更新: 359 个文件 - 2026-03-16 23:30:01

08-threat-intel/repro-profiles/family-generic/plugin-extension-generic.yaml

@@ -0,0 +1,32 @@
+profile_id: plugin-extension-generic
+match_rules:
+  keywords:
+    - plugin
+    - module
+    - extension
+    - theme
+vuln_family: plugin-extension
+provisioning_mode: synthetic
+artifact_source:
+  strategy: ecosystem-package-or-synthetic
+required_services:
+  - app
+seed_actions:
+  - kind: note
+    message: Prefer historical plugin/module package; fall back to synthetic isolated reproduction when unavailable.
+baseline_actions:
+  - kind: http-get
+    path: /
+attack_actions:
+  - kind: note
+    message: Validate trust-boundary or input-handling weakness using isolated extension package only.
+browser_assertions:
+  required: true
+success_criteria:
+  - Extension-specific attack path is demonstrated or blocked with artifact evidence.
+cleanup_policy: destroy
+destructive_risk: medium
+allowed_target_types:
+  - lab-local
+  - lab-public
+  - authorized-third-party