hao/websafe-kb
1
0
派生 0
代码 工单 合并请求 1 工作流 软件包 项目 发布 百科 活动

lab: automated intel and verification sync codex/intel-20260317-000751

浏览代码
这个提交包含在:
hao
2026-03-17 00:07:51 -07:00
父节点 dddbe19df8
当前提交 1f2744825f
修改 88 个文件,包含 733 行新增170 行删除
下载 Patch 文件 下载 Diff 文件 展开所有文件 折叠所有文件

10
01-sql-injection/tools/sqli-exploit.go
查看文件

@@ -164,11 +164,11 @@ func (s *SQLiExploit) TestErrorBased(payloads []struct {
continue
}
for dbms := range errorPatterns {
if strings.Contains(body, "SQL") || strings.Contains(body, "error") ||
strings.Contains(body, "Error") || strings.Contains(body, "Warning") {
results = append(results, InjectionResult{
Payload: p.Payload,
for dbms := range errorPatterns {
if strings.Contains(body, "SQL") || strings.Contains(body, "error") ||
strings.Contains(body, "Error") || strings.Contains(body, "Warning") {
results = append(results, InjectionResult{
Payload: p.Payload,
VulnType: "Error-based",
DBMS: dbms,
ResponseLen: respLen,

8
02-xss/exploitation/README.md
查看文件

@@ -1,5 +1,9 @@
# XSS 利用实验
> `LAB NOTE` | `规划中`
> `LAB ONLY` | `AUTHORIZED TARGETS ONLY`
该目录预留给受控环境中的最小化利用演示、上下文差异说明和复现脚本。当前仅保留占位,避免误报为已完工。
该目录用于记录受控环境中的最小化利用演示、上下文差异说明和浏览器回放要求。
- 默认模式: `minimal-proof`
- 证据要求: 截图、DOM 快照、console、network、关键元素文本
- 关联入口: [scripts/lab/main.py](/Users/x/websafe/scripts/lab/main.py), [generated-runs](/Users/x/websafe/06-case-studies/generated-runs)

8
02-xss/payloads/README.md
查看文件

@@ -1,5 +1,9 @@
# XSS Payload 集合
> `LAB NOTE` | `规划中`
> `LAB ONLY` | `AUTHORIZED TARGETS ONLY`
该目录后续用于保存按上下文分类的实验 payload。正式补齐前,统一以工具内建 payload 和案例文档为准。
该目录用于记录按上下文分类的实验 payload 约束,而不是堆放面向未知站点的泛化攻击载荷。
- 来源: 以 [xss-fuzzer.py](/Users/x/websafe/02-xss/tools/xss-fuzzer.py) 和 [xss-scanner.go](/Users/x/websafe/02-xss/tools/xss-scanner.go) 的内建 payload 为准
- 语境: HTML、属性、DOM sink、编码绕过、CSP/Trusted Types 对照实验
- 不适用: 面向未授权第三方目标的通用 payload 清单传播

8
03-authentication/bruteforce/exploitation/README.md
查看文件

@@ -1,5 +1,9 @@
# 暴力破解利用说明
> `LAB NOTE` | `规划中`
> `LAB ONLY` | `AUTHORIZED TARGETS ONLY`
该目录预留给登录流程、锁定策略和验证码绕过的实验说明,强调最小化验证而非账户接管。
该目录用于记录登录流程、锁定策略和验证码前置控制面的实验说明,强调最小化验证而非账户接管。
- 默认目标: 本地种子账号或授权演示账户
- 默认方式: 小样本、低频、可审计请求
- 工具入口: [web-brute.py](/Users/x/websafe/03-authentication/bruteforce/tools/web-brute.py)

8
03-authentication/bruteforce/wordlists/README.md
查看文件

@@ -1,5 +1,9 @@
# 字典文件说明
> `LAB NOTE` | `规划中`
> `LAB ONLY` | `AUTHORIZED TARGETS ONLY`
该目录后续仅用于小规模、可审计的实验字典,不存放来自真实用户或泄露数据的口令集合
该目录仅用于小规模、可审计的实验字典。
- 仅允许: 本地种子账号、演示密码、可回滚测试账户
- 禁止: 真实用户密码、泄露口令库、撞库语料
- 默认执行器: [web-brute.py](/Users/x/websafe/03-authentication/bruteforce/tools/web-brute.py)

8
03-authentication/jwt/exploitation/README.md
查看文件

@@ -1,5 +1,9 @@
# JWT 利用实验
> `LAB NOTE` | `规划中`
> `LAB ONLY` | `AUTHORIZED TARGETS ONLY`
该目录预留给弱密钥、算法降级和 kid 注入的实验复盘,目标是验证控制面,而不是伪造真实第三方令牌。
该目录用于弱密钥、算法降级和 `kid` 注入的实验复盘,目标是验证控制面,而不是伪造真实第三方令牌。
- 默认工具: [jwt-cracker.py](/Users/x/websafe/03-authentication/jwt/tools/jwt-cracker.py)
- 输出约束: 不暴露真实明文密钥或第三方真实令牌内容
- 关联修复: `token-cookie-storage`, `authz-server-side-recheck`

8
03-authentication/session/exploitation/README.md
查看文件

@@ -1,5 +1,9 @@
# 会话利用实验
> `LAB NOTE` | `规划中`
> `LAB ONLY` | `AUTHORIZED TARGETS ONLY`
该目录后续用于会话固定、Cookie 属性登出失效对照实验。
该目录用于会话固定、Cookie 属性登出失效和 Token 轮换的最小化验证说明。
- 默认工具: [session-lab.py](/Users/x/websafe/03-authentication/session/tools/session-lab.py)
- 证据: Set-Cookie 属性、Storage 痕迹、可疑代理头、run bundle 链路
- 不适用: 真实账户会话劫持或第三方令牌伪造

8
04-server-security/nmap-scripts/README.md
查看文件

@@ -1,5 +1,9 @@
# Nmap 脚本目录
> `LAB NOTE` | `规划中`
> `LAB ONLY` | `AUTHORIZED TARGETS ONLY`
该目录预留给授权实验环境中的 NSE 脚本示例。当前不放置通用对外枚举脚本。
该目录用于授权实验环境中的 NSE 脚本说明与约束。
- 当前主入口仍是 [port-scanner.py](/Users/x/websafe/04-server-security/scanning/tools/port-scanner.py)
- 若补充 NSE 样例,只能绑定 `lab-local``lab-public``authorized-third-party`
- 不放置通用对外枚举脚本或泛互联网扫描模版

8
06-case-studies/generated-runs/gitea-livecheck-20260316/compose/compose.yaml 普通文件
查看文件

@@ -0,0 +1,8 @@
services:
app:
image: gitea/gitea:1.22.6
ports:
- 18085:3000
networks:
labnet:
driver: bridge

41
06-case-studies/generated-runs/gitea-livecheck-20260316/report.html 普通文件
查看文件

@@ -0,0 +1,41 @@
<!doctype html>
<html><head><meta charset='utf-8'><title>websafe run report</title>
<style>body{font-family:ui-sans-serif,system-ui,sans-serif;margin:2rem;line-height:1.55;background:#f8fafc;color:#0f172a;} code,pre{background:#e2e8f0;padding:.2rem .4rem;border-radius:.3rem;} pre{white-space:pre-wrap;} .grid{display:grid;grid-template-columns:repeat(2,minmax(0,1fr));gap:1rem;} .card{border:1px solid #cbd5e1;padding:1rem;border-radius:.75rem;background:#fff;} table{width:100%;border-collapse:collapse;background:#fff;border:1px solid #cbd5e1;border-radius:.75rem;overflow:hidden;} th,td{padding:.75rem;border-bottom:1px solid #e2e8f0;text-align:left;vertical-align:top;} img{max-width:100%;border:1px solid #cbd5e1;border-radius:.5rem;} .gallery{display:grid;grid-template-columns:repeat(auto-fit,minmax(320px,1fr));gap:1rem;}</style>
</head><body>
<h1>Run gitea-livecheck-20260316</h1>
<div class='grid'>
<div class='card'><strong>Advisory</strong><br><code>gitea--CVE-2025-68939</code></div>
<div class='card'><strong>Status</strong><br><code>blocked-artifact</code></div>
<div class='card'><strong>Profile</strong><br><code>file-upload-generic</code></div>
<div class='card'><strong>Artifact Mode</strong><br><code>official-image</code></div>
</div>
<h2>Mermaid Timeline</h2>
<pre>flowchart LR
A[&quot;Select Advisory&quot;] --&gt; B[&quot;Resolve Repro Profile&quot;]
B --&gt; C[&quot;Provision Compose Environment&quot;]
C --&gt; D[&quot;Baseline Snapshot&quot;]
D --&gt; E[&quot;Controlled Attack Steps&quot;]
E --&gt; F[&quot;Browser Replay&quot;]
F --&gt; G[&quot;Collect Logs and Evidence&quot;]
G --&gt; H[&quot;Update Registry and Reports&quot;]
H --&gt; I[&quot;Blocked: unable to get image &#x27;gitea/gitea:1.22.6&#x27;: Cannot connect to &quot;]</pre>
<h2>Timeline</h2>
<table><thead><tr><th>Time</th><th>Step</th><th>Status</th><th>Detail</th></tr></thead><tbody>
<tr><td><code>2026-03-17T07:02:55+00:00</code></td><td><code>select-advisory</code></td><td><code>completed</code></td><td>gitea--CVE-2025-68939</td></tr>
<tr><td><code>2026-03-17T07:02:55+00:00</code></td><td><code>resolve-repro-profile</code></td><td><code>completed</code></td><td>file-upload-generic</td></tr>
<tr><td><code>2026-03-17T07:02:56+00:00</code></td><td><code>provision-compose-environment</code></td><td><code>blocked-artifact</code></td><td>unable to get image &#x27;gitea/gitea:1.22.6&#x27;: Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running?</td></tr>
<tr><td><code>2026-03-17T07:02:56+00:00</code></td><td><code>baseline-snapshot</code></td><td><code>skipped</code></td><td>no baseline urls or provisioning blocked</td></tr>
<tr><td><code>2026-03-17T07:02:56+00:00</code></td><td><code>browser-replay-before-attack</code></td><td><code>skipped</code></td><td>baseline browser capture unavailable</td></tr>
<tr><td><code>2026-03-17T07:02:56+00:00</code></td><td><code>controlled-attack-chain</code></td><td><code>skipped</code></td><td>provisioning blocked</td></tr>
<tr><td><code>2026-03-17T07:02:56+00:00</code></td><td><code>browser-replay-after-attack</code></td><td><code>skipped</code></td><td>proof browser capture unavailable</td></tr>
<tr><td><code>2026-03-17T07:02:56+00:00</code></td><td><code>collect-logs-and-evidence</code></td><td><code>skipped</code></td><td>container_logs=0</td></tr>
<tr><td><code>2026-03-17T07:02:56+00:00</code></td><td><code>update-registry-and-reports</code></td><td><code>completed</code></td><td>gitea-livecheck-20260316</td></tr>
</tbody></table>
<h2>Attack Steps</h2>
<table><thead><tr><th>Tool</th><th>Status</th><th>Output</th></tr></thead><tbody>
<tr><td><code>-</code></td><td><code>skipped</code></td><td><code>no attack steps</code></td></tr>
</tbody></table>
<h2>Evidence</h2><ul>
<li><code>compose/compose.yaml</code></li>
</ul>
</body></html>

55
06-case-studies/generated-runs/gitea-livecheck-20260316/report.md 普通文件
查看文件

@@ -0,0 +1,55 @@
# Run gitea-livecheck-20260316
> `LAB ONLY` | `AUTHORIZED TARGETS ONLY` | 自动生成 run bundle
- Advisory: `gitea--CVE-2025-68939`
- 系统: `gitea`
- Repro Profile: `file-upload-generic`
- 实证状态: `blocked-artifact`
- 实证方式: `real`
- Artifact 模式: `official-image`
- 启动时间: `2026-03-17T07:02:55+00:00`
- 完成时间: `2026-03-17T07:02:56+00:00`
- 阻塞原因: `unable to get image 'gitea/gitea:1.22.6': Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running?`
- Compose 服务: `app`
## 运行时间线
- Mermaid: [timeline.mmd](/Users/x/websafe/06-case-studies/generated-runs/gitea-livecheck-20260316/timeline.mmd)
| 时间 | 步骤 | 状态 | 说明 |
|------|------|------|------|
| `2026-03-17T07:02:55+00:00` | `select-advisory` | `completed` | gitea--CVE-2025-68939 |
| `2026-03-17T07:02:55+00:00` | `resolve-repro-profile` | `completed` | file-upload-generic |
| `2026-03-17T07:02:56+00:00` | `provision-compose-environment` | `blocked-artifact` | unable to get image 'gitea/gitea:1.22.6': Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running? |
| `2026-03-17T07:02:56+00:00` | `baseline-snapshot` | `skipped` | no baseline urls or provisioning blocked |
| `2026-03-17T07:02:56+00:00` | `browser-replay-before-attack` | `skipped` | baseline browser capture unavailable |
| `2026-03-17T07:02:56+00:00` | `controlled-attack-chain` | `skipped` | provisioning blocked |
| `2026-03-17T07:02:56+00:00` | `browser-replay-after-attack` | `skipped` | proof browser capture unavailable |
| `2026-03-17T07:02:56+00:00` | `collect-logs-and-evidence` | `skipped` | container_logs=0 |
| `2026-03-17T07:02:56+00:00` | `update-registry-and-reports` | `completed` | gitea-livecheck-20260316 |
## Compose 拓扑
- Compose 文件: `/Users/x/websafe/06-case-studies/generated-runs/gitea-livecheck-20260316/compose/compose.yaml`
- 服务列表: `app`
## 攻击步骤
| 工具/步骤 | 状态 | 结果 |
|-----------|------|------|
| `-` | `skipped` | `no attack steps` |
## 证据摘要
- Baseline: `0`
- 攻击步骤: `0`
- 浏览器证据: `0`
- 容器日志: `0`
- 请求日志: `0`
## 最小化验证说明
- 仅限自有资产、本地靶场或已授权实验目标。
- 默认执行 minimal-proof;不会把破坏性或不可回滚动作作为默认路径。
- 若浏览器证据缺失,前端类案例不会被标为 `verified-*`

95
06-case-studies/generated-runs/gitea-livecheck-20260316/run.json 普通文件
查看文件

@@ -0,0 +1,95 @@
{
"run_id": "gitea-livecheck-20260316",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2025-68939",
"repro_profile_id": "file-upload-generic",
"verification_status": "blocked-artifact",
"verification_mode": "real",
"artifact_mode": "official-image",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [],
"attack_steps": [],
"browser_refs": [],
"browser_evidence": {
"required": true,
"present": false,
"refs": [],
"baseline_refs": [],
"proof_refs": [],
"baseline_title": null,
"proof_title": null
},
"container_log_refs": [],
"request_log_refs": [],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-livecheck-20260316/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-17T07:02:55+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2025-68939"
},
{
"at": "2026-03-17T07:02:55+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "file-upload-generic"
},
{
"at": "2026-03-17T07:02:56+00:00",
"step": "provision-compose-environment",
"status": "blocked-artifact",
"detail": "unable to get image 'gitea/gitea:1.22.6': Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running?"
},
{
"at": "2026-03-17T07:02:56+00:00",
"step": "baseline-snapshot",
"status": "skipped",
"detail": "no baseline urls or provisioning blocked"
},
{
"at": "2026-03-17T07:02:56+00:00",
"step": "browser-replay-before-attack",
"status": "skipped",
"detail": "baseline browser capture unavailable"
},
{
"at": "2026-03-17T07:02:56+00:00",
"step": "controlled-attack-chain",
"status": "skipped",
"detail": "provisioning blocked"
},
{
"at": "2026-03-17T07:02:56+00:00",
"step": "browser-replay-after-attack",
"status": "skipped",
"detail": "proof browser capture unavailable"
},
{
"at": "2026-03-17T07:02:56+00:00",
"step": "collect-logs-and-evidence",
"status": "skipped",
"detail": "container_logs=0"
},
{
"at": "2026-03-17T07:02:56+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-livecheck-20260316"
}
],
"started_at": "2026-03-17T07:02:55+00:00",
"finished_at": "2026-03-17T07:02:56+00:00",
"blocked_reason": "unable to get image 'gitea/gitea:1.22.6': Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running?",
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-livecheck-20260316",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-livecheck-20260316/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-livecheck-20260316/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-livecheck-20260316/timeline.mmd"
}
}

9
06-case-studies/generated-runs/gitea-livecheck-20260316/timeline.mmd 普通文件
查看文件

@@ -0,0 +1,9 @@
flowchart LR
A["Select Advisory"] --> B["Resolve Repro Profile"]
B --> C["Provision Compose Environment"]
C --> D["Baseline Snapshot"]
D --> E["Controlled Attack Steps"]
E --> F["Browser Replay"]
F --> G["Collect Logs and Evidence"]
G --> H["Update Registry and Reports"]
H --> I["Blocked: unable to get image 'gitea/gitea:1.22.6': Cannot connect to "]

2
07-framework-security/cms/directus/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:35:43+00:00`
- 最近渲染时间: `2026-03-17T07:06:35+00:00`
## 目标约束

2
07-framework-security/cms/discourse/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:35:43+00:00`
- 最近渲染时间: `2026-03-17T07:06:35+00:00`
## 目标约束

2
07-framework-security/cms/drupal/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:35:43+00:00`
- 最近渲染时间: `2026-03-17T07:06:35+00:00`
## 目标约束

2
07-framework-security/cms/ghost/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:35:43+00:00`
- 最近渲染时间: `2026-03-17T07:06:35+00:00`
## 目标约束

2
07-framework-security/cms/joomla/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:35:43+00:00`
- 最近渲染时间: `2026-03-17T07:06:35+00:00`
## 目标约束

2
07-framework-security/cms/mediawiki/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:35:43+00:00`
- 最近渲染时间: `2026-03-17T07:06:35+00:00`
## 目标约束

2
07-framework-security/cms/moodle/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:35:43+00:00`
- 最近渲染时间: `2026-03-17T07:06:35+00:00`
## 目标约束

2
07-framework-security/cms/strapi/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:35:43+00:00`
- 最近渲染时间: `2026-03-17T07:06:35+00:00`
## 目标约束

2
07-framework-security/cms/wordpress/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:35:43+00:00`
- 最近渲染时间: `2026-03-17T07:06:35+00:00`
## 目标约束

2
07-framework-security/ecommerce/adobe-commerce/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:35:43+00:00`
- 最近渲染时间: `2026-03-17T07:06:35+00:00`
## 目标约束

2
07-framework-security/ecommerce/magento-open-source/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:35:43+00:00`
- 最近渲染时间: `2026-03-17T07:06:35+00:00`
## 目标约束

2
07-framework-security/ecommerce/medusa/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:35:43+00:00`
- 最近渲染时间: `2026-03-17T07:06:35+00:00`
## 目标约束

2
07-framework-security/ecommerce/opencart/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:35:43+00:00`
- 最近渲染时间: `2026-03-17T07:06:35+00:00`
## 目标约束

2
07-framework-security/ecommerce/openmage/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:35:43+00:00`
- 最近渲染时间: `2026-03-17T07:06:35+00:00`
## 目标约束

2
07-framework-security/ecommerce/prestashop/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:35:43+00:00`
- 最近渲染时间: `2026-03-17T07:06:35+00:00`
## 目标约束

2
07-framework-security/ecommerce/saleor/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:35:43+00:00`
- 最近渲染时间: `2026-03-17T07:06:35+00:00`
## 目标约束

2
07-framework-security/ecommerce/shopware/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:35:43+00:00`
- 最近渲染时间: `2026-03-17T07:06:35+00:00`
## 目标约束

2
07-framework-security/ecommerce/woocommerce/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:35:43+00:00`
- 最近渲染时间: `2026-03-17T07:06:35+00:00`
## 目标约束

2
07-framework-security/frameworks/angular/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:35:45+00:00`
- 最近渲染时间: `2026-03-17T07:06:37+00:00`
## 目标约束

2
07-framework-security/frameworks/aspnet-core/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:35:46+00:00`
- 最近渲染时间: `2026-03-17T07:06:38+00:00`
## 目标约束

2
07-framework-security/frameworks/astro/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:35:45+00:00`
- 最近渲染时间: `2026-03-17T07:06:37+00:00`
## 目标约束

2
07-framework-security/frameworks/django/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:35:46+00:00`
- 最近渲染时间: `2026-03-17T07:06:38+00:00`
## 目标约束

2
07-framework-security/frameworks/echo/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:35:46+00:00`
- 最近渲染时间: `2026-03-17T07:06:38+00:00`
## 目标约束

2
07-framework-security/frameworks/esbuild/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:35:46+00:00`
- 最近渲染时间: `2026-03-17T07:06:38+00:00`
## 目标约束

2
07-framework-security/frameworks/express/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:35:45+00:00`
- 最近渲染时间: `2026-03-17T07:06:37+00:00`
## 目标约束

2
07-framework-security/frameworks/fastify/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:35:45+00:00`
- 最近渲染时间: `2026-03-17T07:06:37+00:00`
## 目标约束

2
07-framework-security/frameworks/flask/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:35:46+00:00`
- 最近渲染时间: `2026-03-17T07:06:38+00:00`
## 目标约束

2
07-framework-security/frameworks/gin/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:35:46+00:00`
- 最近渲染时间: `2026-03-17T07:06:38+00:00`
## 目标约束

2
07-framework-security/frameworks/hapi/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:35:45+00:00`
- 最近渲染时间: `2026-03-17T07:06:37+00:00`
## 目标约束

2
07-framework-security/frameworks/koa/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:35:45+00:00`
- 最近渲染时间: `2026-03-17T07:06:37+00:00`
## 目标约束

2
07-framework-security/frameworks/laravel/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:35:46+00:00`
- 最近渲染时间: `2026-03-17T07:06:38+00:00`
## 目标约束

2
07-framework-security/frameworks/nestjs/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:35:45+00:00`
- 最近渲染时间: `2026-03-17T07:06:37+00:00`
## 目标约束

2
07-framework-security/frameworks/nextjs/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `26`
- 最近渲染时间: `2026-03-17T06:35:44+00:00`
- 最近渲染时间: `2026-03-17T07:06:36+00:00`
## 目标约束

2
07-framework-security/frameworks/nodejs/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:35:45+00:00`
- 最近渲染时间: `2026-03-17T07:06:37+00:00`
## 目标约束

2
07-framework-security/frameworks/nuxt/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:35:44+00:00`
- 最近渲染时间: `2026-03-17T07:06:36+00:00`
## 目标约束

2
07-framework-security/frameworks/rails/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:35:46+00:00`
- 最近渲染时间: `2026-03-17T07:06:38+00:00`
## 目标约束

2
07-framework-security/frameworks/react/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:35:43+00:00`
- 最近渲染时间: `2026-03-17T07:06:35+00:00`
## 目标约束

2
07-framework-security/frameworks/spring-boot/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:35:46+00:00`
- 最近渲染时间: `2026-03-17T07:06:38+00:00`
## 目标约束

2
07-framework-security/frameworks/spring-framework/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:35:46+00:00`
- 最近渲染时间: `2026-03-17T07:06:38+00:00`
## 目标约束

2
07-framework-security/frameworks/spring-security/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:35:46+00:00`
- 最近渲染时间: `2026-03-17T07:06:38+00:00`
## 目标约束

2
07-framework-security/frameworks/sveltekit/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:35:45+00:00`
- 最近渲染时间: `2026-03-17T07:06:37+00:00`
## 目标约束

2
07-framework-security/frameworks/symfony/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:35:46+00:00`
- 最近渲染时间: `2026-03-17T07:06:38+00:00`
## 目标约束

2
07-framework-security/frameworks/undici/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `14`
- 最近渲染时间: `2026-03-17T06:35:46+00:00`
- 最近渲染时间: `2026-03-17T07:06:38+00:00`
## 目标约束

2
07-framework-security/frameworks/vite/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `12`
- 最近渲染时间: `2026-03-17T06:35:45+00:00`
- 最近渲染时间: `2026-03-17T07:06:37+00:00`
## 目标约束

2
07-framework-security/frameworks/vue/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:35:44+00:00`
- 最近渲染时间: `2026-03-17T07:06:36+00:00`
## 目标约束

2
07-framework-security/frameworks/webpack/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:35:46+00:00`
- 最近渲染时间: `2026-03-17T07:06:38+00:00`
## 目标约束

2
07-framework-security/frameworks/werkzeug/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:35:46+00:00`
- 最近渲染时间: `2026-03-17T07:06:38+00:00`
## 目标约束

2
07-framework-security/platforms/adminer/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:35:46+00:00`
- 最近渲染时间: `2026-03-17T07:06:38+00:00`
## 目标约束

2
07-framework-security/platforms/gitea/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `1`
- 待人工/缺浏览器证据: `36`
- 最近渲染时间: `2026-03-17T06:35:48+00:00`
- 最近渲染时间: `2026-03-17T07:06:40+00:00`
## 目标约束

6
07-framework-security/platforms/gitea/cases/gitea-cve-2025-68939.md
查看文件

@@ -11,7 +11,7 @@ source_confidence: "official"
verification_status: "blocked-artifact"
verification_mode: "real"
artifact_mode: "official-image"
last_run_id: "gitea-gitea--CVE-2025-68939-20260317063330"
last_run_id: "gitea-livecheck-20260316"
target_types:
- "lab-local"
- "lab-public"
@@ -42,9 +42,9 @@ primary_source: "https://github.com/advisories/GHSA-263q-5cv3-xq9g"
- 实证状态: `blocked-artifact`
- 实证方式: `real`
- Artifact 模式: `official-image`
- 最近运行: `gitea-gitea--CVE-2025-68939-20260317063330`
- 最近运行: `gitea-livecheck-20260316`
- 浏览器证据: `missing`
- Run Bundle: `/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260317063330`
- Run Bundle: `/Users/x/websafe/06-case-studies/generated-runs/gitea-livecheck-20260316`
## 事件层

2
07-framework-security/platforms/gitlab-ce/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:35:48+00:00`
- 最近渲染时间: `2026-03-17T07:06:40+00:00`
## 目标约束

2
07-framework-security/platforms/grafana/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:35:48+00:00`
- 最近渲染时间: `2026-03-17T07:06:40+00:00`
## 目标约束

2
07-framework-security/platforms/jenkins/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:35:48+00:00`
- 最近渲染时间: `2026-03-17T07:06:40+00:00`
## 目标约束

2
07-framework-security/platforms/kibana/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:35:48+00:00`
- 最近渲染时间: `2026-03-17T07:06:40+00:00`
## 目标约束

2
07-framework-security/platforms/mattermost/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:35:48+00:00`
- 最近渲染时间: `2026-03-17T07:06:40+00:00`
## 目标约束

2
07-framework-security/platforms/phpmyadmin/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:35:46+00:00`
- 最近渲染时间: `2026-03-17T07:06:38+00:00`
## 目标约束

2
07-framework-security/platforms/redmine/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:35:48+00:00`
- 最近渲染时间: `2026-03-17T07:06:40+00:00`
## 目标约束

2
07-framework-security/servers/apache-httpd/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:35:46+00:00`
- 最近渲染时间: `2026-03-17T07:06:38+00:00`
## 目标约束

2
07-framework-security/servers/apache-tomcat/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:35:46+00:00`
- 最近渲染时间: `2026-03-17T07:06:38+00:00`
## 目标约束

2
07-framework-security/servers/caddy/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:35:46+00:00`
- 最近渲染时间: `2026-03-17T07:06:38+00:00`
## 目标约束

2
07-framework-security/servers/haproxy/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:35:46+00:00`
- 最近渲染时间: `2026-03-17T07:06:38+00:00`
## 目标约束

2
07-framework-security/servers/nginx/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:35:46+00:00`
- 最近渲染时间: `2026-03-17T07:06:38+00:00`
## 目标约束

2
07-framework-security/servers/traefik/INDEX.md
查看文件

@@ -12,7 +12,7 @@
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-17T06:35:46+00:00`
- 最近渲染时间: `2026-03-17T07:06:38+00:00`
## 目标约束

71
08-threat-intel/generated/dashboard/index.html
查看文件

@@ -8,35 +8,86 @@
h1, h2 { margin-bottom: .5rem; }
.cards { display: grid; grid-template-columns: repeat(auto-fit, minmax(180px, 1fr)); gap: 1rem; margin: 1rem 0 2rem; }
.card { background: white; border: 1px solid #cbd5e1; border-radius: 14px; padding: 1rem; box-shadow: 0 4px 18px rgba(15,23,42,.06); }
table { width: 100%%; border-collapse: collapse; background: white; border-radius: 12px; overflow: hidden; }
.filters { display:flex; flex-wrap:wrap; gap:.75rem; margin: 1rem 0; }
input, select { padding: .6rem .75rem; border: 1px solid #cbd5e1; border-radius: 10px; background: white; }
table { width: 100%%; border-collapse: collapse; background: white; border-radius: 12px; overflow: hidden; margin-bottom: 2rem; }
th, td { padding: .75rem; border-bottom: 1px solid #e2e8f0; text-align: left; font-size: .92rem; }
code { background: #e2e8f0; padding: .1rem .35rem; border-radius: 6px; }
.muted { color: #475569; }
</style>
</head>
<body>
<h1>websafe Local Lab Dashboard</h1>
<p>LAB ONLY | AUTHORIZED TARGETS ONLY | 本地静态看板</p>
<div id="summary" class="cards"></div>
<h2>Recent Runs</h2>
<h2>System Coverage</h2>
<table>
<thead><tr><th>Run</th><th>Advisory</th><th>Status</th><th>Mode</th><th>Finished</th><th>Report</th></tr></thead>
<thead><tr><th>System</th><th>Total</th><th>Verified Real</th><th>Verified Synthetic</th><th>Blocked</th><th>Manual</th><th>Browser</th><th>Latest</th></tr></thead>
<tbody id="systemRows"></tbody>
</table>
<h2>Recent Runs</h2>
<div class="filters">
<input id="search" placeholder="Search advisory or run id">
<select id="systemFilter"><option value="">All systems</option></select>
<select id="statusFilter"><option value="">All statuses</option></select>
<select id="familyFilter"><option value="">All profiles</option></select>
</div>
<table>
<thead><tr><th>Run</th><th>System</th><th>Advisory</th><th>Status</th><th>Mode</th><th>Profile</th><th>Finished</th><th>Artifacts</th></tr></thead>
<tbody id="rows"></tbody>
</table>
<script>
async function main() {
const summary = await fetch('./summary.json').then(r => r.json());
const runs = await fetch('./runs.json').then(r => r.json());
const [summary, runs, systems] = await Promise.all([
fetch('./summary.json').then(r => r.json()),
fetch('./runs.json').then(r => r.json()),
fetch('./systems.json').then(r => r.json())
]);
const summaryRoot = document.getElementById('summary');
const cards = [{label: 'Run Count', value: summary.run_count}];
const cards = [{label: 'Advisories', value: summary.advisory_count}, {label: 'Run Count', value: summary.run_count}];
for (const [key, value] of Object.entries(summary.statuses)) {
cards.push({label: key, value});
}
summaryRoot.innerHTML = cards.map(item => `<div class="card"><strong>${item.label}</strong><div style="font-size:2rem;margin-top:.5rem;">${item.value}</div></div>`).join('');
const systemRows = document.getElementById('systemRows');
systemRows.innerHTML = systems.map(item => `<tr><td><code>${item.system_id}</code></td><td>${item.total}</td><td>${item.verified_real}</td><td>${item.verified_synthetic}</td><td>${item.blocked}</td><td>${item.manual}</td><td>${item.browser_present}/${item.browser_required}</td><td>${item.latest_update || ''}</td></tr>`).join('');
const systemFilter = document.getElementById('systemFilter');
const statusFilter = document.getElementById('statusFilter');
const familyFilter = document.getElementById('familyFilter');
const search = document.getElementById('search');
const distinct = (values) => Array.from(new Set(values.filter(Boolean))).sort();
systemFilter.innerHTML += distinct(runs.map(item => item.system_id)).map(value => `<option value="${value}">${value}</option>`).join('');
statusFilter.innerHTML += distinct(runs.map(item => item.verification_status)).map(value => `<option value="${value}">${value}</option>`).join('');
familyFilter.innerHTML += distinct(runs.map(item => item.repro_profile_id)).map(value => `<option value="${value}">${value}</option>`).join('');
const rows = document.getElementById('rows');
rows.innerHTML = runs.map(item => {
const report = item.report_refs && item.report_refs.report_html ? item.report_refs.report_html : '';
return `<tr><td><code>${item.run_id}</code></td><td><code>${item.advisory_id}</code></td><td>${item.verification_status}</td><td>${item.verification_mode}</td><td>${item.finished_at || ''}</td><td>${report ? `<a href="../../../../${report.replace('/Users/x/websafe/', '')}">open</a>` : '-'}</td></tr>`;
}).join('');
function renderRows() {
const query = search.value.trim().toLowerCase();
const filtered = runs.filter(item => {
if (systemFilter.value && item.system_id !== systemFilter.value) return false;
if (statusFilter.value && item.verification_status !== statusFilter.value) return false;
if (familyFilter.value && item.repro_profile_id !== familyFilter.value) return false;
if (query) {
const haystack = `${item.run_id} ${item.advisory_id} ${item.system_id} ${item.repro_profile_id}`.toLowerCase();
if (!haystack.includes(query)) return false;
}
return true;
});
rows.innerHTML = filtered.map(item => {
const links = [];
if (item.dashboard_refs && item.dashboard_refs.report_html) links.push(`<a href="${item.dashboard_refs.report_html}">report</a>`);
if (item.dashboard_refs && item.dashboard_refs.timeline) links.push(`<a href="${item.dashboard_refs.timeline}">timeline</a>`);
if (item.dashboard_refs && item.dashboard_refs.bundle) links.push(`<a href="${item.dashboard_refs.bundle}">bundle</a>`);
if (item.browser_links && item.browser_links.length) links.push(`<a href="${item.browser_links[0]}">browser</a>`);
if (item.container_links && item.container_links.length) links.push(`<a href="${item.container_links[0]}">logs</a>`);
const reason = item.blocked_reason ? `<div class="muted">${item.blocked_reason}</div>` : '';
return `<tr><td><code>${item.run_id}</code>${reason}</td><td><code>${item.system_id}</code></td><td><code>${item.advisory_id}</code></td><td>${item.verification_status}</td><td>${item.verification_mode}</td><td><code>${item.repro_profile_id}</code></td><td>${item.finished_at || ''}</td><td>${links.join(' | ') || '-'}</td></tr>`;
}).join('');
}
[systemFilter, statusFilter, familyFilter, search].forEach(node => node.addEventListener('input', renderRows));
renderRows();
}
main();
</script>

132
08-threat-intel/generated/dashboard/runs.json
查看文件

@@ -1,4 +1,108 @@
[
{
"run_id": "gitea-livecheck-20260316",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2025-68939",
"repro_profile_id": "file-upload-generic",
"verification_status": "blocked-artifact",
"verification_mode": "real",
"artifact_mode": "official-image",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [],
"attack_steps": [],
"browser_refs": [],
"browser_evidence": {
"required": true,
"present": false,
"refs": [],
"baseline_refs": [],
"proof_refs": [],
"baseline_title": null,
"proof_title": null
},
"container_log_refs": [],
"request_log_refs": [],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-livecheck-20260316/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-17T07:02:55+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2025-68939"
},
{
"at": "2026-03-17T07:02:55+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "file-upload-generic"
},
{
"at": "2026-03-17T07:02:56+00:00",
"step": "provision-compose-environment",
"status": "blocked-artifact",
"detail": "unable to get image 'gitea/gitea:1.22.6': Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running?"
},
{
"at": "2026-03-17T07:02:56+00:00",
"step": "baseline-snapshot",
"status": "skipped",
"detail": "no baseline urls or provisioning blocked"
},
{
"at": "2026-03-17T07:02:56+00:00",
"step": "browser-replay-before-attack",
"status": "skipped",
"detail": "baseline browser capture unavailable"
},
{
"at": "2026-03-17T07:02:56+00:00",
"step": "controlled-attack-chain",
"status": "skipped",
"detail": "provisioning blocked"
},
{
"at": "2026-03-17T07:02:56+00:00",
"step": "browser-replay-after-attack",
"status": "skipped",
"detail": "proof browser capture unavailable"
},
{
"at": "2026-03-17T07:02:56+00:00",
"step": "collect-logs-and-evidence",
"status": "skipped",
"detail": "container_logs=0"
},
{
"at": "2026-03-17T07:02:56+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-livecheck-20260316"
}
],
"started_at": "2026-03-17T07:02:55+00:00",
"finished_at": "2026-03-17T07:02:56+00:00",
"blocked_reason": "unable to get image 'gitea/gitea:1.22.6': Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running?",
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-livecheck-20260316",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-livecheck-20260316/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-livecheck-20260316/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-livecheck-20260316/timeline.mmd"
},
"dashboard_refs": {
"report_html": "./runs/gitea-livecheck-20260316/report.html",
"report_md": "./runs/gitea-livecheck-20260316/report.md",
"timeline": "./runs/gitea-livecheck-20260316/timeline.mmd",
"bundle": "./runs/gitea-livecheck-20260316/run.json"
},
"browser_links": [],
"container_links": [],
"request_links": []
},
{
"run_id": "gitea-gitea--CVE-2025-68939-20260317063330",
"system_id": "gitea",
@@ -28,7 +132,19 @@
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260317063330/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260317063330/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260317063330/timeline.mmd"
}
},
"dashboard_refs": {
"report_html": "./runs/gitea-gitea--CVE-2025-68939-20260317063330/report.html",
"report_md": "./runs/gitea-gitea--CVE-2025-68939-20260317063330/report.md",
"timeline": "./runs/gitea-gitea--CVE-2025-68939-20260317063330/timeline.mmd",
"bundle": "./runs/gitea-gitea--CVE-2025-68939-20260317063330/run.json"
},
"browser_links": [],
"container_links": [],
"request_links": [
"./runs/gitea-gitea--CVE-2025-68939-20260317063330/logs/attack.json",
"./runs/gitea-gitea--CVE-2025-68939-20260317063330/logs/baseline.json"
]
},
{
"run_id": "nextjs-nextjs--CVE-2025-29927-20260317063047",
@@ -68,6 +184,18 @@
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-29927-20260317063047/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-29927-20260317063047/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-29927-20260317063047/timeline.mmd"
}
},
"dashboard_refs": {
"report_html": "./runs/nextjs-nextjs--CVE-2025-29927-20260317063047/report.html",
"report_md": "./runs/nextjs-nextjs--CVE-2025-29927-20260317063047/report.md",
"timeline": "./runs/nextjs-nextjs--CVE-2025-29927-20260317063047/timeline.mmd",
"bundle": "./runs/nextjs-nextjs--CVE-2025-29927-20260317063047/run.json"
},
"browser_links": [],
"container_links": [],
"request_links": [
"./runs/nextjs-nextjs--CVE-2025-29927-20260317063047/logs/attack.json",
"./runs/nextjs-nextjs--CVE-2025-29927-20260317063047/logs/baseline.json"
]
}
]

1
08-threat-intel/generated/dashboard/runs/gitea-gitea--CVE-2025-68939-20260317063330 符号链接
查看文件

@@ -0,0 +1 @@
../../../../06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260317063330

1
08-threat-intel/generated/dashboard/runs/gitea-livecheck-20260316 符号链接
查看文件

@@ -0,0 +1 @@
../../../../06-case-studies/generated-runs/gitea-livecheck-20260316

1
08-threat-intel/generated/dashboard/runs/nextjs-nextjs--CVE-2025-29927-20260317063047 符号链接
查看文件

@@ -0,0 +1 @@
../../../../06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-29927-20260317063047

131
08-threat-intel/generated/dashboard/summary.json
查看文件

@@ -1,80 +1,79 @@
{
"run_count": 2,
"generated_at": "2026-03-17T07:06:50+00:00",
"advisory_count": 89,
"run_count": 3,
"statuses": {
"blocked-artifact": 1,
"blocked-artifact": 2,
"triage-manual": 1
},
"recent_runs": [
"recent_failures": [
{
"run_id": "gitea-livecheck-20260316",
"advisory_id": "gitea--CVE-2025-68939",
"status": "blocked-artifact",
"blocked_reason": "unable to get image 'gitea/gitea:1.22.6': Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running?"
},
{
"run_id": "gitea-gitea--CVE-2025-68939-20260317063330",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2025-68939",
"repro_profile_id": "file-upload-generic",
"verification_status": "blocked-artifact",
"verification_mode": "real",
"artifact_mode": "official-image",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [],
"attack_steps": [],
"browser_refs": [],
"container_log_refs": [],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260317063330/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260317063330/logs/baseline.json"
],
"timeline": [],
"started_at": "2026-03-17T06:33:30+00:00",
"finished_at": "2026-03-17T06:33:30+00:00",
"blocked_reason": "unable to get image 'gitea/gitea:1.22.6': Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running?",
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260317063330",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260317063330/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260317063330/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260317063330/timeline.mmd"
}
"status": "blocked-artifact",
"blocked_reason": "unable to get image 'gitea/gitea:1.22.6': Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running?"
},
{
"run_id": "nextjs-nextjs--CVE-2025-29927-20260317063047",
"system_id": "nextjs",
"advisory_id": "nextjs--CVE-2025-29927",
"repro_profile_id": "authz-bypass-generic",
"verification_status": "triage-manual",
"verification_mode": "real",
"artifact_mode": "official-source",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-29927-20260317063047/logs/baseline.json"
],
"attack_steps": [
{
"kind": "note",
"tool": null,
"args": [],
"status": "planned"
}
],
"browser_refs": [],
"container_log_refs": [],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-29927-20260317063047/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-29927-20260317063047/logs/baseline.json"
],
"timeline": [],
"started_at": "2026-03-17T06:30:47+00:00",
"finished_at": "2026-03-17T06:30:47+00:00",
"blocked_reason": "dry-run only",
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-29927-20260317063047",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-29927-20260317063047/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-29927-20260317063047/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-29927-20260317063047/timeline.mmd"
}
"status": "triage-manual",
"blocked_reason": "dry-run only"
}
],
"systems": [
{
"system_id": "gitea",
"display_name": "Gitea",
"total": 37,
"verified_real": 0,
"verified_synthetic": 0,
"blocked": 1,
"manual": 36,
"browser_required": 0,
"browser_present": 0,
"latest_update": "2026-03-03T04:57:57.697708Z"
},
{
"system_id": "nextjs",
"display_name": "Next.js",
"total": 26,
"verified_real": 0,
"verified_synthetic": 0,
"blocked": 0,
"manual": 26,
"browser_required": 0,
"browser_present": 0,
"latest_update": "2026-03-13T22:14:13.665535Z"
},
{
"system_id": "undici",
"display_name": "Undici",
"total": 14,
"verified_real": 0,
"verified_synthetic": 0,
"blocked": 0,
"manual": 14,
"browser_required": 0,
"browser_present": 0,
"latest_update": "2026-03-14T09:19:54.772219Z"
},
{
"system_id": "vite",
"display_name": "Vite",
"total": 12,
"verified_real": 0,
"verified_synthetic": 0,
"blocked": 0,
"manual": 12,
"browser_required": 0,
"browser_present": 0,
"latest_update": "2026-02-04T04:37:24.129476Z"
}
]
}

50
08-threat-intel/generated/dashboard/systems.json 普通文件
查看文件

@@ -0,0 +1,50 @@
[
{
"system_id": "gitea",
"display_name": "Gitea",
"total": 37,
"verified_real": 0,
"verified_synthetic": 0,
"blocked": 1,
"manual": 36,
"browser_required": 0,
"browser_present": 0,
"latest_update": "2026-03-03T04:57:57.697708Z"
},
{
"system_id": "nextjs",
"display_name": "Next.js",
"total": 26,
"verified_real": 0,
"verified_synthetic": 0,
"blocked": 0,
"manual": 26,
"browser_required": 0,
"browser_present": 0,
"latest_update": "2026-03-13T22:14:13.665535Z"
},
{
"system_id": "undici",
"display_name": "Undici",
"total": 14,
"verified_real": 0,
"verified_synthetic": 0,
"blocked": 0,
"manual": 14,
"browser_required": 0,
"browser_present": 0,
"latest_update": "2026-03-14T09:19:54.772219Z"
},
{
"system_id": "vite",
"display_name": "Vite",
"total": 12,
"verified_real": 0,
"verified_synthetic": 0,
"blocked": 0,
"manual": 12,
"browser_required": 0,
"browser_present": 0,
"latest_update": "2026-02-04T04:37:24.129476Z"
}
]

2
08-threat-intel/generated/latest-ingest.md
查看文件

@@ -1,6 +1,6 @@
# 最新同步摘要
- 渲染时间: `2026-03-17T06:35:58+00:00`
- 渲染时间: `2026-03-17T07:06:50+00:00`
- 系统数量: `62`
- Advisory 数量: `89`
- 重点 Markdown 数量: `89`

2
08-threat-intel/generated/run-summary.json
查看文件

@@ -1,5 +1,5 @@
{
"generated_at": "2026-03-17T06:35:58+00:00",
"generated_at": "2026-03-17T07:06:50+00:00",
"system_count": 62,
"advisory_count": 89,
"markdown_count": 89,

6
08-threat-intel/registry/advisories/gitea--CVE-2025-68939.json
查看文件

@@ -51,9 +51,9 @@
"triage_reasons": [],
"verification_status": "blocked-artifact",
"verification_mode": "real",
"last_verified_at": "2026-03-17T06:33:30+00:00",
"last_run_id": "gitea-gitea--CVE-2025-68939-20260317063330",
"evidence_bundle": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260317063330",
"last_verified_at": "2026-03-17T07:02:56+00:00",
"last_run_id": "gitea-livecheck-20260316",
"evidence_bundle": "/Users/x/websafe/06-case-studies/generated-runs/gitea-livecheck-20260316",
"browser_evidence": {
"required": false,
"present": false,

95
08-threat-intel/registry/runs/gitea-livecheck-20260316.json 普通文件
查看文件

@@ -0,0 +1,95 @@
{
"run_id": "gitea-livecheck-20260316",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2025-68939",
"repro_profile_id": "file-upload-generic",
"verification_status": "blocked-artifact",
"verification_mode": "real",
"artifact_mode": "official-image",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [],
"attack_steps": [],
"browser_refs": [],
"browser_evidence": {
"required": true,
"present": false,
"refs": [],
"baseline_refs": [],
"proof_refs": [],
"baseline_title": null,
"proof_title": null
},
"container_log_refs": [],
"request_log_refs": [],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-livecheck-20260316/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-17T07:02:55+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2025-68939"
},
{
"at": "2026-03-17T07:02:55+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "file-upload-generic"
},
{
"at": "2026-03-17T07:02:56+00:00",
"step": "provision-compose-environment",
"status": "blocked-artifact",
"detail": "unable to get image 'gitea/gitea:1.22.6': Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running?"
},
{
"at": "2026-03-17T07:02:56+00:00",
"step": "baseline-snapshot",
"status": "skipped",
"detail": "no baseline urls or provisioning blocked"
},
{
"at": "2026-03-17T07:02:56+00:00",
"step": "browser-replay-before-attack",
"status": "skipped",
"detail": "baseline browser capture unavailable"
},
{
"at": "2026-03-17T07:02:56+00:00",
"step": "controlled-attack-chain",
"status": "skipped",
"detail": "provisioning blocked"
},
{
"at": "2026-03-17T07:02:56+00:00",
"step": "browser-replay-after-attack",
"status": "skipped",
"detail": "proof browser capture unavailable"
},
{
"at": "2026-03-17T07:02:56+00:00",
"step": "collect-logs-and-evidence",
"status": "skipped",
"detail": "container_logs=0"
},
{
"at": "2026-03-17T07:02:56+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-livecheck-20260316"
}
],
"started_at": "2026-03-17T07:02:55+00:00",
"finished_at": "2026-03-17T07:02:56+00:00",
"blocked_reason": "unable to get image 'gitea/gitea:1.22.6': Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running?",
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-livecheck-20260316",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-livecheck-20260316/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-livecheck-20260316/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-livecheck-20260316/timeline.mmd"
}
}

7
scripts/lab/render.py
查看文件

@@ -212,15 +212,16 @@ def render_dashboard() -> Dict[str, str]:
if not bundle_dir.exists():
continue
symlink_path = runs_dir / item["run_id"]
relative_target = os.path.relpath(bundle_dir, symlink_path.parent)
try:
if symlink_path.is_symlink() or symlink_path.exists():
if symlink_path.is_symlink() and symlink_path.resolve() == bundle_dir.resolve():
if symlink_path.is_symlink() and os.readlink(symlink_path) == relative_target:
pass
else:
symlink_path.unlink()
os.symlink(bundle_dir, symlink_path, target_is_directory=True)
os.symlink(relative_target, symlink_path, target_is_directory=True)
else:
os.symlink(bundle_dir, symlink_path, target_is_directory=True)
os.symlink(relative_target, symlink_path, target_is_directory=True)
except OSError:
continue