33 行
859 B
YAML
33 行
859 B
YAML
profile_id: plugin-extension-generic
|
|
match_rules:
|
|
keywords:
|
|
- plugin
|
|
- module
|
|
- extension
|
|
- theme
|
|
vuln_family: plugin-extension
|
|
provisioning_mode: synthetic
|
|
artifact_source:
|
|
strategy: ecosystem-package-or-synthetic
|
|
required_services:
|
|
- app
|
|
seed_actions:
|
|
- kind: note
|
|
message: Prefer historical plugin/module package; fall back to synthetic isolated reproduction when unavailable.
|
|
baseline_actions:
|
|
- kind: http-get
|
|
path: /
|
|
attack_actions:
|
|
- kind: note
|
|
message: Validate trust-boundary or input-handling weakness using isolated extension package only.
|
|
browser_assertions:
|
|
required: true
|
|
success_criteria:
|
|
- Extension-specific attack path is demonstrated or blocked with artifact evidence.
|
|
cleanup_policy: destroy
|
|
destructive_risk: medium
|
|
allowed_target_types:
|
|
- lab-local
|
|
- lab-public
|
|
- authorized-third-party
|