更新: 421 个文件 - 2026-03-17 18:30:02

2026-03-17 18:30:02 -07:00
--- a/00-environments/templates/fixtures/nextjs/authz-bypass/scenario.json
+++ b/00-environments/templates/fixtures/nextjs/authz-bypass/scenario.json
@@ -0,0 +1,2 @@
+{"system_id":"nextjs","family":"authz-bypass","title":"Next.js Authz Bypass Fixture","subtitle":"Protected route fixture with explicit bypass proof.","browser_required":false}
+
--- a/00-environments/templates/fixtures/nextjs/deserialization/scenario.json
+++ b/00-environments/templates/fixtures/nextjs/deserialization/scenario.json
@@ -0,0 +1,2 @@
+{"system_id":"nextjs","family":"deserialization","title":"Next.js Deserialization Fixture","subtitle":"Unsafe decode path with inert marker object.","browser_required":false}
+
--- a/00-environments/templates/fixtures/nextjs/proxy-boundary/scenario.json
+++ b/00-environments/templates/fixtures/nextjs/proxy-boundary/scenario.json
@@ -0,0 +1,2 @@
+{"system_id":"nextjs","family":"proxy-boundary","title":"Next.js Proxy Boundary Fixture","subtitle":"Middleware trust-boundary fixture with forwarded-header proof.","browser_required":true}
+
--- a/00-environments/templates/fixtures/nextjs/ssrf/scenario.json
+++ b/00-environments/templates/fixtures/nextjs/ssrf/scenario.json
@@ -0,0 +1,2 @@
+{"system_id":"nextjs","family":"ssrf","title":"Next.js SSRF Fixture","subtitle":"Server-side fetch route restricted to local sink validation.","browser_required":false}
+
--- a/00-environments/templates/fixtures/nextjs/xss/scenario.json
+++ b/00-environments/templates/fixtures/nextjs/xss/scenario.json
@@ -0,0 +1,2 @@
+{"system_id":"nextjs","family":"xss","title":"Next.js XSS Fixture","subtitle":"Browser proof page for stored payload rendering.","browser_required":true}
+
				`@@ -0,0 +1,2 @@`
				`{"system_id":"nextjs","family":"authz-bypass","title":"Next.js Authz Bypass Fixture","subtitle":"Protected route fixture with explicit bypass proof.","browser_required":false}`
				`@@ -0,0 +1,2 @@`
				`{"system_id":"nextjs","family":"deserialization","title":"Next.js Deserialization Fixture","subtitle":"Unsafe decode path with inert marker object.","browser_required":false}`
				`@@ -0,0 +1,2 @@`
				`{"system_id":"nextjs","family":"proxy-boundary","title":"Next.js Proxy Boundary Fixture","subtitle":"Middleware trust-boundary fixture with forwarded-header proof.","browser_required":true}`
				`@@ -0,0 +1,2 @@`
				`{"system_id":"nextjs","family":"ssrf","title":"Next.js SSRF Fixture","subtitle":"Server-side fetch route restricted to local sink validation.","browser_required":false}`
				`@@ -0,0 +1,2 @@`
				`{"system_id":"nextjs","family":"xss","title":"Next.js XSS Fixture","subtitle":"Browser proof page for stored payload rendering.","browser_required":true}`