websafe-kb/08-threat-intel/repro-profiles/system-family/gitea-authz-bypass.yaml

profile_id: gitea-authz-bypass
system_id: gitea
match_rules:
  keywords:
    - authorization bypass
    - access control
vuln_family: authz-bypass
provisioning_mode: real
verification_mode: real
artifact_mode: local-fixture
artifact_source:
  strategy: local-minimal-fixture
runner_id: gitea.authz-bypass
fixture_path: /Users/x/websafe/00-environments/templates/fixtures/gitea/authz-bypass
required_services:
  - app
seed_actions:
  - kind: note
    message: Seed low-privilege and admin boundary fixture state.
baseline_actions:
  - kind: http-get
    path: /
attack_actions:
  - kind: note
    message: Runner verifies guest-to-admin bypass only inside fixture route.
browser_assertions:
  required: false
success_criteria:
  - Controlled guest request reaches the protected admin route inside the fixture.
success_assertions:
  - name: baseline-ok
    type: baseline-ok
  - name: runner-success
    type: runner-success
services:
  app:
    image: python:3.12-alpine
    working_dir: /workspace
    command:
      - python
      - /workspace/00-environments/templates/fixtures/shared/python_fixture.py
    environment:
      LAB_FIXTURE_SCENARIO: /workspace/00-environments/templates/fixtures/gitea/authz-bypass/scenario.json
      PORT: "3000"
    ports:
      - 18103:3000
    volumes:
      - /Users/x/websafe:/workspace:ro
    healthcheck:
      test:
        - CMD-SHELL
        - wget -q -O - http://127.0.0.1:3000/healthz >/dev/null 2>&1 || exit 1
      interval: 2s
      timeout: 2s
      retries: 20
baseline_urls:
  - http://127.0.0.1:18103/
ready_timeout_seconds: 45
cleanup_policy: destroy
destructive_risk: low
allowed_target_types:
  - lab-local