hao/websafe-kb
1
0
派生 0
代码 工单 合并请求 1 工作流 软件包 项目 发布 百科 活动

lab: automated intel and verification sync codex/intel-20260317-000751

浏览代码
这个提交包含在:
hao
2026-03-17 00:07:51 -07:00
父节点 dddbe19df8
当前提交 1f2744825f
修改 88 个文件,包含 733 行新增170 行删除
下载 Patch 文件 下载 Diff 文件 展开所有文件 折叠所有文件

8
06-case-studies/generated-runs/gitea-livecheck-20260316/compose/compose.yaml 普通文件
查看文件

@@ -0,0 +1,8 @@
services:
app:
image: gitea/gitea:1.22.6
ports:
- 18085:3000
networks:
labnet:
driver: bridge

41
06-case-studies/generated-runs/gitea-livecheck-20260316/report.html 普通文件
查看文件

@@ -0,0 +1,41 @@
<!doctype html>
<html><head><meta charset='utf-8'><title>websafe run report</title>
<style>body{font-family:ui-sans-serif,system-ui,sans-serif;margin:2rem;line-height:1.55;background:#f8fafc;color:#0f172a;} code,pre{background:#e2e8f0;padding:.2rem .4rem;border-radius:.3rem;} pre{white-space:pre-wrap;} .grid{display:grid;grid-template-columns:repeat(2,minmax(0,1fr));gap:1rem;} .card{border:1px solid #cbd5e1;padding:1rem;border-radius:.75rem;background:#fff;} table{width:100%;border-collapse:collapse;background:#fff;border:1px solid #cbd5e1;border-radius:.75rem;overflow:hidden;} th,td{padding:.75rem;border-bottom:1px solid #e2e8f0;text-align:left;vertical-align:top;} img{max-width:100%;border:1px solid #cbd5e1;border-radius:.5rem;} .gallery{display:grid;grid-template-columns:repeat(auto-fit,minmax(320px,1fr));gap:1rem;}</style>
</head><body>
<h1>Run gitea-livecheck-20260316</h1>
<div class='grid'>
<div class='card'><strong>Advisory</strong><br><code>gitea--CVE-2025-68939</code></div>
<div class='card'><strong>Status</strong><br><code>blocked-artifact</code></div>
<div class='card'><strong>Profile</strong><br><code>file-upload-generic</code></div>
<div class='card'><strong>Artifact Mode</strong><br><code>official-image</code></div>
</div>
<h2>Mermaid Timeline</h2>
<pre>flowchart LR
A[&quot;Select Advisory&quot;] --&gt; B[&quot;Resolve Repro Profile&quot;]
B --&gt; C[&quot;Provision Compose Environment&quot;]
C --&gt; D[&quot;Baseline Snapshot&quot;]
D --&gt; E[&quot;Controlled Attack Steps&quot;]
E --&gt; F[&quot;Browser Replay&quot;]
F --&gt; G[&quot;Collect Logs and Evidence&quot;]
G --&gt; H[&quot;Update Registry and Reports&quot;]
H --&gt; I[&quot;Blocked: unable to get image &#x27;gitea/gitea:1.22.6&#x27;: Cannot connect to &quot;]</pre>
<h2>Timeline</h2>
<table><thead><tr><th>Time</th><th>Step</th><th>Status</th><th>Detail</th></tr></thead><tbody>
<tr><td><code>2026-03-17T07:02:55+00:00</code></td><td><code>select-advisory</code></td><td><code>completed</code></td><td>gitea--CVE-2025-68939</td></tr>
<tr><td><code>2026-03-17T07:02:55+00:00</code></td><td><code>resolve-repro-profile</code></td><td><code>completed</code></td><td>file-upload-generic</td></tr>
<tr><td><code>2026-03-17T07:02:56+00:00</code></td><td><code>provision-compose-environment</code></td><td><code>blocked-artifact</code></td><td>unable to get image &#x27;gitea/gitea:1.22.6&#x27;: Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running?</td></tr>
<tr><td><code>2026-03-17T07:02:56+00:00</code></td><td><code>baseline-snapshot</code></td><td><code>skipped</code></td><td>no baseline urls or provisioning blocked</td></tr>
<tr><td><code>2026-03-17T07:02:56+00:00</code></td><td><code>browser-replay-before-attack</code></td><td><code>skipped</code></td><td>baseline browser capture unavailable</td></tr>
<tr><td><code>2026-03-17T07:02:56+00:00</code></td><td><code>controlled-attack-chain</code></td><td><code>skipped</code></td><td>provisioning blocked</td></tr>
<tr><td><code>2026-03-17T07:02:56+00:00</code></td><td><code>browser-replay-after-attack</code></td><td><code>skipped</code></td><td>proof browser capture unavailable</td></tr>
<tr><td><code>2026-03-17T07:02:56+00:00</code></td><td><code>collect-logs-and-evidence</code></td><td><code>skipped</code></td><td>container_logs=0</td></tr>
<tr><td><code>2026-03-17T07:02:56+00:00</code></td><td><code>update-registry-and-reports</code></td><td><code>completed</code></td><td>gitea-livecheck-20260316</td></tr>
</tbody></table>
<h2>Attack Steps</h2>
<table><thead><tr><th>Tool</th><th>Status</th><th>Output</th></tr></thead><tbody>
<tr><td><code>-</code></td><td><code>skipped</code></td><td><code>no attack steps</code></td></tr>
</tbody></table>
<h2>Evidence</h2><ul>
<li><code>compose/compose.yaml</code></li>
</ul>
</body></html>

55
06-case-studies/generated-runs/gitea-livecheck-20260316/report.md 普通文件
查看文件

@@ -0,0 +1,55 @@
# Run gitea-livecheck-20260316
> `LAB ONLY` | `AUTHORIZED TARGETS ONLY` | 自动生成 run bundle
- Advisory: `gitea--CVE-2025-68939`
- 系统: `gitea`
- Repro Profile: `file-upload-generic`
- 实证状态: `blocked-artifact`
- 实证方式: `real`
- Artifact 模式: `official-image`
- 启动时间: `2026-03-17T07:02:55+00:00`
- 完成时间: `2026-03-17T07:02:56+00:00`
- 阻塞原因: `unable to get image 'gitea/gitea:1.22.6': Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running?`
- Compose 服务: `app`
## 运行时间线
- Mermaid: [timeline.mmd](/Users/x/websafe/06-case-studies/generated-runs/gitea-livecheck-20260316/timeline.mmd)
| 时间 | 步骤 | 状态 | 说明 |
|------|------|------|------|
| `2026-03-17T07:02:55+00:00` | `select-advisory` | `completed` | gitea--CVE-2025-68939 |
| `2026-03-17T07:02:55+00:00` | `resolve-repro-profile` | `completed` | file-upload-generic |
| `2026-03-17T07:02:56+00:00` | `provision-compose-environment` | `blocked-artifact` | unable to get image 'gitea/gitea:1.22.6': Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running? |
| `2026-03-17T07:02:56+00:00` | `baseline-snapshot` | `skipped` | no baseline urls or provisioning blocked |
| `2026-03-17T07:02:56+00:00` | `browser-replay-before-attack` | `skipped` | baseline browser capture unavailable |
| `2026-03-17T07:02:56+00:00` | `controlled-attack-chain` | `skipped` | provisioning blocked |
| `2026-03-17T07:02:56+00:00` | `browser-replay-after-attack` | `skipped` | proof browser capture unavailable |
| `2026-03-17T07:02:56+00:00` | `collect-logs-and-evidence` | `skipped` | container_logs=0 |
| `2026-03-17T07:02:56+00:00` | `update-registry-and-reports` | `completed` | gitea-livecheck-20260316 |
## Compose 拓扑
- Compose 文件: `/Users/x/websafe/06-case-studies/generated-runs/gitea-livecheck-20260316/compose/compose.yaml`
- 服务列表: `app`
## 攻击步骤
| 工具/步骤 | 状态 | 结果 |
|-----------|------|------|
| `-` | `skipped` | `no attack steps` |
## 证据摘要
- Baseline: `0`
- 攻击步骤: `0`
- 浏览器证据: `0`
- 容器日志: `0`
- 请求日志: `0`
## 最小化验证说明
- 仅限自有资产、本地靶场或已授权实验目标。
- 默认执行 minimal-proof;不会把破坏性或不可回滚动作作为默认路径。
- 若浏览器证据缺失,前端类案例不会被标为 `verified-*`

95
06-case-studies/generated-runs/gitea-livecheck-20260316/run.json 普通文件
查看文件

@@ -0,0 +1,95 @@
{
"run_id": "gitea-livecheck-20260316",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2025-68939",
"repro_profile_id": "file-upload-generic",
"verification_status": "blocked-artifact",
"verification_mode": "real",
"artifact_mode": "official-image",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [],
"attack_steps": [],
"browser_refs": [],
"browser_evidence": {
"required": true,
"present": false,
"refs": [],
"baseline_refs": [],
"proof_refs": [],
"baseline_title": null,
"proof_title": null
},
"container_log_refs": [],
"request_log_refs": [],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-livecheck-20260316/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-17T07:02:55+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2025-68939"
},
{
"at": "2026-03-17T07:02:55+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "file-upload-generic"
},
{
"at": "2026-03-17T07:02:56+00:00",
"step": "provision-compose-environment",
"status": "blocked-artifact",
"detail": "unable to get image 'gitea/gitea:1.22.6': Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running?"
},
{
"at": "2026-03-17T07:02:56+00:00",
"step": "baseline-snapshot",
"status": "skipped",
"detail": "no baseline urls or provisioning blocked"
},
{
"at": "2026-03-17T07:02:56+00:00",
"step": "browser-replay-before-attack",
"status": "skipped",
"detail": "baseline browser capture unavailable"
},
{
"at": "2026-03-17T07:02:56+00:00",
"step": "controlled-attack-chain",
"status": "skipped",
"detail": "provisioning blocked"
},
{
"at": "2026-03-17T07:02:56+00:00",
"step": "browser-replay-after-attack",
"status": "skipped",
"detail": "proof browser capture unavailable"
},
{
"at": "2026-03-17T07:02:56+00:00",
"step": "collect-logs-and-evidence",
"status": "skipped",
"detail": "container_logs=0"
},
{
"at": "2026-03-17T07:02:56+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-livecheck-20260316"
}
],
"started_at": "2026-03-17T07:02:55+00:00",
"finished_at": "2026-03-17T07:02:56+00:00",
"blocked_reason": "unable to get image 'gitea/gitea:1.22.6': Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running?",
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-livecheck-20260316",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-livecheck-20260316/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-livecheck-20260316/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-livecheck-20260316/timeline.mmd"
}
}

9
06-case-studies/generated-runs/gitea-livecheck-20260316/timeline.mmd 普通文件
查看文件

@@ -0,0 +1,9 @@
flowchart LR
A["Select Advisory"] --> B["Resolve Repro Profile"]
B --> C["Provision Compose Environment"]
C --> D["Baseline Snapshot"]
D --> E["Controlled Attack Steps"]
E --> F["Browser Replay"]
F --> G["Collect Logs and Evidence"]
G --> H["Update Registry and Reports"]
H --> I["Blocked: unable to get image 'gitea/gitea:1.22.6': Cannot connect to "]