63 行
1.6 KiB
YAML
63 行
1.6 KiB
YAML
profile_id: nextjs-authz-bypass
|
|
system_id: nextjs
|
|
match_rules:
|
|
keywords:
|
|
- authorization bypass
|
|
- access control
|
|
vuln_family: authz-bypass
|
|
provisioning_mode: real
|
|
verification_mode: real
|
|
artifact_mode: local-fixture
|
|
artifact_source:
|
|
strategy: local-minimal-fixture
|
|
runner_id: nextjs.authz-bypass
|
|
fixture_path: /Users/x/websafe/00-environments/templates/fixtures/nextjs/authz-bypass
|
|
required_services:
|
|
- app
|
|
seed_actions:
|
|
- kind: note
|
|
message: Seed guest/admin route fixture for server-side recheck.
|
|
baseline_actions:
|
|
- kind: http-get
|
|
path: /
|
|
attack_actions:
|
|
- kind: note
|
|
message: Runner performs local authz bypass proof only.
|
|
browser_assertions:
|
|
required: false
|
|
success_criteria:
|
|
- Protected route is reachable only after the controlled bypass proof step.
|
|
success_assertions:
|
|
- name: baseline-ok
|
|
type: baseline-ok
|
|
- name: runner-success
|
|
type: runner-success
|
|
services:
|
|
app:
|
|
image: node:22-alpine
|
|
working_dir: /workspace
|
|
command:
|
|
- node
|
|
- /workspace/00-environments/templates/fixtures/shared/node_fixture.mjs
|
|
environment:
|
|
LAB_FIXTURE_SCENARIO: /workspace/00-environments/templates/fixtures/nextjs/authz-bypass/scenario.json
|
|
PORT: "3000"
|
|
ports:
|
|
- 18202:3000
|
|
volumes:
|
|
- /Users/x/websafe:/workspace:ro
|
|
healthcheck:
|
|
test:
|
|
- CMD-SHELL
|
|
- wget -q -O - http://127.0.0.1:3000/healthz >/dev/null 2>&1 || exit 1
|
|
interval: 2s
|
|
timeout: 2s
|
|
retries: 20
|
|
baseline_urls:
|
|
- http://127.0.0.1:18202/
|
|
ready_timeout_seconds: 45
|
|
cleanup_policy: destroy
|
|
destructive_risk: low
|
|
allowed_target_types:
|
|
- lab-local
|