-18T03:49:35+00:00` | `provision-compose-environment` | `ready` | - |
| `2026-03-18T03:49:35+00:00` | `wait-ready` | `completed` | baseline urls ready (1) |
| `2026-03-18T03:49:35+00:00` | `seed-environment` | `completed` | steps=1 |
| `2026-03-18T03:49:35+00:00` | `baseline-snapshot` | `completed` | urls=1 |
| `2026-03-18T03:49:35+00:00` | `controlled-attack-chain` | `completed` | steps=1 |
| `2026-03-18T03:49:36+00:00` | `collect-logs-and-evidence` | `completed` | container_logs=1 |
| `2026-03-18T03:49:37+00:00` | `cleanup-compose-environment` | `completed` | docker compose down completed |
| `2026-03-18T03:49:37+00:00` | `update-registry-and-reports` | `completed` | gitea-gitea--CVE-2018-15192-20260318034932 |
## Compose 拓扑
- Compose 文件: `/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034932/compose/compose.yaml`
- 服务列表: `app`
## 攻击步骤
| 工具/步骤 | 状态 | 结果 |
|-----------|------|------|
| `gitea.ssrf` | `completed` | `/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034932/logs/attack.json` |
## 证据摘要
- Baseline: `1`
- 攻击步骤: `1`
- 浏览器证据: `0`
- 容器日志: `1`
- 请求日志: `2`
## 容器日志
- `logs/docker/app.log`
## 请求与基线日志
- `logs/attack.json`
- `logs/baseline.json`
## 最小化验证说明
- 仅限自有资产、本地靶场或已授权实验目标。
- 默认执行 minimal-proof;不会把破坏性或不可回滚动作作为默认路径。
- 若浏览器证据缺失,前端类案例不会被标为 `verified-*`

145
06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034932/run.json 普通文件
查看文件

@@ -0,0 +1,145 @@
{
"run_id": "gitea-gitea--CVE-2018-15192-20260318034932",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2018-15192",
"repro_profile_id": "gitea-ssrf",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034932/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "gitea.ssrf",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034932/logs/attack.json"
}
],
"browser_refs": [],
"browser_evidence": {
"required": false,
"present": false,
"refs": [],
"baseline_refs": [],
"proof_refs": [],
"baseline_title": null,
"proof_title": null,
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034932/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034932/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034932/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034932/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:49:32+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2018-15192"
},
{
"at": "2026-03-18T03:49:32+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-ssrf"
},
{
"at": "2026-03-18T03:49:33+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:49:35+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:49:35+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:49:35+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:49:35+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:49:35+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:49:36+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:49:37+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:49:37+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2018-15192-20260318034932"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "server-side callback reached the local sink"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:49:32+00:00",
"finished_at": "2026-03-18T03:49:37+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034932",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034932/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034932/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034932/timeline.mmd"
}
}

8
06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318034932/timeline.mmd 普通文件
查看文件

@@ -0,0 +1,8 @@
flowchart LR
A["选择 Advisory"] --> B["解析 Repro Profile"]
B --> C["生成 Compose 环境"]
C --> D["采集基线快照"]
D --> E["执行受控攻击步骤"]
E --> F["浏览器回放验证"]
F --> G["收集日志与证据"]
G --> H["回写 Registry 与报告"]

26
06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318035123/compose/compose.yaml 普通文件
查看文件

@@ -0,0 +1,26 @@
services:
app:
image: python:3.12-alpine
networks:
- labnet
ports:
- 18105:3000
environment:
LAB_FIXTURE_SCENARIO: /workspace/00-environments/templates/fixtures/gitea/ssrf/scenario.json
PORT: '3000'
command:
- python
- /workspace/00-environments/templates/fixtures/shared/python_fixture.py
working_dir: /workspace
volumes:
- /Users/x/websafe:/workspace:ro
healthcheck:
test:
- CMD-SHELL
- wget -q -O - http://127.0.0.1:3000/healthz >/dev/null 2>&1 || exit 1
interval: 2s
timeout: 2s
retries: 20
networks:
labnet:
driver: bridge

57
06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318035123/logs/attack.json 普通文件
查看文件

@@ -0,0 +1,57 @@
{
"steps": [
{
"kind": "runner",
"tool": "gitea.ssrf",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318035123/logs/attack.json"
}
],
"success": true,
"detail": "server-side callback reached the local sink",
"before": {},
"attack": {
"status_code": 200,
"ok": true,
"body": {
"ok": true,
"detail": "server-side callback reached the local sink",
"case_id": "gitea--CVE-2018-15192"
}
},
"after": {},
"proof": {
"status_code": 200,
"ok": true,
"body": {
"success": true,
"detail": "server-side callback reached the local sink",
"case_id": "gitea--CVE-2018-15192",
"sink_hits": 1,
"uploads": [],
"events": [
{
"event": "seed",
"detail": "gitea--CVE-2018-15192"
},
{
"event": "sink-hit",
"detail": "case_id=gitea--CVE-2018-15192"
},
{
"event": "attack",
"detail": "server-side callback reached the local sink"
}
]
}
},
"assertions": [
{
"name": "proof-success",
"kind": "runner-proof",
"passed": true,
"detail": "server-side callback reached the local sink"
}
]
}

24
06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318035123/logs/baseline.json 普通文件
查看文件

@@ -0,0 +1,24 @@
{
"observations": [
{
"url": "http://127.0.0.1:18105/",
"status_code": 200,
"headers": {
"Server": "BaseHTTP/0.6 Python/3.12.13",
"Date": "Wed, 18 Mar 2026 03:51:27 GMT",
"Content-Type": "text/html; charset=utf-8",
"Content-Length": "979"
},
"body_excerpt": "<!doctype html>\n<html lang=\"zh-CN\">\n<head>\n <meta charset=\"utf-8\">\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">\n <title>Gitea SSRF Fixture</title>\n <style>\n body { font-family: sans-serif; background: #0f172a; color: #e2e8f0; margin: 0; padding: 32px; }\n main { max-width: 900px; margin: 0 auto; background: #111827; border: 1px solid #334155; border-radius: 16px; "
}
],
"steps": [
{
"kind": "http-get",
"status": "completed",
"path": "/",
"status_code": 200,
"body_excerpt": "<!doctype html>\n<html lang=\"zh-CN\">\n<head>\n <meta charset=\"utf-8\">\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">\n <title>Gitea SSRF Fixture</title>\n <style>\n body { font"
}
]
}

0
06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318035123/logs/docker/app.log 普通文件
查看文件

44
06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318035123/logs/doctor.json 普通文件
查看文件

@@ -0,0 +1,44 @@
{
"status": "passed",
"ok": true,
"checks": [
{
"name": "docker-cli",
"ok": true,
"detail": "docker CLI available"
},
{
"name": "docker-daemon",
"ok": true,
"detail": "context=desktop-linux"
},
{
"name": "playwright-import",
"ok": true,
"detail": "not required for selected profiles"
},
{
"name": "playwright-browser",
"ok": true,
"detail": "not required for selected profiles"
},
{
"name": "ports",
"ok": true,
"detail": "checked 1 host port bindings",
"bindings": [
{
"profile_id": "gitea-ssrf",
"service": "app",
"binding": "18105:3000",
"port": 18105
}
]
}
],
"profile_ids": [
"gitea-ssrf"
],
"failure_count": 0,
"summary": "all checks passed"
}

12
06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318035123/logs/ready.json 普通文件
查看文件

@@ -0,0 +1,12 @@
{
"status": "completed",
"detail": "baseline urls ready (1)",
"elapsed_seconds": 0.0,
"observations": [
{
"url": "http://127.0.0.1:18105/",
"status_code": 200
}
],
"compose_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318035123/compose/compose.yaml"
}

21
06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318035123/logs/seed.json 普通文件
查看文件

@@ -0,0 +1,21 @@
{
"steps": [
{
"kind": "runner",
"tool": "gitea.ssrf",
"status": "completed",
"status_code": 200,
"detail": "fixture seeded"
}
],
"seeded": true,
"result": {
"status_code": 200,
"ok": true,
"body": {
"ok": true,
"detail": "fixture seeded",
"case_id": "gitea--CVE-2018-15192"
}
}
}

45
06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318035123/report.html 普通文件
查看文件

@@ -0,0 +1,45 @@
<!doctype html>
<html><head><meta charset='utf-8'><title>websafe 运行报告</title>
<style>body{font-family:ui-sans-serif,system-ui,sans-serif;margin:2rem;line-height:1.55;background:#f8fafc;color:#0f172a;} code,pre{background:#e2e8f0;padding:.2rem .4rem;border-radius:.3rem;} pre{white-space:pre-wrap;} .grid{display:grid;grid-template-columns:repeat(2,minmax(0,1fr));gap:1rem;} .card{border:1px solid #cbd5e1;padding:1rem;border-radius:.75rem;background:#fff;} table{width:100%;border-collapse:collapse;background:#fff;border:1px solid #cbd5e1;border-radius:.75rem;overflow:hidden;} th,td{padding:.75rem;border-bottom:1px solid #e2e8f0;text-align:left;vertical-align:top;} img{max-width:100%;border:1px solid #cbd5e1;border-radius:.5rem;} .gallery{display:grid;grid-template-columns:repeat(auto-fit,minmax(320px,1fr));gap:1rem;}</style>
</head><body>
<h1>运行 gitea-gitea--CVE-2018-15192-20260318035123</h1>
<div class='grid'>
<div class='card'><strong>漏洞条目</strong><br><code>gitea--CVE-2018-15192</code></div>
<div class='card'><strong>实证状态</strong><br><code>verified-real</code></div>
<div class='card'><strong>复现 Profile</strong><br><code>gitea-ssrf</code></div>
<div class='card'><strong>Artifact 模式</strong><br><code>local-fixture</code></div>
</div>
<h2>Mermaid 时间线</h2>
<pre>flowchart LR
A[&quot;选择 Advisory&quot;] --&gt; B[&quot;解析 Repro Profile&quot;]
B --&gt; C[&quot;生成 Compose 环境&quot;]
C --&gt; D[&quot;采集基线快照&quot;]
D --&gt; E[&quot;执行受控攻击步骤&quot;]
E --&gt; F[&quot;浏览器回放验证&quot;]
F --&gt; G[&quot;收集日志与证据&quot;]
G --&gt; H[&quot;回写 Registry 与报告&quot;]</pre>
<h2>运行时间线</h2>
<table><thead><tr><th>时间</th><th>步骤</th><th>状态</th><th>说明</th></tr></thead><tbody>
<tr><td><code>2026-03-18T03:51:23+00:00</code></td><td><code>select-advisory</code></td><td><code>completed</code></td><td>gitea--CVE-2018-15192</td></tr>
<tr><td><code>2026-03-18T03:51:23+00:00</code></td><td><code>resolve-repro-profile</code></td><td><code>completed</code></td><td>gitea-ssrf</td></tr>
<tr><td><code>2026-03-18T03:51:23+00:00</code></td><td><code>doctor</code></td><td><code>completed</code></td><td>all checks passed</td></tr>
<tr><td><code>2026-03-18T03:51:27+00:00</code></td><td><code>provision-compose-environment</code></td><td><code>ready</code></td><td>-</td></tr>
<tr><td><code>2026-03-18T03:51:27+00:00</code></td><td><code>wait-ready</code></td><td><code>completed</code></td><td>baseline urls ready (1)</td></tr>
<tr><td><code>2026-03-18T03:51:27+00:00</code></td><td><code>seed-environment</code></td><td><code>completed</code></td><td>steps=1</td></tr>
<tr><td><code>2026-03-18T03:51:27+00:00</code></td><td><code>baseline-snapshot</code></td><td><code>completed</code></td><td>urls=1</td></tr>
<tr><td><code>2026-03-18T03:51:27+00:00</code></td><td><code>controlled-attack-chain</code></td><td><code>completed</code></td><td>steps=1</td></tr>
<tr><td><code>2026-03-18T03:51:28+00:00</code></td><td><code>collect-logs-and-evidence</code></td><td><code>completed</code></td><td>container_logs=1</td></tr>
<tr><td><code>2026-03-18T03:51:29+00:00</code></td><td><code>cleanup-compose-environment</code></td><td><code>completed</code></td><td>docker compose down completed</td></tr>
<tr><td><code>2026-03-18T03:51:29+00:00</code></td><td><code>update-registry-and-reports</code></td><td><code>completed</code></td><td>gitea-gitea--CVE-2018-15192-20260318035123</td></tr>
</tbody></table>
<h2>攻击步骤</h2>
<table><thead><tr><th>工具</th><th>状态</th><th>输出</th></tr></thead><tbody>
<tr><td><code>gitea.ssrf</code></td><td><code>completed</code></td><td><code>/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318035123/logs/attack.json</code></td></tr>
</tbody></table>
<h2>证据清单</h2><ul>
<li><code>compose/compose.yaml</code></li>
<li><code>logs/docker/app.log</code></li>
<li><code>logs/attack.json</code></li>
<li><code>logs/baseline.json</code></li>
</ul>
</body></html>

66
06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318035123/report.md 普通文件
查看文件

@@ -0,0 +1,66 @@
# 运行 gitea-gitea--CVE-2018-15192-20260318035123
> `LAB ONLY` | `AUTHORIZED TARGETS ONLY` | 自动生成 run bundle
- 漏洞条目: `gitea--CVE-2018-15192`
- 系统: `gitea`
- Repro Profile: `gitea-ssrf`
- 实证状态: `verified-real`
- 实证方式: `real`
- Artifact 模式: `local-fixture`
- 启动时间: `2026-03-18T03:51:23+00:00`
- 完成时间: `2026-03-18T03:51:29+00:00`
- 阻塞原因: `-`
- Compose 服务: `app`
## 运行时间线
- Mermaid: [timeline.mmd](/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318035123/timeline.mmd)
| 时间 | 步骤 | 状态 | 说明 |
|------|------|------|------|
| `2026-03-18T03:51:23+00:00` | `select-advisory` | `completed` | gitea--CVE-2018-15192 |
| `2026-03-18T03:51:23+00:00` | `resolve-repro-profile` | `completed` | gitea-ssrf |
| `2026-03-18T03:51:23+00:00` | `doctor` | `completed` | all checks passed |
| `2026-03-18T03:51:27+00:00` | `provision-compose-environment` | `ready` | - |
| `2026-03-18T03:51:27+00:00` | `wait-ready` | `completed` | baseline urls ready (1) |
| `2026-03-18T03:51:27+00:00` | `seed-environment` | `completed` | steps=1 |
| `2026-03-18T03:51:27+00:00` | `baseline-snapshot` | `completed` | urls=1 |
| `2026-03-18T03:51:27+00:00` | `controlled-attack-chain` | `completed` | steps=1 |
| `2026-03-18T03:51:28+00:00` | `collect-logs-and-evidence` | `completed` | container_logs=1 |
| `2026-03-18T03:51:29+00:00` | `cleanup-compose-environment` | `completed` | docker compose down completed |
| `2026-03-18T03:51:29+00:00` | `update-registry-and-reports` | `completed` | gitea-gitea--CVE-2018-15192-20260318035123 |
## Compose 拓扑
- Compose 文件: `/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318035123/compose/compose.yaml`
- 服务列表: `app`
## 攻击步骤
| 工具/步骤 | 状态 | 结果 |
|-----------|------|------|
| `gitea.ssrf` | `completed` | `/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318035123/logs/attack.json` |
## 证据摘要
- Baseline: `1`
- 攻击步骤: `1`
- 浏览器证据: `0`
- 容器日志: `1`
- 请求日志: `2`
## 容器日志
- `logs/docker/app.log`
## 请求与基线日志
- `logs/attack.json`
- `logs/baseline.json`
## 最小化验证说明
- 仅限自有资产、本地靶场或已授权实验目标。
- 默认执行 minimal-proof;不会把破坏性或不可回滚动作作为默认路径。
- 若浏览器证据缺失,前端类案例不会被标为 `verified-*`

145
06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318035123/run.json 普通文件
查看文件

@@ -0,0 +1,145 @@
{
"run_id": "gitea-gitea--CVE-2018-15192-20260318035123",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2018-15192",
"repro_profile_id": "gitea-ssrf",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318035123/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "gitea.ssrf",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318035123/logs/attack.json"
}
],
"browser_refs": [],
"browser_evidence": {
"required": false,
"present": false,
"refs": [],
"baseline_refs": [],
"proof_refs": [],
"baseline_title": null,
"proof_title": null,
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318035123/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318035123/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318035123/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318035123/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:51:23+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2018-15192"
},
{
"at": "2026-03-18T03:51:23+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-ssrf"
},
{
"at": "2026-03-18T03:51:23+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:51:27+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:51:27+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:51:27+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:51:27+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:51:27+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:51:28+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:51:29+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:51:29+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2018-15192-20260318035123"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "server-side callback reached the local sink"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:51:23+00:00",
"finished_at": "2026-03-18T03:51:29+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318035123",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318035123/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318035123/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318035123/timeline.mmd"
}
}

8
06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318035123/timeline.mmd 普通文件
查看文件

@@ -0,0 +1,8 @@
flowchart LR
A["选择 Advisory"] --> B["解析 Repro Profile"]
B --> C["生成 Compose 环境"]
C --> D["采集基线快照"]
D --> E["执行受控攻击步骤"]
E --> F["浏览器回放验证"]
F --> G["收集日志与证据"]
G --> H["回写 Registry 与报告"]

26
06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/assets/baseline-dom.html 普通文件
查看文件

@@ -0,0 +1,26 @@
<!DOCTYPE html><html lang="zh-CN"><head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Gitea Proxy Boundary Fixture</title>
<style>
body { font-family: sans-serif; background: #0f172a; color: #e2e8f0; margin: 0; padding: 32px; }
main { max-width: 900px; margin: 0 auto; background: #111827; border: 1px solid #334155; border-radius: 16px; padding: 24px; }
.proof { padding: 14px; border-radius: 12px; background: #14532d; color: #dcfce7; }
.baseline { padding: 14px; border-radius: 12px; background: #1e3a8a; color: #dbeafe; }
code { background: rgba(255,255,255,0.08); padding: 2px 6px; border-radius: 6px; }
</style>
</head>
<body>
<main>
<h1>Gitea Proxy Boundary Fixture</h1>
<p>Forwarded header trust boundary and admin gate fixture.</p>
<div class="baseline">Baseline ready</div>
<p>System: <code>gitea</code> / Family: <code>proxy-boundary</code></p>
</main>
</body></html>

二进制
06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/assets/baseline.png 普通文件
查看文件

二进制文件未显示。
双排

之后

宽度:  |  高度:  |  大小: 28 KiB

26
06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/assets/proof-dom.html 普通文件
查看文件

@@ -0,0 +1,26 @@
<!DOCTYPE html><html lang="zh-CN"><head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Gitea Proxy Boundary Fixture - proof</title>
<style>
body { font-family: sans-serif; background: #0f172a; color: #e2e8f0; margin: 0; padding: 32px; }
main { max-width: 900px; margin: 0 auto; background: #111827; border: 1px solid #334155; border-radius: 16px; padding: 24px; }
.proof { padding: 14px; border-radius: 12px; background: #14532d; color: #dcfce7; }
.baseline { padding: 14px; border-radius: 12px; background: #1e3a8a; color: #dbeafe; }
code { background: rgba(255,255,255,0.08); padding: 2px 6px; border-radius: 6px; }
</style>
</head>
<body>
<main>
<h1>Gitea Proxy Boundary Fixture</h1>
<p>Forwarded header trust boundary and admin gate fixture.</p>
<div class="proof">Proof active: trusted forwarded headers crossed the boundary</div>
<p>System: <code>gitea</code> / Family: <code>proxy-boundary</code></p>
<section id="admin-proof">Admin boundary bypass confirmed.</section>
</main>
</body></html>

二进制
06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/assets/proof.png 普通文件
查看文件

二进制文件未显示。
双排

之后

宽度:  |  高度:  |  大小: 36 KiB

26
06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/compose/compose.yaml 普通文件
查看文件

@@ -0,0 +1,26 @@
services:
app:
image: python:3.12-alpine
networks:
- labnet
ports:
- 18101:3000
environment:
LAB_FIXTURE_SCENARIO: /workspace/00-environments/templates/fixtures/gitea/proxy-boundary/scenario.json
PORT: '3000'
command:
- python
- /workspace/00-environments/templates/fixtures/shared/python_fixture.py
working_dir: /workspace
volumes:
- /Users/x/websafe:/workspace:ro
healthcheck:
test:
- CMD-SHELL
- wget -q -O - http://127.0.0.1:3000/healthz >/dev/null 2>&1 || exit 1
interval: 2s
timeout: 2s
retries: 20
networks:
labnet:
driver: bridge

68
06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/logs/attack.json 普通文件
查看文件

@@ -0,0 +1,68 @@
{
"steps": [
{
"kind": "runner",
"tool": "gitea.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/logs/attack.json"
}
],
"success": true,
"detail": "trusted forwarded headers crossed the boundary",
"before": {
"status_code": 403,
"ok": false,
"body": {
"ok": false,
"detail": "admin boundary still enforced"
}
},
"attack": {
"status_code": 200,
"ok": true,
"body": {
"ok": true,
"detail": "trusted forwarded headers crossed the boundary",
"case_id": "gitea--CVE-2018-18926"
}
},
"after": {
"status_code": 200,
"ok": true,
"body": {
"ok": true,
"detail": "trusted forwarded headers crossed the boundary",
"case_id": "gitea--CVE-2018-18926"
}
},
"proof": {
"status_code": 200,
"ok": true,
"body": {
"success": true,
"detail": "trusted forwarded headers crossed the boundary",
"case_id": "gitea--CVE-2018-18926",
"sink_hits": 0,
"uploads": [],
"events": [
{
"event": "seed",
"detail": "gitea--CVE-2018-18926"
},
{
"event": "attack",
"detail": "trusted forwarded headers crossed the boundary"
}
]
}
},
"assertions": [
{
"name": "proof-success",
"kind": "runner-proof",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
}
]
}

14
06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/logs/baseline-browser.json 普通文件
查看文件

@@ -0,0 +1,14 @@
{
"required": true,
"present": true,
"page_title": "Gitea Proxy Boundary Fixture",
"page_url": "http://127.0.0.1:18101/",
"error_kind": null,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/logs/baseline-page.json"
]
}

1
06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/logs/baseline-console.json 普通文件
查看文件

@@ -0,0 +1 @@
[]

6
06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/logs/baseline-network.json 普通文件
查看文件

@@ -0,0 +1,6 @@
[
{
"method": "GET",
"url": "http://127.0.0.1:18101/"
}
]

5
06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/logs/baseline-page.json 普通文件
查看文件

@@ -0,0 +1,5 @@
{
"url": "http://127.0.0.1:18101/",
"title": "Gitea Proxy Boundary Fixture",
"body_excerpt": "\n \n Gitea Proxy Boundary Fixture\n Forwarded header trust boundary and admin gate fixture.\n Baseline ready\n System: gitea / Family: proxy-boundary\n \n \n \n \n \n \n\n"
}

24
06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/logs/baseline.json 普通文件
查看文件

@@ -0,0 +1,24 @@
{
"observations": [
{
"url": "http://127.0.0.1:18101/",
"status_code": 200,
"headers": {
"Server": "BaseHTTP/0.6 Python/3.12.13",
"Date": "Wed, 18 Mar 2026 03:49:41 GMT",
"Content-Type": "text/html; charset=utf-8",
"Content-Length": "1010"
},
"body_excerpt": "<!doctype html>\n<html lang=\"zh-CN\">\n<head>\n <meta charset=\"utf-8\">\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">\n <title>Gitea Proxy Boundary Fixture</title>\n <style>\n body { font-family: sans-serif; background: #0f172a; color: #e2e8f0; margin: 0; padding: 32px; }\n main { max-width: 900px; margin: 0 auto; background: #111827; border: 1px solid #334155; border-radi"
}
],
"steps": [
{
"kind": "http-get",
"status": "completed",
"path": "/",
"status_code": 200,
"body_excerpt": "<!doctype html>\n<html lang=\"zh-CN\">\n<head>\n <meta charset=\"utf-8\">\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">\n <title>Gitea Proxy Boundary Fixture</title>\n <style>\n b"
}
]
}

0
06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/logs/docker/app.log 普通文件
查看文件

44
06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/logs/doctor.json 普通文件
查看文件

@@ -0,0 +1,44 @@
{
"status": "passed",
"ok": true,
"checks": [
{
"name": "docker-cli",
"ok": true,
"detail": "docker CLI available"
},
{
"name": "docker-daemon",
"ok": true,
"detail": "context=desktop-linux"
},
{
"name": "playwright-import",
"ok": true,
"detail": "playwright Python package import passed"
},
{
"name": "playwright-browser",
"ok": true,
"detail": "chromium runtime launch passed"
},
{
"name": "ports",
"ok": true,
"detail": "checked 1 host port bindings",
"bindings": [
{
"profile_id": "gitea-proxy-boundary",
"service": "app",
"binding": "18101:3000",
"port": 18101
}
]
}
],
"profile_ids": [
"gitea-proxy-boundary"
],
"failure_count": 0,
"summary": "all checks passed"
}

14
06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/logs/proof-browser.json 普通文件
查看文件

@@ -0,0 +1,14 @@
{
"required": true,
"present": true,
"page_title": "Gitea Proxy Boundary Fixture - proof",
"page_url": "http://127.0.0.1:18101/",
"error_kind": null,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/logs/proof-page.json"
]
}

1
06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/logs/proof-console.json 普通文件
查看文件

@@ -0,0 +1 @@
[]

6
06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/logs/proof-network.json 普通文件
查看文件

@@ -0,0 +1,6 @@
[
{
"method": "GET",
"url": "http://127.0.0.1:18101/"
}
]

5
06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/logs/proof-page.json 普通文件
查看文件

@@ -0,0 +1,5 @@
{
"url": "http://127.0.0.1:18101/",
"title": "Gitea Proxy Boundary Fixture - proof",
"body_excerpt": "\n \n Gitea Proxy Boundary Fixture\n Forwarded header trust boundary and admin gate fixture.\n Proof active: trusted forwarded headers crossed the boundary\n System: gitea / Family: proxy-boundary\n Admin boundary bypass confirmed.\n \n \n \n \n \n\n"
}

12
06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/logs/ready.json 普通文件
查看文件

@@ -0,0 +1,12 @@
{
"status": "completed",
"detail": "baseline urls ready (1)",
"elapsed_seconds": 0.0,
"observations": [
{
"url": "http://127.0.0.1:18101/",
"status_code": 200
}
],
"compose_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/compose/compose.yaml"
}

21
06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/logs/seed.json 普通文件
查看文件

@@ -0,0 +1,21 @@
{
"steps": [
{
"kind": "runner",
"tool": "gitea.proxy-boundary",
"status": "completed",
"status_code": 200,
"detail": "fixture seeded"
}
],
"seeded": true,
"result": {
"status_code": 200,
"ok": true,
"body": {
"ok": true,
"detail": "fixture seeded",
"case_id": "gitea--CVE-2018-18926"
}
}
}

62
06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/report.html 普通文件
查看文件

@@ -0,0 +1,62 @@
<!doctype html>
<html><head><meta charset='utf-8'><title>websafe 运行报告</title>
<style>body{font-family:ui-sans-serif,system-ui,sans-serif;margin:2rem;line-height:1.55;background:#f8fafc;color:#0f172a;} code,pre{background:#e2e8f0;padding:.2rem .4rem;border-radius:.3rem;} pre{white-space:pre-wrap;} .grid{display:grid;grid-template-columns:repeat(2,minmax(0,1fr));gap:1rem;} .card{border:1px solid #cbd5e1;padding:1rem;border-radius:.75rem;background:#fff;} table{width:100%;border-collapse:collapse;background:#fff;border:1px solid #cbd5e1;border-radius:.75rem;overflow:hidden;} th,td{padding:.75rem;border-bottom:1px solid #e2e8f0;text-align:left;vertical-align:top;} img{max-width:100%;border:1px solid #cbd5e1;border-radius:.5rem;} .gallery{display:grid;grid-template-columns:repeat(auto-fit,minmax(320px,1fr));gap:1rem;}</style>
</head><body>
<h1>运行 gitea-gitea--CVE-2018-18926-20260318034937</h1>
<div class='grid'>
<div class='card'><strong>漏洞条目</strong><br><code>gitea--CVE-2018-18926</code></div>
<div class='card'><strong>实证状态</strong><br><code>verified-real</code></div>
<div class='card'><strong>复现 Profile</strong><br><code>gitea-proxy-boundary</code></div>
<div class='card'><strong>Artifact 模式</strong><br><code>local-fixture</code></div>
</div>
<h2>Mermaid 时间线</h2>
<pre>flowchart LR
A[&quot;选择 Advisory&quot;] --&gt; B[&quot;解析 Repro Profile&quot;]
B --&gt; C[&quot;生成 Compose 环境&quot;]
C --&gt; D[&quot;采集基线快照&quot;]
D --&gt; E[&quot;执行受控攻击步骤&quot;]
E --&gt; F[&quot;浏览器回放验证&quot;]
F --&gt; G[&quot;收集日志与证据&quot;]
G --&gt; H[&quot;回写 Registry 与报告&quot;]</pre>
<h2>运行时间线</h2>
<table><thead><tr><th>时间</th><th>步骤</th><th>状态</th><th>说明</th></tr></thead><tbody>
<tr><td><code>2026-03-18T03:49:37+00:00</code></td><td><code>select-advisory</code></td><td><code>completed</code></td><td>gitea--CVE-2018-18926</td></tr>
<tr><td><code>2026-03-18T03:49:37+00:00</code></td><td><code>resolve-repro-profile</code></td><td><code>completed</code></td><td>gitea-proxy-boundary</td></tr>
<tr><td><code>2026-03-18T03:49:38+00:00</code></td><td><code>doctor</code></td><td><code>completed</code></td><td>all checks passed</td></tr>
<tr><td><code>2026-03-18T03:49:41+00:00</code></td><td><code>provision-compose-environment</code></td><td><code>ready</code></td><td>-</td></tr>
<tr><td><code>2026-03-18T03:49:41+00:00</code></td><td><code>wait-ready</code></td><td><code>completed</code></td><td>baseline urls ready (1)</td></tr>
<tr><td><code>2026-03-18T03:49:41+00:00</code></td><td><code>seed-environment</code></td><td><code>completed</code></td><td>steps=1</td></tr>
<tr><td><code>2026-03-18T03:49:41+00:00</code></td><td><code>baseline-snapshot</code></td><td><code>completed</code></td><td>urls=1</td></tr>
<tr><td><code>2026-03-18T03:49:42+00:00</code></td><td><code>browser-replay-before-attack</code></td><td><code>completed</code></td><td>-</td></tr>
<tr><td><code>2026-03-18T03:49:42+00:00</code></td><td><code>controlled-attack-chain</code></td><td><code>completed</code></td><td>steps=1</td></tr>
<tr><td><code>2026-03-18T03:49:42+00:00</code></td><td><code>browser-replay-after-attack</code></td><td><code>completed</code></td><td>-</td></tr>
<tr><td><code>2026-03-18T03:49:43+00:00</code></td><td><code>collect-logs-and-evidence</code></td><td><code>completed</code></td><td>container_logs=1</td></tr>
<tr><td><code>2026-03-18T03:49:44+00:00</code></td><td><code>cleanup-compose-environment</code></td><td><code>completed</code></td><td>docker compose down completed</td></tr>
<tr><td><code>2026-03-18T03:49:44+00:00</code></td><td><code>update-registry-and-reports</code></td><td><code>completed</code></td><td>gitea-gitea--CVE-2018-18926-20260318034937</td></tr>
</tbody></table>
<h2>攻击步骤</h2>
<table><thead><tr><th>工具</th><th>状态</th><th>输出</th></tr></thead><tbody>
<tr><td><code>gitea.proxy-boundary</code></td><td><code>completed</code></td><td><code>/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/logs/attack.json</code></td></tr>
</tbody></table>
<h2>浏览器截图</h2>
<div class='gallery'>
<figure><img src='assets/baseline.png' alt='baseline'><figcaption><code>assets/baseline.png</code></figcaption></figure>
<figure><img src='assets/proof.png' alt='proof'><figcaption><code>assets/proof.png</code></figcaption></figure>
</div>
<h2>证据清单</h2><ul>
<li><code>compose/compose.yaml</code></li>
<li><code>assets/baseline.png</code></li>
<li><code>assets/baseline-dom.html</code></li>
<li><code>logs/baseline-console.json</code></li>
<li><code>logs/baseline-network.json</code></li>
<li><code>logs/baseline-page.json</code></li>
<li><code>assets/proof.png</code></li>
<li><code>assets/proof-dom.html</code></li>
<li><code>logs/proof-console.json</code></li>
<li><code>logs/proof-network.json</code></li>
<li><code>logs/proof-page.json</code></li>
<li><code>logs/docker/app.log</code></li>
<li><code>logs/attack.json</code></li>
<li><code>logs/baseline.json</code></li>
</ul>
</body></html>

86
06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/report.md 普通文件
查看文件

@@ -0,0 +1,86 @@
# 运行 gitea-gitea--CVE-2018-18926-20260318034937
> `LAB ONLY` | `AUTHORIZED TARGETS ONLY` | 自动生成 run bundle
- 漏洞条目: `gitea--CVE-2018-18926`
- 系统: `gitea`
- Repro Profile: `gitea-proxy-boundary`
- 实证状态: `verified-real`
- 实证方式: `real`
- Artifact 模式: `local-fixture`
- 启动时间: `2026-03-18T03:49:37+00:00`
- 完成时间: `2026-03-18T03:49:44+00:00`
- 阻塞原因: `-`
- Compose 服务: `app`
## 运行时间线
- Mermaid: [timeline.mmd](/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/timeline.mmd)
| 时间 | 步骤 | 状态 | 说明 |
|------|------|------|------|
| `2026-03-18T03:49:37+00:00` | `select-advisory` | `completed` | gitea--CVE-2018-18926 |
| `2026-03-18T03:49:37+00:00` | `resolve-repro-profile` | `completed` | gitea-proxy-boundary |
| `2026-03-18T03:49:38+00:00` | `doctor` | `completed` | all checks passed |
| `2026-03-18T03:49:41+00:00` | `provision-compose-environment` | `ready` | - |
| `2026-03-18T03:49:41+00:00` | `wait-ready` | `completed` | baseline urls ready (1) |
| `2026-03-18T03:49:41+00:00` | `seed-environment` | `completed` | steps=1 |
| `2026-03-18T03:49:41+00:00` | `baseline-snapshot` | `completed` | urls=1 |
| `2026-03-18T03:49:42+00:00` | `browser-replay-before-attack` | `completed` | - |
| `2026-03-18T03:49:42+00:00` | `controlled-attack-chain` | `completed` | steps=1 |
| `2026-03-18T03:49:42+00:00` | `browser-replay-after-attack` | `completed` | - |
| `2026-03-18T03:49:43+00:00` | `collect-logs-and-evidence` | `completed` | container_logs=1 |
| `2026-03-18T03:49:44+00:00` | `cleanup-compose-environment` | `completed` | docker compose down completed |
| `2026-03-18T03:49:44+00:00` | `update-registry-and-reports` | `completed` | gitea-gitea--CVE-2018-18926-20260318034937 |
## Compose 拓扑
- Compose 文件: `/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/compose/compose.yaml`
- 服务列表: `app`
## 攻击步骤
| 工具/步骤 | 状态 | 结果 |
|-----------|------|------|
| `gitea.proxy-boundary` | `completed` | `/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/logs/attack.json` |
## 证据摘要
- Baseline: `1`
- 攻击步骤: `1`
- 浏览器证据: `10`
- 容器日志: `1`
- 请求日志: `2`
## 浏览器截图
![baseline](assets/baseline.png)
![proof](assets/proof.png)
## 浏览器证据
- `assets/baseline.png`
- `assets/baseline-dom.html`
- `logs/baseline-console.json`
- `logs/baseline-network.json`
- `logs/baseline-page.json`
- `assets/proof.png`
- `assets/proof-dom.html`
- `logs/proof-console.json`
- `logs/proof-network.json`
- `logs/proof-page.json`
## 容器日志
- `logs/docker/app.log`
## 请求与基线日志
- `logs/attack.json`
- `logs/baseline.json`
## 最小化验证说明
- 仅限自有资产、本地靶场或已授权实验目标。
- 默认执行 minimal-proof;不会把破坏性或不可回滚动作作为默认路径。
- 若浏览器证据缺失,前端类案例不会被标为 `verified-*`

197
06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/run.json 普通文件
查看文件

@@ -0,0 +1,197 @@
{
"run_id": "gitea-gitea--CVE-2018-18926-20260318034937",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2018-18926",
"repro_profile_id": "gitea-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "gitea.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/logs/proof-page.json"
],
"baseline_title": "Gitea Proxy Boundary Fixture",
"proof_title": "Gitea Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:49:37+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2018-18926"
},
{
"at": "2026-03-18T03:49:37+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-proxy-boundary"
},
{
"at": "2026-03-18T03:49:38+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:49:41+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:49:41+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:49:41+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:49:41+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:49:42+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:49:42+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:49:42+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:49:43+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:49:44+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:49:44+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2018-18926-20260318034937"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:49:37+00:00",
"finished_at": "2026-03-18T03:49:44+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/timeline.mmd"
}
}

8
06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318034937/timeline.mmd 普通文件
查看文件

@@ -0,0 +1,8 @@
flowchart LR
A["选择 Advisory"] --> B["解析 Repro Profile"]
B --> C["生成 Compose 环境"]
C --> D["采集基线快照"]
D --> E["执行受控攻击步骤"]
E --> F["浏览器回放验证"]
F --> G["收集日志与证据"]
G --> H["回写 Registry 与报告"]

26
06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/assets/baseline-dom.html 普通文件
查看文件

@@ -0,0 +1,26 @@
<!DOCTYPE html><html lang="zh-CN"><head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Gitea Proxy Boundary Fixture</title>
<style>
body { font-family: sans-serif; background: #0f172a; color: #e2e8f0; margin: 0; padding: 32px; }
main { max-width: 900px; margin: 0 auto; background: #111827; border: 1px solid #334155; border-radius: 16px; padding: 24px; }
.proof { padding: 14px; border-radius: 12px; background: #14532d; color: #dcfce7; }
.baseline { padding: 14px; border-radius: 12px; background: #1e3a8a; color: #dbeafe; }
code { background: rgba(255,255,255,0.08); padding: 2px 6px; border-radius: 6px; }
</style>
</head>
<body>
<main>
<h1>Gitea Proxy Boundary Fixture</h1>
<p>Forwarded header trust boundary and admin gate fixture.</p>
<div class="baseline">Baseline ready</div>
<p>System: <code>gitea</code> / Family: <code>proxy-boundary</code></p>
</main>
</body></html>

二进制
06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/assets/baseline.png 普通文件
查看文件

二进制文件未显示。
双排

之后

宽度:  |  高度:  |  大小: 28 KiB

26
06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/assets/proof-dom.html 普通文件
查看文件

@@ -0,0 +1,26 @@
<!DOCTYPE html><html lang="zh-CN"><head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Gitea Proxy Boundary Fixture - proof</title>
<style>
body { font-family: sans-serif; background: #0f172a; color: #e2e8f0; margin: 0; padding: 32px; }
main { max-width: 900px; margin: 0 auto; background: #111827; border: 1px solid #334155; border-radius: 16px; padding: 24px; }
.proof { padding: 14px; border-radius: 12px; background: #14532d; color: #dcfce7; }
.baseline { padding: 14px; border-radius: 12px; background: #1e3a8a; color: #dbeafe; }
code { background: rgba(255,255,255,0.08); padding: 2px 6px; border-radius: 6px; }
</style>
</head>
<body>
<main>
<h1>Gitea Proxy Boundary Fixture</h1>
<p>Forwarded header trust boundary and admin gate fixture.</p>
<div class="proof">Proof active: trusted forwarded headers crossed the boundary</div>
<p>System: <code>gitea</code> / Family: <code>proxy-boundary</code></p>
<section id="admin-proof">Admin boundary bypass confirmed.</section>
</main>
</body></html>

二进制
06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/assets/proof.png 普通文件
查看文件

二进制文件未显示。
双排

之后

宽度:  |  高度:  |  大小: 36 KiB

26
06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/compose/compose.yaml 普通文件
查看文件

@@ -0,0 +1,26 @@
services:
app:
image: python:3.12-alpine
networks:
- labnet
ports:
- 18101:3000
environment:
LAB_FIXTURE_SCENARIO: /workspace/00-environments/templates/fixtures/gitea/proxy-boundary/scenario.json
PORT: '3000'
command:
- python
- /workspace/00-environments/templates/fixtures/shared/python_fixture.py
working_dir: /workspace
volumes:
- /Users/x/websafe:/workspace:ro
healthcheck:
test:
- CMD-SHELL
- wget -q -O - http://127.0.0.1:3000/healthz >/dev/null 2>&1 || exit 1
interval: 2s
timeout: 2s
retries: 20
networks:
labnet:
driver: bridge

68
06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/attack.json 普通文件
查看文件

@@ -0,0 +1,68 @@
{
"steps": [
{
"kind": "runner",
"tool": "gitea.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/attack.json"
}
],
"success": true,
"detail": "trusted forwarded headers crossed the boundary",
"before": {
"status_code": 403,
"ok": false,
"body": {
"ok": false,
"detail": "admin boundary still enforced"
}
},
"attack": {
"status_code": 200,
"ok": true,
"body": {
"ok": true,
"detail": "trusted forwarded headers crossed the boundary",
"case_id": "gitea--CVE-2018-18926"
}
},
"after": {
"status_code": 200,
"ok": true,
"body": {
"ok": true,
"detail": "trusted forwarded headers crossed the boundary",
"case_id": "gitea--CVE-2018-18926"
}
},
"proof": {
"status_code": 200,
"ok": true,
"body": {
"success": true,
"detail": "trusted forwarded headers crossed the boundary",
"case_id": "gitea--CVE-2018-18926",
"sink_hits": 0,
"uploads": [],
"events": [
{
"event": "seed",
"detail": "gitea--CVE-2018-18926"
},
{
"event": "attack",
"detail": "trusted forwarded headers crossed the boundary"
}
]
}
},
"assertions": [
{
"name": "proof-success",
"kind": "runner-proof",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
}
]
}

14
06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/baseline-browser.json 普通文件
查看文件

@@ -0,0 +1,14 @@
{
"required": true,
"present": true,
"page_title": "Gitea Proxy Boundary Fixture",
"page_url": "http://127.0.0.1:18101/",
"error_kind": null,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/baseline-page.json"
]
}

1
06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/baseline-console.json 普通文件
查看文件

@@ -0,0 +1 @@
[]

6
06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/baseline-network.json 普通文件
查看文件

@@ -0,0 +1,6 @@
[
{
"method": "GET",
"url": "http://127.0.0.1:18101/"
}
]

5
06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/baseline-page.json 普通文件
查看文件

@@ -0,0 +1,5 @@
{
"url": "http://127.0.0.1:18101/",
"title": "Gitea Proxy Boundary Fixture",
"body_excerpt": "\n \n Gitea Proxy Boundary Fixture\n Forwarded header trust boundary and admin gate fixture.\n Baseline ready\n System: gitea / Family: proxy-boundary\n \n \n \n \n \n \n\n"
}

24
06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/baseline.json 普通文件
查看文件

@@ -0,0 +1,24 @@
{
"observations": [
{
"url": "http://127.0.0.1:18101/",
"status_code": 200,
"headers": {
"Server": "BaseHTTP/0.6 Python/3.12.13",
"Date": "Wed, 18 Mar 2026 03:51:32 GMT",
"Content-Type": "text/html; charset=utf-8",
"Content-Length": "1010"
},
"body_excerpt": "<!doctype html>\n<html lang=\"zh-CN\">\n<head>\n <meta charset=\"utf-8\">\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">\n <title>Gitea Proxy Boundary Fixture</title>\n <style>\n body { font-family: sans-serif; background: #0f172a; color: #e2e8f0; margin: 0; padding: 32px; }\n main { max-width: 900px; margin: 0 auto; background: #111827; border: 1px solid #334155; border-radi"
}
],
"steps": [
{
"kind": "http-get",
"status": "completed",
"path": "/",
"status_code": 200,
"body_excerpt": "<!doctype html>\n<html lang=\"zh-CN\">\n<head>\n <meta charset=\"utf-8\">\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">\n <title>Gitea Proxy Boundary Fixture</title>\n <style>\n b"
}
]
}

0
06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/docker/app.log 普通文件
查看文件

44
06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/doctor.json 普通文件
查看文件

@@ -0,0 +1,44 @@
{
"status": "passed",
"ok": true,
"checks": [
{
"name": "docker-cli",
"ok": true,
"detail": "docker CLI available"
},
{
"name": "docker-daemon",
"ok": true,
"detail": "context=desktop-linux"
},
{
"name": "playwright-import",
"ok": true,
"detail": "playwright Python package import passed"
},
{
"name": "playwright-browser",
"ok": true,
"detail": "chromium runtime launch passed"
},
{
"name": "ports",
"ok": true,
"detail": "checked 1 host port bindings",
"bindings": [
{
"profile_id": "gitea-proxy-boundary",
"service": "app",
"binding": "18101:3000",
"port": 18101
}
]
}
],
"profile_ids": [
"gitea-proxy-boundary"
],
"failure_count": 0,
"summary": "all checks passed"
}

14
06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/proof-browser.json 普通文件
查看文件

@@ -0,0 +1,14 @@
{
"required": true,
"present": true,
"page_title": "Gitea Proxy Boundary Fixture - proof",
"page_url": "http://127.0.0.1:18101/",
"error_kind": null,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/proof-page.json"
]
}

1
06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/proof-console.json 普通文件
查看文件

@@ -0,0 +1 @@
[]

6
06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/proof-network.json 普通文件
查看文件

@@ -0,0 +1,6 @@
[
{
"method": "GET",
"url": "http://127.0.0.1:18101/"
}
]

5
06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/proof-page.json 普通文件
查看文件

@@ -0,0 +1,5 @@
{
"url": "http://127.0.0.1:18101/",
"title": "Gitea Proxy Boundary Fixture - proof",
"body_excerpt": "\n \n Gitea Proxy Boundary Fixture\n Forwarded header trust boundary and admin gate fixture.\n Proof active: trusted forwarded headers crossed the boundary\n System: gitea / Family: proxy-boundary\n Admin boundary bypass confirmed.\n \n \n \n \n \n\n"
}

12
06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/ready.json 普通文件
查看文件

@@ -0,0 +1,12 @@
{
"status": "completed",
"detail": "baseline urls ready (1)",
"elapsed_seconds": 0.0,
"observations": [
{
"url": "http://127.0.0.1:18101/",
"status_code": 200
}
],
"compose_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/compose/compose.yaml"
}

21
06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/seed.json 普通文件
查看文件

@@ -0,0 +1,21 @@
{
"steps": [
{
"kind": "runner",
"tool": "gitea.proxy-boundary",
"status": "completed",
"status_code": 200,
"detail": "fixture seeded"
}
],
"seeded": true,
"result": {
"status_code": 200,
"ok": true,
"body": {
"ok": true,
"detail": "fixture seeded",
"case_id": "gitea--CVE-2018-18926"
}
}
}

62
06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/report.html 普通文件
查看文件

@@ -0,0 +1,62 @@
<!doctype html>
<html><head><meta charset='utf-8'><title>websafe 运行报告</title>
<style>body{font-family:ui-sans-serif,system-ui,sans-serif;margin:2rem;line-height:1.55;background:#f8fafc;color:#0f172a;} code,pre{background:#e2e8f0;padding:.2rem .4rem;border-radius:.3rem;} pre{white-space:pre-wrap;} .grid{display:grid;grid-template-columns:repeat(2,minmax(0,1fr));gap:1rem;} .card{border:1px solid #cbd5e1;padding:1rem;border-radius:.75rem;background:#fff;} table{width:100%;border-collapse:collapse;background:#fff;border:1px solid #cbd5e1;border-radius:.75rem;overflow:hidden;} th,td{padding:.75rem;border-bottom:1px solid #e2e8f0;text-align:left;vertical-align:top;} img{max-width:100%;border:1px solid #cbd5e1;border-radius:.5rem;} .gallery{display:grid;grid-template-columns:repeat(auto-fit,minmax(320px,1fr));gap:1rem;}</style>
</head><body>
<h1>运行 gitea-gitea--CVE-2018-18926-20260318035129</h1>
<div class='grid'>
<div class='card'><strong>漏洞条目</strong><br><code>gitea--CVE-2018-18926</code></div>
<div class='card'><strong>实证状态</strong><br><code>verified-real</code></div>
<div class='card'><strong>复现 Profile</strong><br><code>gitea-proxy-boundary</code></div>
<div class='card'><strong>Artifact 模式</strong><br><code>local-fixture</code></div>
</div>
<h2>Mermaid 时间线</h2>
<pre>flowchart LR
A[&quot;选择 Advisory&quot;] --&gt; B[&quot;解析 Repro Profile&quot;]
B --&gt; C[&quot;生成 Compose 环境&quot;]
C --&gt; D[&quot;采集基线快照&quot;]
D --&gt; E[&quot;执行受控攻击步骤&quot;]
E --&gt; F[&quot;浏览器回放验证&quot;]
F --&gt; G[&quot;收集日志与证据&quot;]
G --&gt; H[&quot;回写 Registry 与报告&quot;]</pre>
<h2>运行时间线</h2>
<table><thead><tr><th>时间</th><th>步骤</th><th>状态</th><th>说明</th></tr></thead><tbody>
<tr><td><code>2026-03-18T03:51:29+00:00</code></td><td><code>select-advisory</code></td><td><code>completed</code></td><td>gitea--CVE-2018-18926</td></tr>
<tr><td><code>2026-03-18T03:51:29+00:00</code></td><td><code>resolve-repro-profile</code></td><td><code>completed</code></td><td>gitea-proxy-boundary</td></tr>
<tr><td><code>2026-03-18T03:51:29+00:00</code></td><td><code>doctor</code></td><td><code>completed</code></td><td>all checks passed</td></tr>
<tr><td><code>2026-03-18T03:51:32+00:00</code></td><td><code>provision-compose-environment</code></td><td><code>ready</code></td><td>-</td></tr>
<tr><td><code>2026-03-18T03:51:32+00:00</code></td><td><code>wait-ready</code></td><td><code>completed</code></td><td>baseline urls ready (1)</td></tr>
<tr><td><code>2026-03-18T03:51:32+00:00</code></td><td><code>seed-environment</code></td><td><code>completed</code></td><td>steps=1</td></tr>
<tr><td><code>2026-03-18T03:51:32+00:00</code></td><td><code>baseline-snapshot</code></td><td><code>completed</code></td><td>urls=1</td></tr>
<tr><td><code>2026-03-18T03:51:33+00:00</code></td><td><code>browser-replay-before-attack</code></td><td><code>completed</code></td><td>-</td></tr>
<tr><td><code>2026-03-18T03:51:33+00:00</code></td><td><code>controlled-attack-chain</code></td><td><code>completed</code></td><td>steps=1</td></tr>
<tr><td><code>2026-03-18T03:51:34+00:00</code></td><td><code>browser-replay-after-attack</code></td><td><code>completed</code></td><td>-</td></tr>
<tr><td><code>2026-03-18T03:51:34+00:00</code></td><td><code>collect-logs-and-evidence</code></td><td><code>completed</code></td><td>container_logs=1</td></tr>
<tr><td><code>2026-03-18T03:51:35+00:00</code></td><td><code>cleanup-compose-environment</code></td><td><code>completed</code></td><td>docker compose down completed</td></tr>
<tr><td><code>2026-03-18T03:51:35+00:00</code></td><td><code>update-registry-and-reports</code></td><td><code>completed</code></td><td>gitea-gitea--CVE-2018-18926-20260318035129</td></tr>
</tbody></table>
<h2>攻击步骤</h2>
<table><thead><tr><th>工具</th><th>状态</th><th>输出</th></tr></thead><tbody>
<tr><td><code>gitea.proxy-boundary</code></td><td><code>completed</code></td><td><code>/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/attack.json</code></td></tr>
</tbody></table>
<h2>浏览器截图</h2>
<div class='gallery'>
<figure><img src='assets/baseline.png' alt='baseline'><figcaption><code>assets/baseline.png</code></figcaption></figure>
<figure><img src='assets/proof.png' alt='proof'><figcaption><code>assets/proof.png</code></figcaption></figure>
</div>
<h2>证据清单</h2><ul>
<li><code>compose/compose.yaml</code></li>
<li><code>assets/baseline.png</code></li>
<li><code>assets/baseline-dom.html</code></li>
<li><code>logs/baseline-console.json</code></li>
<li><code>logs/baseline-network.json</code></li>
<li><code>logs/baseline-page.json</code></li>
<li><code>assets/proof.png</code></li>
<li><code>assets/proof-dom.html</code></li>
<li><code>logs/proof-console.json</code></li>
<li><code>logs/proof-network.json</code></li>
<li><code>logs/proof-page.json</code></li>
<li><code>logs/docker/app.log</code></li>
<li><code>logs/attack.json</code></li>
<li><code>logs/baseline.json</code></li>
</ul>
</body></html>

86
06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/report.md 普通文件
查看文件

@@ -0,0 +1,86 @@
# 运行 gitea-gitea--CVE-2018-18926-20260318035129
> `LAB ONLY` | `AUTHORIZED TARGETS ONLY` | 自动生成 run bundle
- 漏洞条目: `gitea--CVE-2018-18926`
- 系统: `gitea`
- Repro Profile: `gitea-proxy-boundary`
- 实证状态: `verified-real`
- 实证方式: `real`
- Artifact 模式: `local-fixture`
- 启动时间: `2026-03-18T03:51:29+00:00`
- 完成时间: `2026-03-18T03:51:35+00:00`
- 阻塞原因: `-`
- Compose 服务: `app`
## 运行时间线
- Mermaid: [timeline.mmd](/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/timeline.mmd)
| 时间 | 步骤 | 状态 | 说明 |
|------|------|------|------|
| `2026-03-18T03:51:29+00:00` | `select-advisory` | `completed` | gitea--CVE-2018-18926 |
| `2026-03-18T03:51:29+00:00` | `resolve-repro-profile` | `completed` | gitea-proxy-boundary |
| `2026-03-18T03:51:29+00:00` | `doctor` | `completed` | all checks passed |
| `2026-03-18T03:51:32+00:00` | `provision-compose-environment` | `ready` | - |
| `2026-03-18T03:51:32+00:00` | `wait-ready` | `completed` | baseline urls ready (1) |
| `2026-03-18T03:51:32+00:00` | `seed-environment` | `completed` | steps=1 |
| `2026-03-18T03:51:32+00:00` | `baseline-snapshot` | `completed` | urls=1 |
| `2026-03-18T03:51:33+00:00` | `browser-replay-before-attack` | `completed` | - |
| `2026-03-18T03:51:33+00:00` | `controlled-attack-chain` | `completed` | steps=1 |
| `2026-03-18T03:51:34+00:00` | `browser-replay-after-attack` | `completed` | - |
| `2026-03-18T03:51:34+00:00` | `collect-logs-and-evidence` | `completed` | container_logs=1 |
| `2026-03-18T03:51:35+00:00` | `cleanup-compose-environment` | `completed` | docker compose down completed |
| `2026-03-18T03:51:35+00:00` | `update-registry-and-reports` | `completed` | gitea-gitea--CVE-2018-18926-20260318035129 |
## Compose 拓扑
- Compose 文件: `/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/compose/compose.yaml`
- 服务列表: `app`
## 攻击步骤
| 工具/步骤 | 状态 | 结果 |
|-----------|------|------|
| `gitea.proxy-boundary` | `completed` | `/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/attack.json` |
## 证据摘要
- Baseline: `1`
- 攻击步骤: `1`
- 浏览器证据: `10`
- 容器日志: `1`
- 请求日志: `2`
## 浏览器截图
![baseline](assets/baseline.png)
![proof](assets/proof.png)
## 浏览器证据
- `assets/baseline.png`
- `assets/baseline-dom.html`
- `logs/baseline-console.json`
- `logs/baseline-network.json`
- `logs/baseline-page.json`
- `assets/proof.png`
- `assets/proof-dom.html`
- `logs/proof-console.json`
- `logs/proof-network.json`
- `logs/proof-page.json`
## 容器日志
- `logs/docker/app.log`
## 请求与基线日志
- `logs/attack.json`
- `logs/baseline.json`
## 最小化验证说明
- 仅限自有资产、本地靶场或已授权实验目标。
- 默认执行 minimal-proof;不会把破坏性或不可回滚动作作为默认路径。
- 若浏览器证据缺失,前端类案例不会被标为 `verified-*`

197
06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/run.json 普通文件
查看文件

@@ -0,0 +1,197 @@
{
"run_id": "gitea-gitea--CVE-2018-18926-20260318035129",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2018-18926",
"repro_profile_id": "gitea-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "gitea.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/proof-page.json"
],
"baseline_title": "Gitea Proxy Boundary Fixture",
"proof_title": "Gitea Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:51:29+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2018-18926"
},
{
"at": "2026-03-18T03:51:29+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-proxy-boundary"
},
{
"at": "2026-03-18T03:51:29+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:51:32+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:51:32+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:51:32+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:51:32+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:51:33+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:51:33+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:51:34+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:51:34+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:51:35+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:51:35+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2018-18926-20260318035129"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:51:29+00:00",
"finished_at": "2026-03-18T03:51:35+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/timeline.mmd"
}
}

8
06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/timeline.mmd 普通文件
查看文件

@@ -0,0 +1,8 @@
flowchart LR
A["选择 Advisory"] --> B["解析 Repro Profile"]
B --> C["生成 Compose 环境"]
C --> D["采集基线快照"]
D --> E["执行受控攻击步骤"]
E --> F["浏览器回放验证"]
F --> G["收集日志与证据"]
G --> H["回写 Registry 与报告"]

26
06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318034944/assets/baseline-dom.html 普通文件
查看文件

@@ -0,0 +1,26 @@
<!DOCTYPE html><html lang="zh-CN"><head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Gitea Stored XSS Fixture</title>
<style>
body { font-family: sans-serif; background: #0f172a; color: #e2e8f0; margin: 0; padding: 32px; }
main { max-width: 900px; margin: 0 auto; background: #111827; border: 1px solid #334155; border-radius: 16px; padding: 24px; }
.proof { padding: 14px; border-radius: 12px; background: #14532d; color: #dcfce7; }
.baseline { padding: 14px; border-radius: 12px; background: #1e3a8a; color: #dbeafe; }
code { background: rgba(255,255,255,0.08); padding: 2px 6px; border-radius: 6px; }
</style>
</head>
<body>
<main>
<h1>Gitea Stored XSS Fixture</h1>
<p>Stored payload rendering path for browser proof capture.</p>
<div class="baseline">Baseline ready</div>
<p>System: <code>gitea</code> / Family: <code>xss</code></p>
</main>
</body></html>

二进制
06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318034944/assets/baseline.png 普通文件
查看文件

二进制文件未显示。
双排

之后

宽度:  |  高度:  |  大小: 26 KiB

26
06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318034944/assets/proof-dom.html 普通文件
查看文件

@@ -0,0 +1,26 @@
<!DOCTYPE html><html lang="zh-CN" data-xss-proof="true"><head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Gitea Stored XSS Fixture - proof</title>
<style>
body { font-family: sans-serif; background: #0f172a; color: #e2e8f0; margin: 0; padding: 32px; }
main { max-width: 900px; margin: 0 auto; background: #111827; border: 1px solid #334155; border-radius: 16px; padding: 24px; }
.proof { padding: 14px; border-radius: 12px; background: #14532d; color: #dcfce7; }
.baseline { padding: 14px; border-radius: 12px; background: #1e3a8a; color: #dbeafe; }
code { background: rgba(255,255,255,0.08); padding: 2px 6px; border-radius: 6px; }
</style>
</head>
<body>
<main>
<h1>Gitea Stored XSS Fixture</h1>
<p>Stored payload rendering path for browser proof capture.</p>
<div class="proof">Proof active: stored payload rendered inside the browser proof page</div>
<p>System: <code>gitea</code> / Family: <code>xss</code></p>
<script>document.documentElement.setAttribute('data-xss-proof','true');document.title = "Gitea Stored XSS Fixture - proof";</script><div id="xss-proof">XSS marker executed for gitea--CVE-2019-1010261</div>
</main>
</body></html>

二进制
06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318034944/assets/proof.png 普通文件
查看文件

二进制文件未显示。
双排

之后

宽度:  |  高度:  |  大小: 37 KiB

26
06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318034944/compose/compose.yaml 普通文件
查看文件

@@ -0,0 +1,26 @@
services:
app:
image: python:3.12-alpine
networks:
- labnet
ports:
- 18102:3000
environment:
LAB_FIXTURE_SCENARIO: /workspace/00-environments/templates/fixtures/gitea/xss/scenario.json
PORT: '3000'
command:
- python
- /workspace/00-environments/templates/fixtures/shared/python_fixture.py
working_dir: /workspace
volumes:
- /Users/x/websafe:/workspace:ro
healthcheck:
test:
- CMD-SHELL
- wget -q -O - http://127.0.0.1:3000/healthz >/dev/null 2>&1 || exit 1
interval: 2s
timeout: 2s
retries: 20
networks:
labnet:
driver: bridge

53
06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318034944/logs/attack.json 普通文件
查看文件

@@ -0,0 +1,53 @@
{
"steps": [
{
"kind": "runner",
"tool": "gitea.xss",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318034944/logs/attack.json"
}
],
"success": true,
"detail": "stored payload rendered inside the browser proof page",
"before": {},
"attack": {
"status_code": 200,
"ok": true,
"body": {
"ok": true,
"detail": "stored payload rendered inside the browser proof page",
"case_id": "gitea--CVE-2019-1010261"
}
},
"after": {},
"proof": {
"status_code": 200,
"ok": true,
"body": {
"success": true,
"detail": "stored payload rendered inside the browser proof page",
"case_id": "gitea--CVE-2019-1010261",
"sink_hits": 0,
"uploads": [],
"events": [
{
"event": "seed",
"detail": "gitea--CVE-2019-1010261"
},
{
"event": "attack",
"detail": "stored payload rendered inside the browser proof page"
}
]
}
},
"assertions": [
{
"name": "proof-success",
"kind": "runner-proof",
"passed": true,
"detail": "stored payload rendered inside the browser proof page"
}
]
}

14
06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318034944/logs/baseline-browser.json 普通文件
查看文件

@@ -0,0 +1,14 @@
{
"required": true,
"present": true,
"page_title": "Gitea Stored XSS Fixture",
"page_url": "http://127.0.0.1:18102/",
"error_kind": null,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318034944/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318034944/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318034944/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318034944/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318034944/logs/baseline-page.json"
]
}

1
06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318034944/logs/baseline-console.json 普通文件
查看文件

@@ -0,0 +1 @@
[]

6
06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318034944/logs/baseline-network.json 普通文件
查看文件

@@ -0,0 +1,6 @@
[
{
"method": "GET",
"url": "http://127.0.0.1:18102/"
}
]

5
06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318034944/logs/baseline-page.json 普通文件
查看文件

@@ -0,0 +1,5 @@
{
"url": "http://127.0.0.1:18102/",
"title": "Gitea Stored XSS Fixture",
"body_excerpt": "\n \n Gitea Stored XSS Fixture\n Stored payload rendering path for browser proof capture.\n Baseline ready\n System: gitea / Family: xss\n \n \n \n \n \n \n\n"
}

24
06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318034944/logs/baseline.json 普通文件
查看文件

@@ -0,0 +1,24 @@
{
"observations": [
{
"url": "http://127.0.0.1:18102/",
"status_code": 200,
"headers": {
"Server": "BaseHTTP/0.6 Python/3.12.13",
"Date": "Wed, 18 Mar 2026 03:49:47 GMT",
"Content-Type": "text/html; charset=utf-8",
"Content-Length": "992"
},
"body_excerpt": "<!doctype html>\n<html lang=\"zh-CN\">\n<head>\n <meta charset=\"utf-8\">\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">\n <title>Gitea Stored XSS Fixture</title>\n <style>\n body { font-family: sans-serif; background: #0f172a; color: #e2e8f0; margin: 0; padding: 32px; }\n main { max-width: 900px; margin: 0 auto; background: #111827; border: 1px solid #334155; border-radius: "
}
],
"steps": [
{
"kind": "http-get",
"status": "completed",
"path": "/",
"status_code": 200,
"body_excerpt": "<!doctype html>\n<html lang=\"zh-CN\">\n<head>\n <meta charset=\"utf-8\">\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">\n <title>Gitea Stored XSS Fixture</title>\n <style>\n body "
}
]
}

0
06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318034944/logs/docker/app.log 普通文件
查看文件

44
06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318034944/logs/doctor.json 普通文件
查看文件

@@ -0,0 +1,44 @@
{
"status": "passed",
"ok": true,
"checks": [
{
"name": "docker-cli",
"ok": true,
"detail": "docker CLI available"
},
{
"name": "docker-daemon",
"ok": true,
"detail": "context=desktop-linux"
},
{
"name": "playwright-import",
"ok": true,
"detail": "playwright Python package import passed"
},
{
"name": "playwright-browser",
"ok": true,
"detail": "chromium runtime launch passed"
},
{
"name": "ports",
"ok": true,
"detail": "checked 1 host port bindings",
"bindings": [
{
"profile_id": "gitea-xss",
"service": "app",
"binding": "18102:3000",
"port": 18102
}
]
}
],
"profile_ids": [
"gitea-xss"
],
"failure_count": 0,
"summary": "all checks passed"
}

14
06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318034944/logs/proof-browser.json 普通文件
查看文件

@@ -0,0 +1,14 @@
{
"required": true,
"present": true,
"page_title": "Gitea Stored XSS Fixture - proof",
"page_url": "http://127.0.0.1:18102/",
"error_kind": null,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318034944/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318034944/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318034944/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318034944/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318034944/logs/proof-page.json"
]
}

1
06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318034944/logs/proof-console.json 普通文件
查看文件

@@ -0,0 +1 @@
[]

6
06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318034944/logs/proof-network.json 普通文件
查看文件

@@ -0,0 +1,6 @@
[
{
"method": "GET",
"url": "http://127.0.0.1:18102/"
}
]

某些文件未显示,因为此 diff 中更改的文件太多 显示更多