更新: 421 个文件 - 2026-03-17 18:30:02

08-threat-intel/repro-profiles/system-family/nextjs-deserialization.yaml

@@ -0,0 +1,62 @@
+profile_id: nextjs-deserialization
+system_id: nextjs
+match_rules:
+  keywords:
+    - deserialization
+    - serialization
+vuln_family: deserialization
+provisioning_mode: real
+verification_mode: real
+artifact_mode: local-fixture
+artifact_source:
+  strategy: local-minimal-fixture
+runner_id: nextjs.deserialization
+fixture_path: /Users/x/websafe/00-environments/templates/fixtures/nextjs/deserialization
+required_services:
+  - app
+seed_actions:
+  - kind: note
+    message: Seed inert decode path before proof request.
+baseline_actions:
+  - kind: http-get
+    path: /
+attack_actions:
+  - kind: note
+    message: Runner demonstrates unsafe decode path without gadget execution.
+browser_assertions:
+  required: false
+success_criteria:
+  - Inert decoded object marker is present without executing a gadget chain.
+success_assertions:
+  - name: baseline-ok
+    type: baseline-ok
+  - name: runner-success
+    type: runner-success
+services:
+  app:
+    image: node:22-alpine
+    working_dir: /workspace
+    command:
+      - node
+      - /workspace/00-environments/templates/fixtures/shared/node_fixture.mjs
+    environment:
+      LAB_FIXTURE_SCENARIO: /workspace/00-environments/templates/fixtures/nextjs/deserialization/scenario.json
+      PORT: "3000"
+    ports:
+      - 18205:3000
+    volumes:
+      - /Users/x/websafe:/workspace:ro
+    healthcheck:
+      test:
+        - CMD-SHELL
+        - wget -q -O - http://127.0.0.1:3000/healthz >/dev/null 2>&1 || exit 1
+      interval: 2s
+      timeout: 2s
+      retries: 20
+baseline_urls:
+  - http://127.0.0.1:18205/
+ready_timeout_seconds: 45
+cleanup_policy: destroy
+destructive_risk: low
+allowed_target_types:
+  - lab-local