kb: expand authorized lab coverage and intel automation

2026-03-16 22:04:51 -07:00
--- a/07-framework-security/ecommerce/adobe-commerce/README.md
+++ b/07-framework-security/ecommerce/adobe-commerce/README.md
@@ -0,0 +1,16 @@
+# Adobe Commerce
+
+> `LAB ONLY` | `AUTHORIZED TARGETS ONLY`
+
+- 分类: `ecommerce`
+- 覆盖层级: `history-full`
+- Advisory 模式: core, extension
+- 输出目录: `07-framework-security/ecommerce/adobe-commerce`
+- 修复主题: authz-server-side-recheck, file-upload-validation, xss-output-encoding, plugin-extension-trust-policy
+- 适用目标类型: `lab-local, lab-public, authorized-third-party`
+- 是否允许公网验证: `yes, but only for owned or authorized targets`
+- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
+- 禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作
+
+- 自动索引: [INDEX.md](/Users/x/websafe/07-framework-security/ecommerce/adobe-commerce/INDEX.md)
+- Registry 统计: [adobe-commerce.json](/Users/x/websafe/08-threat-intel/registry/systems/adobe-commerce.json)