hao/websafe-kb
1
0
派生 0
代码 工单 合并请求 1 工作流 软件包 项目 发布 百科 活动
文件
dc31e6e80f2e37dced2f21c368bb4d79acabbf77
websafe-kb/08-threat-intel/generated/dashboard/runs.json

40351 行
1.5 MiB
原始文件 Blame 文件历史

[
{
"run_id": "vite-vite--CVE-2025-62522-20260318040559",
"system_id": "vite",
"advisory_id": "vite--CVE-2025-62522",
"repro_profile_id": "vite-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "vite.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/proof-page.json"
],
"baseline_title": "Vite Proxy Boundary Fixture",
"proof_title": "Vite Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T04:05:59+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "vite--CVE-2025-62522"
},
{
"at": "2026-03-18T04:05:59+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "vite-proxy-boundary"
},
{
"at": "2026-03-18T04:05:59+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T04:06:02+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T04:06:02+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T04:06:02+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T04:06:02+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T04:06:03+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T04:06:03+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T04:06:04+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T04:06:04+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T04:06:05+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T04:06:05+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "vite-vite--CVE-2025-62522-20260318040559"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T04:05:59+00:00",
"finished_at": "2026-03-18T04:06:05+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-62522-20260318040559/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/vite-vite--CVE-2025-62522-20260318040559/report.html",
"report_md": "/runs/vite-vite--CVE-2025-62522-20260318040559/report.md",
"timeline": "/runs/vite-vite--CVE-2025-62522-20260318040559/timeline.mmd",
"bundle": "/runs/vite-vite--CVE-2025-62522-20260318040559/run.json"
},
"browser_links": [
"/runs/vite-vite--CVE-2025-62522-20260318040559/assets/baseline.png",
"/runs/vite-vite--CVE-2025-62522-20260318040559/assets/baseline-dom.html",
"/runs/vite-vite--CVE-2025-62522-20260318040559/logs/baseline-console.json",
"/runs/vite-vite--CVE-2025-62522-20260318040559/logs/baseline-network.json",
"/runs/vite-vite--CVE-2025-62522-20260318040559/logs/baseline-page.json",
"/runs/vite-vite--CVE-2025-62522-20260318040559/assets/proof.png",
"/runs/vite-vite--CVE-2025-62522-20260318040559/assets/proof-dom.html",
"/runs/vite-vite--CVE-2025-62522-20260318040559/logs/proof-console.json",
"/runs/vite-vite--CVE-2025-62522-20260318040559/logs/proof-network.json",
"/runs/vite-vite--CVE-2025-62522-20260318040559/logs/proof-page.json"
],
"container_links": [
"/runs/vite-vite--CVE-2025-62522-20260318040559/logs/docker/app.log"
],
"request_links": [
"/runs/vite-vite--CVE-2025-62522-20260318040559/logs/attack.json",
"/runs/vite-vite--CVE-2025-62522-20260318040559/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "vite-proxy-boundary",
"vuln_family": "proxy-boundary",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Proxy boundary proof banner is visible in the captured browser evidence."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed proxy boundary fixture with baseline banner."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner proves forwarded proxy boundary state change locally."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "vite.proxy-boundary",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/vite/proxy-boundary",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed proxy boundary fixture with baseline banner.",
"Runner proves forwarded proxy boundary state change locally.",
"Proxy boundary proof banner is visible in the captured browser evidence."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/vite-vite--CVE-2025-62522-20260318040559/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-62522-20260318040559/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-62522-20260318040559/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-62522-20260318040559/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/vite-vite--CVE-2025-62522-20260318040559/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/vite-vite--CVE-2025-62522-20260318040559/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/vite-vite--CVE-2025-62522-20260318040559/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/vite-vite--CVE-2025-62522-20260318040559/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/vite-vite--CVE-2025-62522-20260318040559/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-62522-20260318040559/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-62522-20260318040559/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-62522-20260318040559/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-62522-20260318040559/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/vite-vite--CVE-2025-62522-20260318040559/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-62522-20260318040559/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-62522-20260318040559/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-62522-20260318040559/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/vite-vite--CVE-2025-62522-20260318040559/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/vite-vite--CVE-2025-62522-20260318040559/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "vite-vite--CVE-2025-58752-20260318040552",
"system_id": "vite",
"advisory_id": "vite--CVE-2025-58752",
"repro_profile_id": "vite-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "vite.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/proof-page.json"
],
"baseline_title": "Vite Proxy Boundary Fixture",
"proof_title": "Vite Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T04:05:52+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "vite--CVE-2025-58752"
},
{
"at": "2026-03-18T04:05:52+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "vite-proxy-boundary"
},
{
"at": "2026-03-18T04:05:53+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T04:05:55+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T04:05:55+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T04:05:55+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T04:05:55+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T04:05:56+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T04:05:56+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T04:05:57+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T04:05:57+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T04:05:59+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T04:05:59+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "vite-vite--CVE-2025-58752-20260318040552"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T04:05:52+00:00",
"finished_at": "2026-03-18T04:05:59+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58752-20260318040552/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/vite-vite--CVE-2025-58752-20260318040552/report.html",
"report_md": "/runs/vite-vite--CVE-2025-58752-20260318040552/report.md",
"timeline": "/runs/vite-vite--CVE-2025-58752-20260318040552/timeline.mmd",
"bundle": "/runs/vite-vite--CVE-2025-58752-20260318040552/run.json"
},
"browser_links": [
"/runs/vite-vite--CVE-2025-58752-20260318040552/assets/baseline.png",
"/runs/vite-vite--CVE-2025-58752-20260318040552/assets/baseline-dom.html",
"/runs/vite-vite--CVE-2025-58752-20260318040552/logs/baseline-console.json",
"/runs/vite-vite--CVE-2025-58752-20260318040552/logs/baseline-network.json",
"/runs/vite-vite--CVE-2025-58752-20260318040552/logs/baseline-page.json",
"/runs/vite-vite--CVE-2025-58752-20260318040552/assets/proof.png",
"/runs/vite-vite--CVE-2025-58752-20260318040552/assets/proof-dom.html",
"/runs/vite-vite--CVE-2025-58752-20260318040552/logs/proof-console.json",
"/runs/vite-vite--CVE-2025-58752-20260318040552/logs/proof-network.json",
"/runs/vite-vite--CVE-2025-58752-20260318040552/logs/proof-page.json"
],
"container_links": [
"/runs/vite-vite--CVE-2025-58752-20260318040552/logs/docker/app.log"
],
"request_links": [
"/runs/vite-vite--CVE-2025-58752-20260318040552/logs/attack.json",
"/runs/vite-vite--CVE-2025-58752-20260318040552/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "vite-proxy-boundary",
"vuln_family": "proxy-boundary",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Proxy boundary proof banner is visible in the captured browser evidence."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed proxy boundary fixture with baseline banner."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner proves forwarded proxy boundary state change locally."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "vite.proxy-boundary",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/vite/proxy-boundary",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed proxy boundary fixture with baseline banner.",
"Runner proves forwarded proxy boundary state change locally.",
"Proxy boundary proof banner is visible in the captured browser evidence."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/vite-vite--CVE-2025-58752-20260318040552/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-58752-20260318040552/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-58752-20260318040552/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-58752-20260318040552/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/vite-vite--CVE-2025-58752-20260318040552/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/vite-vite--CVE-2025-58752-20260318040552/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/vite-vite--CVE-2025-58752-20260318040552/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/vite-vite--CVE-2025-58752-20260318040552/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/vite-vite--CVE-2025-58752-20260318040552/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-58752-20260318040552/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-58752-20260318040552/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-58752-20260318040552/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-58752-20260318040552/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/vite-vite--CVE-2025-58752-20260318040552/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-58752-20260318040552/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-58752-20260318040552/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-58752-20260318040552/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/vite-vite--CVE-2025-58752-20260318040552/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/vite-vite--CVE-2025-58752-20260318040552/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "vite-vite--CVE-2025-58751-20260318040545",
"system_id": "vite",
"advisory_id": "vite--CVE-2025-58751",
"repro_profile_id": "vite-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "vite.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/proof-page.json"
],
"baseline_title": "Vite Proxy Boundary Fixture",
"proof_title": "Vite Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T04:05:45+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "vite--CVE-2025-58751"
},
{
"at": "2026-03-18T04:05:45+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "vite-proxy-boundary"
},
{
"at": "2026-03-18T04:05:46+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T04:05:49+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T04:05:49+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T04:05:49+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T04:05:49+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T04:05:50+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T04:05:50+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T04:05:51+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T04:05:51+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T04:05:52+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T04:05:52+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "vite-vite--CVE-2025-58751-20260318040545"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T04:05:45+00:00",
"finished_at": "2026-03-18T04:05:52+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-58751-20260318040545/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/vite-vite--CVE-2025-58751-20260318040545/report.html",
"report_md": "/runs/vite-vite--CVE-2025-58751-20260318040545/report.md",
"timeline": "/runs/vite-vite--CVE-2025-58751-20260318040545/timeline.mmd",
"bundle": "/runs/vite-vite--CVE-2025-58751-20260318040545/run.json"
},
"browser_links": [
"/runs/vite-vite--CVE-2025-58751-20260318040545/assets/baseline.png",
"/runs/vite-vite--CVE-2025-58751-20260318040545/assets/baseline-dom.html",
"/runs/vite-vite--CVE-2025-58751-20260318040545/logs/baseline-console.json",
"/runs/vite-vite--CVE-2025-58751-20260318040545/logs/baseline-network.json",
"/runs/vite-vite--CVE-2025-58751-20260318040545/logs/baseline-page.json",
"/runs/vite-vite--CVE-2025-58751-20260318040545/assets/proof.png",
"/runs/vite-vite--CVE-2025-58751-20260318040545/assets/proof-dom.html",
"/runs/vite-vite--CVE-2025-58751-20260318040545/logs/proof-console.json",
"/runs/vite-vite--CVE-2025-58751-20260318040545/logs/proof-network.json",
"/runs/vite-vite--CVE-2025-58751-20260318040545/logs/proof-page.json"
],
"container_links": [
"/runs/vite-vite--CVE-2025-58751-20260318040545/logs/docker/app.log"
],
"request_links": [
"/runs/vite-vite--CVE-2025-58751-20260318040545/logs/attack.json",
"/runs/vite-vite--CVE-2025-58751-20260318040545/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "vite-proxy-boundary",
"vuln_family": "proxy-boundary",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Proxy boundary proof banner is visible in the captured browser evidence."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed proxy boundary fixture with baseline banner."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner proves forwarded proxy boundary state change locally."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "vite.proxy-boundary",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/vite/proxy-boundary",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed proxy boundary fixture with baseline banner.",
"Runner proves forwarded proxy boundary state change locally.",
"Proxy boundary proof banner is visible in the captured browser evidence."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/vite-vite--CVE-2025-58751-20260318040545/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-58751-20260318040545/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-58751-20260318040545/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-58751-20260318040545/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/vite-vite--CVE-2025-58751-20260318040545/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/vite-vite--CVE-2025-58751-20260318040545/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/vite-vite--CVE-2025-58751-20260318040545/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/vite-vite--CVE-2025-58751-20260318040545/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/vite-vite--CVE-2025-58751-20260318040545/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-58751-20260318040545/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-58751-20260318040545/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-58751-20260318040545/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-58751-20260318040545/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/vite-vite--CVE-2025-58751-20260318040545/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-58751-20260318040545/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-58751-20260318040545/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-58751-20260318040545/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/vite-vite--CVE-2025-58751-20260318040545/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/vite-vite--CVE-2025-58751-20260318040545/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "vite-vite--CVE-2025-46565-20260318040538",
"system_id": "vite",
"advisory_id": "vite--CVE-2025-46565",
"repro_profile_id": "vite-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "vite.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/proof-page.json"
],
"baseline_title": "Vite Proxy Boundary Fixture",
"proof_title": "Vite Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T04:05:38+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "vite--CVE-2025-46565"
},
{
"at": "2026-03-18T04:05:38+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "vite-proxy-boundary"
},
{
"at": "2026-03-18T04:05:39+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T04:05:41+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T04:05:41+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T04:05:41+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T04:05:41+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T04:05:42+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T04:05:42+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T04:05:43+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T04:05:43+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T04:05:45+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T04:05:45+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "vite-vite--CVE-2025-46565-20260318040538"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T04:05:38+00:00",
"finished_at": "2026-03-18T04:05:45+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-46565-20260318040538/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/vite-vite--CVE-2025-46565-20260318040538/report.html",
"report_md": "/runs/vite-vite--CVE-2025-46565-20260318040538/report.md",
"timeline": "/runs/vite-vite--CVE-2025-46565-20260318040538/timeline.mmd",
"bundle": "/runs/vite-vite--CVE-2025-46565-20260318040538/run.json"
},
"browser_links": [
"/runs/vite-vite--CVE-2025-46565-20260318040538/assets/baseline.png",
"/runs/vite-vite--CVE-2025-46565-20260318040538/assets/baseline-dom.html",
"/runs/vite-vite--CVE-2025-46565-20260318040538/logs/baseline-console.json",
"/runs/vite-vite--CVE-2025-46565-20260318040538/logs/baseline-network.json",
"/runs/vite-vite--CVE-2025-46565-20260318040538/logs/baseline-page.json",
"/runs/vite-vite--CVE-2025-46565-20260318040538/assets/proof.png",
"/runs/vite-vite--CVE-2025-46565-20260318040538/assets/proof-dom.html",
"/runs/vite-vite--CVE-2025-46565-20260318040538/logs/proof-console.json",
"/runs/vite-vite--CVE-2025-46565-20260318040538/logs/proof-network.json",
"/runs/vite-vite--CVE-2025-46565-20260318040538/logs/proof-page.json"
],
"container_links": [
"/runs/vite-vite--CVE-2025-46565-20260318040538/logs/docker/app.log"
],
"request_links": [
"/runs/vite-vite--CVE-2025-46565-20260318040538/logs/attack.json",
"/runs/vite-vite--CVE-2025-46565-20260318040538/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "vite-proxy-boundary",
"vuln_family": "proxy-boundary",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Proxy boundary proof banner is visible in the captured browser evidence."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed proxy boundary fixture with baseline banner."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner proves forwarded proxy boundary state change locally."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "vite.proxy-boundary",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/vite/proxy-boundary",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed proxy boundary fixture with baseline banner.",
"Runner proves forwarded proxy boundary state change locally.",
"Proxy boundary proof banner is visible in the captured browser evidence."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/vite-vite--CVE-2025-46565-20260318040538/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-46565-20260318040538/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-46565-20260318040538/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-46565-20260318040538/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/vite-vite--CVE-2025-46565-20260318040538/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/vite-vite--CVE-2025-46565-20260318040538/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/vite-vite--CVE-2025-46565-20260318040538/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/vite-vite--CVE-2025-46565-20260318040538/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/vite-vite--CVE-2025-46565-20260318040538/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-46565-20260318040538/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-46565-20260318040538/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-46565-20260318040538/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-46565-20260318040538/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/vite-vite--CVE-2025-46565-20260318040538/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-46565-20260318040538/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-46565-20260318040538/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-46565-20260318040538/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/vite-vite--CVE-2025-46565-20260318040538/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/vite-vite--CVE-2025-46565-20260318040538/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "vite-vite--CVE-2025-32395-20260318040532",
"system_id": "vite",
"advisory_id": "vite--CVE-2025-32395",
"repro_profile_id": "vite-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "vite.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/proof-page.json"
],
"baseline_title": "Vite Proxy Boundary Fixture",
"proof_title": "Vite Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T04:05:32+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "vite--CVE-2025-32395"
},
{
"at": "2026-03-18T04:05:32+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "vite-proxy-boundary"
},
{
"at": "2026-03-18T04:05:32+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T04:05:35+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T04:05:35+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T04:05:35+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T04:05:35+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T04:05:36+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T04:05:36+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T04:05:37+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T04:05:37+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T04:05:38+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T04:05:38+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "vite-vite--CVE-2025-32395-20260318040532"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T04:05:32+00:00",
"finished_at": "2026-03-18T04:05:38+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-32395-20260318040532/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/vite-vite--CVE-2025-32395-20260318040532/report.html",
"report_md": "/runs/vite-vite--CVE-2025-32395-20260318040532/report.md",
"timeline": "/runs/vite-vite--CVE-2025-32395-20260318040532/timeline.mmd",
"bundle": "/runs/vite-vite--CVE-2025-32395-20260318040532/run.json"
},
"browser_links": [
"/runs/vite-vite--CVE-2025-32395-20260318040532/assets/baseline.png",
"/runs/vite-vite--CVE-2025-32395-20260318040532/assets/baseline-dom.html",
"/runs/vite-vite--CVE-2025-32395-20260318040532/logs/baseline-console.json",
"/runs/vite-vite--CVE-2025-32395-20260318040532/logs/baseline-network.json",
"/runs/vite-vite--CVE-2025-32395-20260318040532/logs/baseline-page.json",
"/runs/vite-vite--CVE-2025-32395-20260318040532/assets/proof.png",
"/runs/vite-vite--CVE-2025-32395-20260318040532/assets/proof-dom.html",
"/runs/vite-vite--CVE-2025-32395-20260318040532/logs/proof-console.json",
"/runs/vite-vite--CVE-2025-32395-20260318040532/logs/proof-network.json",
"/runs/vite-vite--CVE-2025-32395-20260318040532/logs/proof-page.json"
],
"container_links": [
"/runs/vite-vite--CVE-2025-32395-20260318040532/logs/docker/app.log"
],
"request_links": [
"/runs/vite-vite--CVE-2025-32395-20260318040532/logs/attack.json",
"/runs/vite-vite--CVE-2025-32395-20260318040532/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "vite-proxy-boundary",
"vuln_family": "proxy-boundary",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Proxy boundary proof banner is visible in the captured browser evidence."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed proxy boundary fixture with baseline banner."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner proves forwarded proxy boundary state change locally."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "vite.proxy-boundary",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/vite/proxy-boundary",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed proxy boundary fixture with baseline banner.",
"Runner proves forwarded proxy boundary state change locally.",
"Proxy boundary proof banner is visible in the captured browser evidence."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/vite-vite--CVE-2025-32395-20260318040532/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-32395-20260318040532/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-32395-20260318040532/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-32395-20260318040532/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/vite-vite--CVE-2025-32395-20260318040532/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/vite-vite--CVE-2025-32395-20260318040532/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/vite-vite--CVE-2025-32395-20260318040532/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/vite-vite--CVE-2025-32395-20260318040532/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/vite-vite--CVE-2025-32395-20260318040532/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-32395-20260318040532/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-32395-20260318040532/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-32395-20260318040532/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-32395-20260318040532/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/vite-vite--CVE-2025-32395-20260318040532/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-32395-20260318040532/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-32395-20260318040532/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-32395-20260318040532/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/vite-vite--CVE-2025-32395-20260318040532/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/vite-vite--CVE-2025-32395-20260318040532/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "vite-vite--CVE-2025-31486-20260318040525",
"system_id": "vite",
"advisory_id": "vite--CVE-2025-31486",
"repro_profile_id": "vite-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "vite.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/proof-page.json"
],
"baseline_title": "Vite Proxy Boundary Fixture",
"proof_title": "Vite Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T04:05:25+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "vite--CVE-2025-31486"
},
{
"at": "2026-03-18T04:05:25+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "vite-proxy-boundary"
},
{
"at": "2026-03-18T04:05:25+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T04:05:28+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T04:05:28+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T04:05:28+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T04:05:28+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T04:05:29+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T04:05:29+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T04:05:30+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T04:05:30+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T04:05:32+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T04:05:32+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "vite-vite--CVE-2025-31486-20260318040525"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T04:05:25+00:00",
"finished_at": "2026-03-18T04:05:32+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31486-20260318040525/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/vite-vite--CVE-2025-31486-20260318040525/report.html",
"report_md": "/runs/vite-vite--CVE-2025-31486-20260318040525/report.md",
"timeline": "/runs/vite-vite--CVE-2025-31486-20260318040525/timeline.mmd",
"bundle": "/runs/vite-vite--CVE-2025-31486-20260318040525/run.json"
},
"browser_links": [
"/runs/vite-vite--CVE-2025-31486-20260318040525/assets/baseline.png",
"/runs/vite-vite--CVE-2025-31486-20260318040525/assets/baseline-dom.html",
"/runs/vite-vite--CVE-2025-31486-20260318040525/logs/baseline-console.json",
"/runs/vite-vite--CVE-2025-31486-20260318040525/logs/baseline-network.json",
"/runs/vite-vite--CVE-2025-31486-20260318040525/logs/baseline-page.json",
"/runs/vite-vite--CVE-2025-31486-20260318040525/assets/proof.png",
"/runs/vite-vite--CVE-2025-31486-20260318040525/assets/proof-dom.html",
"/runs/vite-vite--CVE-2025-31486-20260318040525/logs/proof-console.json",
"/runs/vite-vite--CVE-2025-31486-20260318040525/logs/proof-network.json",
"/runs/vite-vite--CVE-2025-31486-20260318040525/logs/proof-page.json"
],
"container_links": [
"/runs/vite-vite--CVE-2025-31486-20260318040525/logs/docker/app.log"
],
"request_links": [
"/runs/vite-vite--CVE-2025-31486-20260318040525/logs/attack.json",
"/runs/vite-vite--CVE-2025-31486-20260318040525/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "vite-proxy-boundary",
"vuln_family": "proxy-boundary",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Proxy boundary proof banner is visible in the captured browser evidence."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed proxy boundary fixture with baseline banner."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner proves forwarded proxy boundary state change locally."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "vite.proxy-boundary",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/vite/proxy-boundary",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed proxy boundary fixture with baseline banner.",
"Runner proves forwarded proxy boundary state change locally.",
"Proxy boundary proof banner is visible in the captured browser evidence."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/vite-vite--CVE-2025-31486-20260318040525/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-31486-20260318040525/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-31486-20260318040525/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-31486-20260318040525/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/vite-vite--CVE-2025-31486-20260318040525/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/vite-vite--CVE-2025-31486-20260318040525/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/vite-vite--CVE-2025-31486-20260318040525/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/vite-vite--CVE-2025-31486-20260318040525/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/vite-vite--CVE-2025-31486-20260318040525/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-31486-20260318040525/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-31486-20260318040525/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-31486-20260318040525/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-31486-20260318040525/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/vite-vite--CVE-2025-31486-20260318040525/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-31486-20260318040525/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-31486-20260318040525/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-31486-20260318040525/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/vite-vite--CVE-2025-31486-20260318040525/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/vite-vite--CVE-2025-31486-20260318040525/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "vite-vite--CVE-2025-31125-20260318040518",
"system_id": "vite",
"advisory_id": "vite--CVE-2025-31125",
"repro_profile_id": "vite-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "vite.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/proof-page.json"
],
"baseline_title": "Vite Proxy Boundary Fixture",
"proof_title": "Vite Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T04:05:18+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "vite--CVE-2025-31125"
},
{
"at": "2026-03-18T04:05:18+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "vite-proxy-boundary"
},
{
"at": "2026-03-18T04:05:18+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T04:05:21+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T04:05:21+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T04:05:21+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T04:05:21+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T04:05:22+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T04:05:22+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T04:05:23+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T04:05:23+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T04:05:25+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T04:05:25+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "vite-vite--CVE-2025-31125-20260318040518"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T04:05:18+00:00",
"finished_at": "2026-03-18T04:05:25+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-31125-20260318040518/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/vite-vite--CVE-2025-31125-20260318040518/report.html",
"report_md": "/runs/vite-vite--CVE-2025-31125-20260318040518/report.md",
"timeline": "/runs/vite-vite--CVE-2025-31125-20260318040518/timeline.mmd",
"bundle": "/runs/vite-vite--CVE-2025-31125-20260318040518/run.json"
},
"browser_links": [
"/runs/vite-vite--CVE-2025-31125-20260318040518/assets/baseline.png",
"/runs/vite-vite--CVE-2025-31125-20260318040518/assets/baseline-dom.html",
"/runs/vite-vite--CVE-2025-31125-20260318040518/logs/baseline-console.json",
"/runs/vite-vite--CVE-2025-31125-20260318040518/logs/baseline-network.json",
"/runs/vite-vite--CVE-2025-31125-20260318040518/logs/baseline-page.json",
"/runs/vite-vite--CVE-2025-31125-20260318040518/assets/proof.png",
"/runs/vite-vite--CVE-2025-31125-20260318040518/assets/proof-dom.html",
"/runs/vite-vite--CVE-2025-31125-20260318040518/logs/proof-console.json",
"/runs/vite-vite--CVE-2025-31125-20260318040518/logs/proof-network.json",
"/runs/vite-vite--CVE-2025-31125-20260318040518/logs/proof-page.json"
],
"container_links": [
"/runs/vite-vite--CVE-2025-31125-20260318040518/logs/docker/app.log"
],
"request_links": [
"/runs/vite-vite--CVE-2025-31125-20260318040518/logs/attack.json",
"/runs/vite-vite--CVE-2025-31125-20260318040518/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "vite-proxy-boundary",
"vuln_family": "proxy-boundary",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Proxy boundary proof banner is visible in the captured browser evidence."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed proxy boundary fixture with baseline banner."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner proves forwarded proxy boundary state change locally."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "vite.proxy-boundary",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/vite/proxy-boundary",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed proxy boundary fixture with baseline banner.",
"Runner proves forwarded proxy boundary state change locally.",
"Proxy boundary proof banner is visible in the captured browser evidence."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/vite-vite--CVE-2025-31125-20260318040518/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-31125-20260318040518/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-31125-20260318040518/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-31125-20260318040518/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/vite-vite--CVE-2025-31125-20260318040518/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/vite-vite--CVE-2025-31125-20260318040518/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/vite-vite--CVE-2025-31125-20260318040518/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/vite-vite--CVE-2025-31125-20260318040518/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/vite-vite--CVE-2025-31125-20260318040518/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-31125-20260318040518/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-31125-20260318040518/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-31125-20260318040518/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-31125-20260318040518/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/vite-vite--CVE-2025-31125-20260318040518/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-31125-20260318040518/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-31125-20260318040518/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-31125-20260318040518/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/vite-vite--CVE-2025-31125-20260318040518/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/vite-vite--CVE-2025-31125-20260318040518/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "vite-vite--CVE-2025-30208-20260318040511",
"system_id": "vite",
"advisory_id": "vite--CVE-2025-30208",
"repro_profile_id": "vite-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "vite.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/proof-page.json"
],
"baseline_title": "Vite Proxy Boundary Fixture",
"proof_title": "Vite Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T04:05:11+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "vite--CVE-2025-30208"
},
{
"at": "2026-03-18T04:05:11+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "vite-proxy-boundary"
},
{
"at": "2026-03-18T04:05:12+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T04:05:15+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T04:05:15+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T04:05:15+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T04:05:15+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T04:05:16+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T04:05:16+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T04:05:16+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T04:05:17+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T04:05:18+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T04:05:18+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "vite-vite--CVE-2025-30208-20260318040511"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T04:05:11+00:00",
"finished_at": "2026-03-18T04:05:18+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-30208-20260318040511/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/vite-vite--CVE-2025-30208-20260318040511/report.html",
"report_md": "/runs/vite-vite--CVE-2025-30208-20260318040511/report.md",
"timeline": "/runs/vite-vite--CVE-2025-30208-20260318040511/timeline.mmd",
"bundle": "/runs/vite-vite--CVE-2025-30208-20260318040511/run.json"
},
"browser_links": [
"/runs/vite-vite--CVE-2025-30208-20260318040511/assets/baseline.png",
"/runs/vite-vite--CVE-2025-30208-20260318040511/assets/baseline-dom.html",
"/runs/vite-vite--CVE-2025-30208-20260318040511/logs/baseline-console.json",
"/runs/vite-vite--CVE-2025-30208-20260318040511/logs/baseline-network.json",
"/runs/vite-vite--CVE-2025-30208-20260318040511/logs/baseline-page.json",
"/runs/vite-vite--CVE-2025-30208-20260318040511/assets/proof.png",
"/runs/vite-vite--CVE-2025-30208-20260318040511/assets/proof-dom.html",
"/runs/vite-vite--CVE-2025-30208-20260318040511/logs/proof-console.json",
"/runs/vite-vite--CVE-2025-30208-20260318040511/logs/proof-network.json",
"/runs/vite-vite--CVE-2025-30208-20260318040511/logs/proof-page.json"
],
"container_links": [
"/runs/vite-vite--CVE-2025-30208-20260318040511/logs/docker/app.log"
],
"request_links": [
"/runs/vite-vite--CVE-2025-30208-20260318040511/logs/attack.json",
"/runs/vite-vite--CVE-2025-30208-20260318040511/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "vite-proxy-boundary",
"vuln_family": "proxy-boundary",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Proxy boundary proof banner is visible in the captured browser evidence."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed proxy boundary fixture with baseline banner."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner proves forwarded proxy boundary state change locally."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "vite.proxy-boundary",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/vite/proxy-boundary",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed proxy boundary fixture with baseline banner.",
"Runner proves forwarded proxy boundary state change locally.",
"Proxy boundary proof banner is visible in the captured browser evidence."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/vite-vite--CVE-2025-30208-20260318040511/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-30208-20260318040511/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-30208-20260318040511/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-30208-20260318040511/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/vite-vite--CVE-2025-30208-20260318040511/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/vite-vite--CVE-2025-30208-20260318040511/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/vite-vite--CVE-2025-30208-20260318040511/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/vite-vite--CVE-2025-30208-20260318040511/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/vite-vite--CVE-2025-30208-20260318040511/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-30208-20260318040511/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-30208-20260318040511/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-30208-20260318040511/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-30208-20260318040511/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/vite-vite--CVE-2025-30208-20260318040511/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-30208-20260318040511/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-30208-20260318040511/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-30208-20260318040511/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/vite-vite--CVE-2025-30208-20260318040511/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/vite-vite--CVE-2025-30208-20260318040511/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "vite-vite--CVE-2025-24010-20260318040505",
"system_id": "vite",
"advisory_id": "vite--CVE-2025-24010",
"repro_profile_id": "vite-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "vite.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/proof-page.json"
],
"baseline_title": "Vite Proxy Boundary Fixture",
"proof_title": "Vite Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T04:05:05+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "vite--CVE-2025-24010"
},
{
"at": "2026-03-18T04:05:05+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "vite-proxy-boundary"
},
{
"at": "2026-03-18T04:05:05+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T04:05:08+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T04:05:08+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T04:05:08+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T04:05:08+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T04:05:09+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T04:05:09+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T04:05:10+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T04:05:10+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T04:05:11+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T04:05:11+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "vite-vite--CVE-2025-24010-20260318040505"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T04:05:05+00:00",
"finished_at": "2026-03-18T04:05:11+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2025-24010-20260318040505/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/vite-vite--CVE-2025-24010-20260318040505/report.html",
"report_md": "/runs/vite-vite--CVE-2025-24010-20260318040505/report.md",
"timeline": "/runs/vite-vite--CVE-2025-24010-20260318040505/timeline.mmd",
"bundle": "/runs/vite-vite--CVE-2025-24010-20260318040505/run.json"
},
"browser_links": [
"/runs/vite-vite--CVE-2025-24010-20260318040505/assets/baseline.png",
"/runs/vite-vite--CVE-2025-24010-20260318040505/assets/baseline-dom.html",
"/runs/vite-vite--CVE-2025-24010-20260318040505/logs/baseline-console.json",
"/runs/vite-vite--CVE-2025-24010-20260318040505/logs/baseline-network.json",
"/runs/vite-vite--CVE-2025-24010-20260318040505/logs/baseline-page.json",
"/runs/vite-vite--CVE-2025-24010-20260318040505/assets/proof.png",
"/runs/vite-vite--CVE-2025-24010-20260318040505/assets/proof-dom.html",
"/runs/vite-vite--CVE-2025-24010-20260318040505/logs/proof-console.json",
"/runs/vite-vite--CVE-2025-24010-20260318040505/logs/proof-network.json",
"/runs/vite-vite--CVE-2025-24010-20260318040505/logs/proof-page.json"
],
"container_links": [
"/runs/vite-vite--CVE-2025-24010-20260318040505/logs/docker/app.log"
],
"request_links": [
"/runs/vite-vite--CVE-2025-24010-20260318040505/logs/attack.json",
"/runs/vite-vite--CVE-2025-24010-20260318040505/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "vite-proxy-boundary",
"vuln_family": "proxy-boundary",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Proxy boundary proof banner is visible in the captured browser evidence."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed proxy boundary fixture with baseline banner."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner proves forwarded proxy boundary state change locally."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "vite.proxy-boundary",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/vite/proxy-boundary",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed proxy boundary fixture with baseline banner.",
"Runner proves forwarded proxy boundary state change locally.",
"Proxy boundary proof banner is visible in the captured browser evidence."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/vite-vite--CVE-2025-24010-20260318040505/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-24010-20260318040505/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-24010-20260318040505/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-24010-20260318040505/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/vite-vite--CVE-2025-24010-20260318040505/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/vite-vite--CVE-2025-24010-20260318040505/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/vite-vite--CVE-2025-24010-20260318040505/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/vite-vite--CVE-2025-24010-20260318040505/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/vite-vite--CVE-2025-24010-20260318040505/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-24010-20260318040505/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-24010-20260318040505/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-24010-20260318040505/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-24010-20260318040505/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/vite-vite--CVE-2025-24010-20260318040505/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-24010-20260318040505/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-24010-20260318040505/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2025-24010-20260318040505/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/vite-vite--CVE-2025-24010-20260318040505/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/vite-vite--CVE-2025-24010-20260318040505/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "vite-vite--CVE-2024-45812-20260318040458",
"system_id": "vite",
"advisory_id": "vite--CVE-2024-45812",
"repro_profile_id": "vite-xss",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "vite.xss",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/proof-page.json"
],
"baseline_title": "Vite XSS Fixture",
"proof_title": "Vite XSS Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T04:04:58+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "vite--CVE-2024-45812"
},
{
"at": "2026-03-18T04:04:58+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "vite-xss"
},
{
"at": "2026-03-18T04:04:59+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T04:05:02+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T04:05:02+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T04:05:02+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T04:05:02+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T04:05:02+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T04:05:02+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T04:05:03+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T04:05:03+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T04:05:05+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T04:05:05+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "vite-vite--CVE-2024-45812-20260318040458"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "stored payload rendered inside the browser proof page"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T04:04:58+00:00",
"finished_at": "2026-03-18T04:05:05+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45812-20260318040458/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/vite-vite--CVE-2024-45812-20260318040458/report.html",
"report_md": "/runs/vite-vite--CVE-2024-45812-20260318040458/report.md",
"timeline": "/runs/vite-vite--CVE-2024-45812-20260318040458/timeline.mmd",
"bundle": "/runs/vite-vite--CVE-2024-45812-20260318040458/run.json"
},
"browser_links": [
"/runs/vite-vite--CVE-2024-45812-20260318040458/assets/baseline.png",
"/runs/vite-vite--CVE-2024-45812-20260318040458/assets/baseline-dom.html",
"/runs/vite-vite--CVE-2024-45812-20260318040458/logs/baseline-console.json",
"/runs/vite-vite--CVE-2024-45812-20260318040458/logs/baseline-network.json",
"/runs/vite-vite--CVE-2024-45812-20260318040458/logs/baseline-page.json",
"/runs/vite-vite--CVE-2024-45812-20260318040458/assets/proof.png",
"/runs/vite-vite--CVE-2024-45812-20260318040458/assets/proof-dom.html",
"/runs/vite-vite--CVE-2024-45812-20260318040458/logs/proof-console.json",
"/runs/vite-vite--CVE-2024-45812-20260318040458/logs/proof-network.json",
"/runs/vite-vite--CVE-2024-45812-20260318040458/logs/proof-page.json"
],
"container_links": [
"/runs/vite-vite--CVE-2024-45812-20260318040458/logs/docker/app.log"
],
"request_links": [
"/runs/vite-vite--CVE-2024-45812-20260318040458/logs/attack.json",
"/runs/vite-vite--CVE-2024-45812-20260318040458/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "vite-xss",
"vuln_family": "xss",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Browser proof page shows the controlled XSS marker after attack."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed client render page before XSS proof capture."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner stores inert payload and validates browser proof only locally."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "vite.xss",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/vite/xss",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed client render page before XSS proof capture.",
"Runner stores inert payload and validates browser proof only locally.",
"Browser proof page shows the controlled XSS marker after attack."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/vite-vite--CVE-2024-45812-20260318040458/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2024-45812-20260318040458/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2024-45812-20260318040458/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2024-45812-20260318040458/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/vite-vite--CVE-2024-45812-20260318040458/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/vite-vite--CVE-2024-45812-20260318040458/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/vite-vite--CVE-2024-45812-20260318040458/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/vite-vite--CVE-2024-45812-20260318040458/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/vite-vite--CVE-2024-45812-20260318040458/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2024-45812-20260318040458/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2024-45812-20260318040458/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2024-45812-20260318040458/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2024-45812-20260318040458/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/vite-vite--CVE-2024-45812-20260318040458/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2024-45812-20260318040458/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2024-45812-20260318040458/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2024-45812-20260318040458/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/vite-vite--CVE-2024-45812-20260318040458/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/vite-vite--CVE-2024-45812-20260318040458/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "vite-vite--CVE-2024-45811-20260318040452",
"system_id": "vite",
"advisory_id": "vite--CVE-2024-45811",
"repro_profile_id": "vite-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "vite.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/proof-page.json"
],
"baseline_title": "Vite Proxy Boundary Fixture",
"proof_title": "Vite Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T04:04:52+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "vite--CVE-2024-45811"
},
{
"at": "2026-03-18T04:04:52+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "vite-proxy-boundary"
},
{
"at": "2026-03-18T04:04:52+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T04:04:55+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T04:04:55+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T04:04:55+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T04:04:55+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T04:04:56+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T04:04:56+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T04:04:57+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T04:04:57+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T04:04:58+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T04:04:58+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "vite-vite--CVE-2024-45811-20260318040452"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T04:04:52+00:00",
"finished_at": "2026-03-18T04:04:58+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-45811-20260318040452/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/vite-vite--CVE-2024-45811-20260318040452/report.html",
"report_md": "/runs/vite-vite--CVE-2024-45811-20260318040452/report.md",
"timeline": "/runs/vite-vite--CVE-2024-45811-20260318040452/timeline.mmd",
"bundle": "/runs/vite-vite--CVE-2024-45811-20260318040452/run.json"
},
"browser_links": [
"/runs/vite-vite--CVE-2024-45811-20260318040452/assets/baseline.png",
"/runs/vite-vite--CVE-2024-45811-20260318040452/assets/baseline-dom.html",
"/runs/vite-vite--CVE-2024-45811-20260318040452/logs/baseline-console.json",
"/runs/vite-vite--CVE-2024-45811-20260318040452/logs/baseline-network.json",
"/runs/vite-vite--CVE-2024-45811-20260318040452/logs/baseline-page.json",
"/runs/vite-vite--CVE-2024-45811-20260318040452/assets/proof.png",
"/runs/vite-vite--CVE-2024-45811-20260318040452/assets/proof-dom.html",
"/runs/vite-vite--CVE-2024-45811-20260318040452/logs/proof-console.json",
"/runs/vite-vite--CVE-2024-45811-20260318040452/logs/proof-network.json",
"/runs/vite-vite--CVE-2024-45811-20260318040452/logs/proof-page.json"
],
"container_links": [
"/runs/vite-vite--CVE-2024-45811-20260318040452/logs/docker/app.log"
],
"request_links": [
"/runs/vite-vite--CVE-2024-45811-20260318040452/logs/attack.json",
"/runs/vite-vite--CVE-2024-45811-20260318040452/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "vite-proxy-boundary",
"vuln_family": "proxy-boundary",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Proxy boundary proof banner is visible in the captured browser evidence."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed proxy boundary fixture with baseline banner."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner proves forwarded proxy boundary state change locally."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "vite.proxy-boundary",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/vite/proxy-boundary",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed proxy boundary fixture with baseline banner.",
"Runner proves forwarded proxy boundary state change locally.",
"Proxy boundary proof banner is visible in the captured browser evidence."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/vite-vite--CVE-2024-45811-20260318040452/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2024-45811-20260318040452/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2024-45811-20260318040452/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2024-45811-20260318040452/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/vite-vite--CVE-2024-45811-20260318040452/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/vite-vite--CVE-2024-45811-20260318040452/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/vite-vite--CVE-2024-45811-20260318040452/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/vite-vite--CVE-2024-45811-20260318040452/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/vite-vite--CVE-2024-45811-20260318040452/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2024-45811-20260318040452/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2024-45811-20260318040452/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2024-45811-20260318040452/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2024-45811-20260318040452/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/vite-vite--CVE-2024-45811-20260318040452/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2024-45811-20260318040452/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2024-45811-20260318040452/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2024-45811-20260318040452/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/vite-vite--CVE-2024-45811-20260318040452/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/vite-vite--CVE-2024-45811-20260318040452/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "vite-vite--CVE-2024-23331-20260318040445",
"system_id": "vite",
"advisory_id": "vite--CVE-2024-23331",
"repro_profile_id": "vite-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "vite.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/proof-page.json"
],
"baseline_title": "Vite Proxy Boundary Fixture",
"proof_title": "Vite Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T04:04:45+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "vite--CVE-2024-23331"
},
{
"at": "2026-03-18T04:04:45+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "vite-proxy-boundary"
},
{
"at": "2026-03-18T04:04:46+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T04:04:48+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T04:04:48+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T04:04:49+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T04:04:49+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T04:04:49+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T04:04:49+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T04:04:50+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T04:04:50+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T04:04:52+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T04:04:52+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "vite-vite--CVE-2024-23331-20260318040445"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T04:04:45+00:00",
"finished_at": "2026-03-18T04:04:52+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/vite-vite--CVE-2024-23331-20260318040445/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/vite-vite--CVE-2024-23331-20260318040445/report.html",
"report_md": "/runs/vite-vite--CVE-2024-23331-20260318040445/report.md",
"timeline": "/runs/vite-vite--CVE-2024-23331-20260318040445/timeline.mmd",
"bundle": "/runs/vite-vite--CVE-2024-23331-20260318040445/run.json"
},
"browser_links": [
"/runs/vite-vite--CVE-2024-23331-20260318040445/assets/baseline.png",
"/runs/vite-vite--CVE-2024-23331-20260318040445/assets/baseline-dom.html",
"/runs/vite-vite--CVE-2024-23331-20260318040445/logs/baseline-console.json",
"/runs/vite-vite--CVE-2024-23331-20260318040445/logs/baseline-network.json",
"/runs/vite-vite--CVE-2024-23331-20260318040445/logs/baseline-page.json",
"/runs/vite-vite--CVE-2024-23331-20260318040445/assets/proof.png",
"/runs/vite-vite--CVE-2024-23331-20260318040445/assets/proof-dom.html",
"/runs/vite-vite--CVE-2024-23331-20260318040445/logs/proof-console.json",
"/runs/vite-vite--CVE-2024-23331-20260318040445/logs/proof-network.json",
"/runs/vite-vite--CVE-2024-23331-20260318040445/logs/proof-page.json"
],
"container_links": [
"/runs/vite-vite--CVE-2024-23331-20260318040445/logs/docker/app.log"
],
"request_links": [
"/runs/vite-vite--CVE-2024-23331-20260318040445/logs/attack.json",
"/runs/vite-vite--CVE-2024-23331-20260318040445/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "vite-proxy-boundary",
"vuln_family": "proxy-boundary",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Proxy boundary proof banner is visible in the captured browser evidence."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed proxy boundary fixture with baseline banner."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner proves forwarded proxy boundary state change locally."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "vite.proxy-boundary",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/vite/proxy-boundary",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed proxy boundary fixture with baseline banner.",
"Runner proves forwarded proxy boundary state change locally.",
"Proxy boundary proof banner is visible in the captured browser evidence."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/vite-vite--CVE-2024-23331-20260318040445/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2024-23331-20260318040445/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2024-23331-20260318040445/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2024-23331-20260318040445/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/vite-vite--CVE-2024-23331-20260318040445/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/vite-vite--CVE-2024-23331-20260318040445/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/vite-vite--CVE-2024-23331-20260318040445/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/vite-vite--CVE-2024-23331-20260318040445/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/vite-vite--CVE-2024-23331-20260318040445/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2024-23331-20260318040445/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2024-23331-20260318040445/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2024-23331-20260318040445/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2024-23331-20260318040445/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/vite-vite--CVE-2024-23331-20260318040445/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2024-23331-20260318040445/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2024-23331-20260318040445/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/vite-vite--CVE-2024-23331-20260318040445/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/vite-vite--CVE-2024-23331-20260318040445/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/vite-vite--CVE-2024-23331-20260318040445/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "undici-undici--CVE-2026-2581-20260318040332",
"system_id": "undici",
"advisory_id": "undici--CVE-2026-2581",
"repro_profile_id": "undici-ssrf",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-2581-20260318040332/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "undici.ssrf",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-2581-20260318040332/logs/attack.json"
}
],
"browser_refs": [],
"browser_evidence": {
"required": false,
"present": false,
"refs": [],
"baseline_refs": [],
"proof_refs": [],
"baseline_title": null,
"proof_title": null,
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-2581-20260318040332/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-2581-20260318040332/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-2581-20260318040332/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-2581-20260318040332/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T04:03:32+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "undici--CVE-2026-2581"
},
{
"at": "2026-03-18T04:03:32+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "undici-ssrf"
},
{
"at": "2026-03-18T04:03:32+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T04:03:35+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T04:03:35+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T04:03:35+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T04:03:35+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T04:03:35+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T04:03:35+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T04:03:36+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T04:03:36+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "undici-undici--CVE-2026-2581-20260318040332"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "server-side callback reached the local sink"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T04:03:32+00:00",
"finished_at": "2026-03-18T04:03:36+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-2581-20260318040332",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-2581-20260318040332/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-2581-20260318040332/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-2581-20260318040332/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/undici-undici--CVE-2026-2581-20260318040332/report.html",
"report_md": "/runs/undici-undici--CVE-2026-2581-20260318040332/report.md",
"timeline": "/runs/undici-undici--CVE-2026-2581-20260318040332/timeline.mmd",
"bundle": "/runs/undici-undici--CVE-2026-2581-20260318040332/run.json"
},
"browser_links": [],
"container_links": [
"/runs/undici-undici--CVE-2026-2581-20260318040332/logs/docker/app.log"
],
"request_links": [
"/runs/undici-undici--CVE-2026-2581-20260318040332/logs/attack.json",
"/runs/undici-undici--CVE-2026-2581-20260318040332/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "undici-ssrf",
"vuln_family": "ssrf",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"SSRF proof endpoint confirms only local sink callbacks were performed."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed local sink-only request path."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner validates local callback using undici-style request fixture."
}
],
"browser_assertions": {
"required": false
},
"runner_id": "undici.ssrf",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/undici/ssrf",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed local sink-only request path.",
"Runner validates local callback using undici-style request fixture.",
"SSRF proof endpoint confirms only local sink callbacks were performed."
],
"progress": {
"completed": 10,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/undici-undici--CVE-2026-2581-20260318040332/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/undici-undici--CVE-2026-2581-20260318040332/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/undici-undici--CVE-2026-2581-20260318040332/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/undici-undici--CVE-2026-2581-20260318040332/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/undici-undici--CVE-2026-2581-20260318040332/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/undici-undici--CVE-2026-2581-20260318040332/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/undici-undici--CVE-2026-2581-20260318040332/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/undici-undici--CVE-2026-2581-20260318040332/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/undici-undici--CVE-2026-2581-20260318040332/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "undici-undici--CVE-2026-2229-20260318040328",
"system_id": "undici",
"advisory_id": "undici--CVE-2026-2229",
"repro_profile_id": "undici-ssrf",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-2229-20260318040328/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "undici.ssrf",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-2229-20260318040328/logs/attack.json"
}
],
"browser_refs": [],
"browser_evidence": {
"required": false,
"present": false,
"refs": [],
"baseline_refs": [],
"proof_refs": [],
"baseline_title": null,
"proof_title": null,
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-2229-20260318040328/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-2229-20260318040328/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-2229-20260318040328/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-2229-20260318040328/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T04:03:28+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "undici--CVE-2026-2229"
},
{
"at": "2026-03-18T04:03:28+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "undici-ssrf"
},
{
"at": "2026-03-18T04:03:28+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T04:03:30+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T04:03:30+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T04:03:30+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T04:03:30+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T04:03:30+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T04:03:31+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T04:03:32+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T04:03:32+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "undici-undici--CVE-2026-2229-20260318040328"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "server-side callback reached the local sink"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T04:03:28+00:00",
"finished_at": "2026-03-18T04:03:32+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-2229-20260318040328",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-2229-20260318040328/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-2229-20260318040328/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-2229-20260318040328/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/undici-undici--CVE-2026-2229-20260318040328/report.html",
"report_md": "/runs/undici-undici--CVE-2026-2229-20260318040328/report.md",
"timeline": "/runs/undici-undici--CVE-2026-2229-20260318040328/timeline.mmd",
"bundle": "/runs/undici-undici--CVE-2026-2229-20260318040328/run.json"
},
"browser_links": [],
"container_links": [
"/runs/undici-undici--CVE-2026-2229-20260318040328/logs/docker/app.log"
],
"request_links": [
"/runs/undici-undici--CVE-2026-2229-20260318040328/logs/attack.json",
"/runs/undici-undici--CVE-2026-2229-20260318040328/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "undici-ssrf",
"vuln_family": "ssrf",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"SSRF proof endpoint confirms only local sink callbacks were performed."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed local sink-only request path."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner validates local callback using undici-style request fixture."
}
],
"browser_assertions": {
"required": false
},
"runner_id": "undici.ssrf",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/undici/ssrf",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed local sink-only request path.",
"Runner validates local callback using undici-style request fixture.",
"SSRF proof endpoint confirms only local sink callbacks were performed."
],
"progress": {
"completed": 10,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/undici-undici--CVE-2026-2229-20260318040328/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/undici-undici--CVE-2026-2229-20260318040328/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/undici-undici--CVE-2026-2229-20260318040328/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/undici-undici--CVE-2026-2229-20260318040328/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/undici-undici--CVE-2026-2229-20260318040328/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/undici-undici--CVE-2026-2229-20260318040328/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/undici-undici--CVE-2026-2229-20260318040328/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/undici-undici--CVE-2026-2229-20260318040328/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/undici-undici--CVE-2026-2229-20260318040328/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "undici-undici--CVE-2026-22036-20260318040323",
"system_id": "undici",
"advisory_id": "undici--CVE-2026-22036",
"repro_profile_id": "undici-ssrf",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-22036-20260318040323/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "undici.ssrf",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-22036-20260318040323/logs/attack.json"
}
],
"browser_refs": [],
"browser_evidence": {
"required": false,
"present": false,
"refs": [],
"baseline_refs": [],
"proof_refs": [],
"baseline_title": null,
"proof_title": null,
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-22036-20260318040323/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-22036-20260318040323/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-22036-20260318040323/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-22036-20260318040323/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T04:03:23+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "undici--CVE-2026-22036"
},
{
"at": "2026-03-18T04:03:23+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "undici-ssrf"
},
{
"at": "2026-03-18T04:03:23+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T04:03:26+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T04:03:26+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T04:03:26+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T04:03:26+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T04:03:26+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T04:03:26+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T04:03:27+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T04:03:27+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "undici-undici--CVE-2026-22036-20260318040323"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "server-side callback reached the local sink"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T04:03:23+00:00",
"finished_at": "2026-03-18T04:03:27+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-22036-20260318040323",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-22036-20260318040323/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-22036-20260318040323/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-22036-20260318040323/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/undici-undici--CVE-2026-22036-20260318040323/report.html",
"report_md": "/runs/undici-undici--CVE-2026-22036-20260318040323/report.md",
"timeline": "/runs/undici-undici--CVE-2026-22036-20260318040323/timeline.mmd",
"bundle": "/runs/undici-undici--CVE-2026-22036-20260318040323/run.json"
},
"browser_links": [],
"container_links": [
"/runs/undici-undici--CVE-2026-22036-20260318040323/logs/docker/app.log"
],
"request_links": [
"/runs/undici-undici--CVE-2026-22036-20260318040323/logs/attack.json",
"/runs/undici-undici--CVE-2026-22036-20260318040323/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "undici-ssrf",
"vuln_family": "ssrf",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"SSRF proof endpoint confirms only local sink callbacks were performed."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed local sink-only request path."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner validates local callback using undici-style request fixture."
}
],
"browser_assertions": {
"required": false
},
"runner_id": "undici.ssrf",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/undici/ssrf",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed local sink-only request path.",
"Runner validates local callback using undici-style request fixture.",
"SSRF proof endpoint confirms only local sink callbacks were performed."
],
"progress": {
"completed": 10,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/undici-undici--CVE-2026-22036-20260318040323/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/undici-undici--CVE-2026-22036-20260318040323/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/undici-undici--CVE-2026-22036-20260318040323/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/undici-undici--CVE-2026-22036-20260318040323/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/undici-undici--CVE-2026-22036-20260318040323/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/undici-undici--CVE-2026-22036-20260318040323/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/undici-undici--CVE-2026-22036-20260318040323/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/undici-undici--CVE-2026-22036-20260318040323/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/undici-undici--CVE-2026-22036-20260318040323/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "undici-undici--CVE-2026-1528-20260318040318",
"system_id": "undici",
"advisory_id": "undici--CVE-2026-1528",
"repro_profile_id": "undici-ssrf",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1528-20260318040318/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "undici.ssrf",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1528-20260318040318/logs/attack.json"
}
],
"browser_refs": [],
"browser_evidence": {
"required": false,
"present": false,
"refs": [],
"baseline_refs": [],
"proof_refs": [],
"baseline_title": null,
"proof_title": null,
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1528-20260318040318/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1528-20260318040318/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1528-20260318040318/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1528-20260318040318/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T04:03:18+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "undici--CVE-2026-1528"
},
{
"at": "2026-03-18T04:03:18+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "undici-ssrf"
},
{
"at": "2026-03-18T04:03:18+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T04:03:21+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T04:03:21+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T04:03:21+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T04:03:21+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T04:03:21+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T04:03:22+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T04:03:23+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T04:03:23+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "undici-undici--CVE-2026-1528-20260318040318"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "server-side callback reached the local sink"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T04:03:18+00:00",
"finished_at": "2026-03-18T04:03:23+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1528-20260318040318",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1528-20260318040318/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1528-20260318040318/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1528-20260318040318/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/undici-undici--CVE-2026-1528-20260318040318/report.html",
"report_md": "/runs/undici-undici--CVE-2026-1528-20260318040318/report.md",
"timeline": "/runs/undici-undici--CVE-2026-1528-20260318040318/timeline.mmd",
"bundle": "/runs/undici-undici--CVE-2026-1528-20260318040318/run.json"
},
"browser_links": [],
"container_links": [
"/runs/undici-undici--CVE-2026-1528-20260318040318/logs/docker/app.log"
],
"request_links": [
"/runs/undici-undici--CVE-2026-1528-20260318040318/logs/attack.json",
"/runs/undici-undici--CVE-2026-1528-20260318040318/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "undici-ssrf",
"vuln_family": "ssrf",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"SSRF proof endpoint confirms only local sink callbacks were performed."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed local sink-only request path."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner validates local callback using undici-style request fixture."
}
],
"browser_assertions": {
"required": false
},
"runner_id": "undici.ssrf",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/undici/ssrf",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed local sink-only request path.",
"Runner validates local callback using undici-style request fixture.",
"SSRF proof endpoint confirms only local sink callbacks were performed."
],
"progress": {
"completed": 10,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/undici-undici--CVE-2026-1528-20260318040318/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/undici-undici--CVE-2026-1528-20260318040318/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/undici-undici--CVE-2026-1528-20260318040318/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/undici-undici--CVE-2026-1528-20260318040318/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/undici-undici--CVE-2026-1528-20260318040318/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/undici-undici--CVE-2026-1528-20260318040318/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/undici-undici--CVE-2026-1528-20260318040318/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/undici-undici--CVE-2026-1528-20260318040318/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/undici-undici--CVE-2026-1528-20260318040318/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "undici-undici--CVE-2026-1527-20260318040314",
"system_id": "undici",
"advisory_id": "undici--CVE-2026-1527",
"repro_profile_id": "undici-ssrf",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1527-20260318040314/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "undici.ssrf",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1527-20260318040314/logs/attack.json"
}
],
"browser_refs": [],
"browser_evidence": {
"required": false,
"present": false,
"refs": [],
"baseline_refs": [],
"proof_refs": [],
"baseline_title": null,
"proof_title": null,
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1527-20260318040314/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1527-20260318040314/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1527-20260318040314/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1527-20260318040314/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T04:03:14+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "undici--CVE-2026-1527"
},
{
"at": "2026-03-18T04:03:14+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "undici-ssrf"
},
{
"at": "2026-03-18T04:03:14+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T04:03:16+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T04:03:16+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T04:03:16+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T04:03:16+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T04:03:16+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T04:03:17+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T04:03:18+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T04:03:18+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "undici-undici--CVE-2026-1527-20260318040314"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "server-side callback reached the local sink"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T04:03:14+00:00",
"finished_at": "2026-03-18T04:03:18+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1527-20260318040314",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1527-20260318040314/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1527-20260318040314/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1527-20260318040314/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/undici-undici--CVE-2026-1527-20260318040314/report.html",
"report_md": "/runs/undici-undici--CVE-2026-1527-20260318040314/report.md",
"timeline": "/runs/undici-undici--CVE-2026-1527-20260318040314/timeline.mmd",
"bundle": "/runs/undici-undici--CVE-2026-1527-20260318040314/run.json"
},
"browser_links": [],
"container_links": [
"/runs/undici-undici--CVE-2026-1527-20260318040314/logs/docker/app.log"
],
"request_links": [
"/runs/undici-undici--CVE-2026-1527-20260318040314/logs/attack.json",
"/runs/undici-undici--CVE-2026-1527-20260318040314/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "undici-ssrf",
"vuln_family": "ssrf",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"SSRF proof endpoint confirms only local sink callbacks were performed."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed local sink-only request path."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner validates local callback using undici-style request fixture."
}
],
"browser_assertions": {
"required": false
},
"runner_id": "undici.ssrf",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/undici/ssrf",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed local sink-only request path.",
"Runner validates local callback using undici-style request fixture.",
"SSRF proof endpoint confirms only local sink callbacks were performed."
],
"progress": {
"completed": 10,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/undici-undici--CVE-2026-1527-20260318040314/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/undici-undici--CVE-2026-1527-20260318040314/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/undici-undici--CVE-2026-1527-20260318040314/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/undici-undici--CVE-2026-1527-20260318040314/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/undici-undici--CVE-2026-1527-20260318040314/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/undici-undici--CVE-2026-1527-20260318040314/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/undici-undici--CVE-2026-1527-20260318040314/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/undici-undici--CVE-2026-1527-20260318040314/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/undici-undici--CVE-2026-1527-20260318040314/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "undici-undici--CVE-2026-1526-20260318040309",
"system_id": "undici",
"advisory_id": "undici--CVE-2026-1526",
"repro_profile_id": "undici-ssrf",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1526-20260318040309/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "undici.ssrf",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1526-20260318040309/logs/attack.json"
}
],
"browser_refs": [],
"browser_evidence": {
"required": false,
"present": false,
"refs": [],
"baseline_refs": [],
"proof_refs": [],
"baseline_title": null,
"proof_title": null,
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1526-20260318040309/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1526-20260318040309/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1526-20260318040309/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1526-20260318040309/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T04:03:09+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "undici--CVE-2026-1526"
},
{
"at": "2026-03-18T04:03:09+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "undici-ssrf"
},
{
"at": "2026-03-18T04:03:09+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T04:03:12+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T04:03:12+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T04:03:12+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T04:03:12+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T04:03:12+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T04:03:12+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T04:03:14+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T04:03:14+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "undici-undici--CVE-2026-1526-20260318040309"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "server-side callback reached the local sink"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T04:03:09+00:00",
"finished_at": "2026-03-18T04:03:14+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1526-20260318040309",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1526-20260318040309/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1526-20260318040309/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1526-20260318040309/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/undici-undici--CVE-2026-1526-20260318040309/report.html",
"report_md": "/runs/undici-undici--CVE-2026-1526-20260318040309/report.md",
"timeline": "/runs/undici-undici--CVE-2026-1526-20260318040309/timeline.mmd",
"bundle": "/runs/undici-undici--CVE-2026-1526-20260318040309/run.json"
},
"browser_links": [],
"container_links": [
"/runs/undici-undici--CVE-2026-1526-20260318040309/logs/docker/app.log"
],
"request_links": [
"/runs/undici-undici--CVE-2026-1526-20260318040309/logs/attack.json",
"/runs/undici-undici--CVE-2026-1526-20260318040309/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "undici-ssrf",
"vuln_family": "ssrf",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"SSRF proof endpoint confirms only local sink callbacks were performed."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed local sink-only request path."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner validates local callback using undici-style request fixture."
}
],
"browser_assertions": {
"required": false
},
"runner_id": "undici.ssrf",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/undici/ssrf",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed local sink-only request path.",
"Runner validates local callback using undici-style request fixture.",
"SSRF proof endpoint confirms only local sink callbacks were performed."
],
"progress": {
"completed": 10,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/undici-undici--CVE-2026-1526-20260318040309/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/undici-undici--CVE-2026-1526-20260318040309/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/undici-undici--CVE-2026-1526-20260318040309/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/undici-undici--CVE-2026-1526-20260318040309/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/undici-undici--CVE-2026-1526-20260318040309/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/undici-undici--CVE-2026-1526-20260318040309/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/undici-undici--CVE-2026-1526-20260318040309/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/undici-undici--CVE-2026-1526-20260318040309/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/undici-undici--CVE-2026-1526-20260318040309/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "undici-undici--CVE-2026-1525-20260318040304",
"system_id": "undici",
"advisory_id": "undici--CVE-2026-1525",
"repro_profile_id": "undici-ssrf",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1525-20260318040304/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "undici.ssrf",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1525-20260318040304/logs/attack.json"
}
],
"browser_refs": [],
"browser_evidence": {
"required": false,
"present": false,
"refs": [],
"baseline_refs": [],
"proof_refs": [],
"baseline_title": null,
"proof_title": null,
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1525-20260318040304/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1525-20260318040304/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1525-20260318040304/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1525-20260318040304/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T04:03:04+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "undici--CVE-2026-1525"
},
{
"at": "2026-03-18T04:03:04+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "undici-ssrf"
},
{
"at": "2026-03-18T04:03:05+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T04:03:07+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T04:03:07+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T04:03:07+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T04:03:07+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T04:03:07+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T04:03:08+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T04:03:09+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T04:03:09+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "undici-undici--CVE-2026-1525-20260318040304"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "server-side callback reached the local sink"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T04:03:04+00:00",
"finished_at": "2026-03-18T04:03:09+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1525-20260318040304",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1525-20260318040304/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1525-20260318040304/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2026-1525-20260318040304/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/undici-undici--CVE-2026-1525-20260318040304/report.html",
"report_md": "/runs/undici-undici--CVE-2026-1525-20260318040304/report.md",
"timeline": "/runs/undici-undici--CVE-2026-1525-20260318040304/timeline.mmd",
"bundle": "/runs/undici-undici--CVE-2026-1525-20260318040304/run.json"
},
"browser_links": [],
"container_links": [
"/runs/undici-undici--CVE-2026-1525-20260318040304/logs/docker/app.log"
],
"request_links": [
"/runs/undici-undici--CVE-2026-1525-20260318040304/logs/attack.json",
"/runs/undici-undici--CVE-2026-1525-20260318040304/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "undici-ssrf",
"vuln_family": "ssrf",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"SSRF proof endpoint confirms only local sink callbacks were performed."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed local sink-only request path."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner validates local callback using undici-style request fixture."
}
],
"browser_assertions": {
"required": false
},
"runner_id": "undici.ssrf",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/undici/ssrf",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed local sink-only request path.",
"Runner validates local callback using undici-style request fixture.",
"SSRF proof endpoint confirms only local sink callbacks were performed."
],
"progress": {
"completed": 10,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/undici-undici--CVE-2026-1525-20260318040304/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/undici-undici--CVE-2026-1525-20260318040304/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/undici-undici--CVE-2026-1525-20260318040304/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/undici-undici--CVE-2026-1525-20260318040304/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/undici-undici--CVE-2026-1525-20260318040304/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/undici-undici--CVE-2026-1525-20260318040304/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/undici-undici--CVE-2026-1525-20260318040304/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/undici-undici--CVE-2026-1525-20260318040304/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/undici-undici--CVE-2026-1525-20260318040304/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "undici-undici--CVE-2025-47279-20260318040300",
"system_id": "undici",
"advisory_id": "undici--CVE-2025-47279",
"repro_profile_id": "undici-ssrf",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2025-47279-20260318040300/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "undici.ssrf",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2025-47279-20260318040300/logs/attack.json"
}
],
"browser_refs": [],
"browser_evidence": {
"required": false,
"present": false,
"refs": [],
"baseline_refs": [],
"proof_refs": [],
"baseline_title": null,
"proof_title": null,
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2025-47279-20260318040300/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2025-47279-20260318040300/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2025-47279-20260318040300/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2025-47279-20260318040300/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T04:03:00+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "undici--CVE-2025-47279"
},
{
"at": "2026-03-18T04:03:00+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "undici-ssrf"
},
{
"at": "2026-03-18T04:03:00+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T04:03:03+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T04:03:03+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T04:03:03+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T04:03:03+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T04:03:03+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T04:03:03+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T04:03:04+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T04:03:04+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "undici-undici--CVE-2025-47279-20260318040300"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "server-side callback reached the local sink"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T04:03:00+00:00",
"finished_at": "2026-03-18T04:03:04+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2025-47279-20260318040300",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2025-47279-20260318040300/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2025-47279-20260318040300/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2025-47279-20260318040300/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/undici-undici--CVE-2025-47279-20260318040300/report.html",
"report_md": "/runs/undici-undici--CVE-2025-47279-20260318040300/report.md",
"timeline": "/runs/undici-undici--CVE-2025-47279-20260318040300/timeline.mmd",
"bundle": "/runs/undici-undici--CVE-2025-47279-20260318040300/run.json"
},
"browser_links": [],
"container_links": [
"/runs/undici-undici--CVE-2025-47279-20260318040300/logs/docker/app.log"
],
"request_links": [
"/runs/undici-undici--CVE-2025-47279-20260318040300/logs/attack.json",
"/runs/undici-undici--CVE-2025-47279-20260318040300/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "undici-ssrf",
"vuln_family": "ssrf",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"SSRF proof endpoint confirms only local sink callbacks were performed."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed local sink-only request path."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner validates local callback using undici-style request fixture."
}
],
"browser_assertions": {
"required": false
},
"runner_id": "undici.ssrf",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/undici/ssrf",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed local sink-only request path.",
"Runner validates local callback using undici-style request fixture.",
"SSRF proof endpoint confirms only local sink callbacks were performed."
],
"progress": {
"completed": 10,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/undici-undici--CVE-2025-47279-20260318040300/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/undici-undici--CVE-2025-47279-20260318040300/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/undici-undici--CVE-2025-47279-20260318040300/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/undici-undici--CVE-2025-47279-20260318040300/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/undici-undici--CVE-2025-47279-20260318040300/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/undici-undici--CVE-2025-47279-20260318040300/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/undici-undici--CVE-2025-47279-20260318040300/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/undici-undici--CVE-2025-47279-20260318040300/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/undici-undici--CVE-2025-47279-20260318040300/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "undici-undici--CVE-2025-22150-20260318040256",
"system_id": "undici",
"advisory_id": "undici--CVE-2025-22150",
"repro_profile_id": "undici-ssrf",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2025-22150-20260318040256/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "undici.ssrf",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2025-22150-20260318040256/logs/attack.json"
}
],
"browser_refs": [],
"browser_evidence": {
"required": false,
"present": false,
"refs": [],
"baseline_refs": [],
"proof_refs": [],
"baseline_title": null,
"proof_title": null,
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2025-22150-20260318040256/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2025-22150-20260318040256/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2025-22150-20260318040256/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2025-22150-20260318040256/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T04:02:56+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "undici--CVE-2025-22150"
},
{
"at": "2026-03-18T04:02:56+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "undici-ssrf"
},
{
"at": "2026-03-18T04:02:56+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T04:02:58+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T04:02:58+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T04:02:58+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T04:02:58+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T04:02:58+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T04:02:59+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T04:03:00+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T04:03:00+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "undici-undici--CVE-2025-22150-20260318040256"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "server-side callback reached the local sink"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T04:02:56+00:00",
"finished_at": "2026-03-18T04:03:00+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2025-22150-20260318040256",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2025-22150-20260318040256/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2025-22150-20260318040256/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2025-22150-20260318040256/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/undici-undici--CVE-2025-22150-20260318040256/report.html",
"report_md": "/runs/undici-undici--CVE-2025-22150-20260318040256/report.md",
"timeline": "/runs/undici-undici--CVE-2025-22150-20260318040256/timeline.mmd",
"bundle": "/runs/undici-undici--CVE-2025-22150-20260318040256/run.json"
},
"browser_links": [],
"container_links": [
"/runs/undici-undici--CVE-2025-22150-20260318040256/logs/docker/app.log"
],
"request_links": [
"/runs/undici-undici--CVE-2025-22150-20260318040256/logs/attack.json",
"/runs/undici-undici--CVE-2025-22150-20260318040256/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "undici-ssrf",
"vuln_family": "ssrf",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"SSRF proof endpoint confirms only local sink callbacks were performed."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed local sink-only request path."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner validates local callback using undici-style request fixture."
}
],
"browser_assertions": {
"required": false
},
"runner_id": "undici.ssrf",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/undici/ssrf",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed local sink-only request path.",
"Runner validates local callback using undici-style request fixture.",
"SSRF proof endpoint confirms only local sink callbacks were performed."
],
"progress": {
"completed": 10,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/undici-undici--CVE-2025-22150-20260318040256/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/undici-undici--CVE-2025-22150-20260318040256/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/undici-undici--CVE-2025-22150-20260318040256/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/undici-undici--CVE-2025-22150-20260318040256/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/undici-undici--CVE-2025-22150-20260318040256/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/undici-undici--CVE-2025-22150-20260318040256/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/undici-undici--CVE-2025-22150-20260318040256/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/undici-undici--CVE-2025-22150-20260318040256/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/undici-undici--CVE-2025-22150-20260318040256/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "undici-undici--CVE-2024-30261-20260318040251",
"system_id": "undici",
"advisory_id": "undici--CVE-2024-30261",
"repro_profile_id": "undici-ssrf",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2024-30261-20260318040251/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "undici.ssrf",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2024-30261-20260318040251/logs/attack.json"
}
],
"browser_refs": [],
"browser_evidence": {
"required": false,
"present": false,
"refs": [],
"baseline_refs": [],
"proof_refs": [],
"baseline_title": null,
"proof_title": null,
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2024-30261-20260318040251/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2024-30261-20260318040251/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2024-30261-20260318040251/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2024-30261-20260318040251/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T04:02:51+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "undici--CVE-2024-30261"
},
{
"at": "2026-03-18T04:02:51+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "undici-ssrf"
},
{
"at": "2026-03-18T04:02:51+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T04:02:54+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T04:02:54+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T04:02:54+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T04:02:54+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T04:02:54+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T04:02:54+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T04:02:56+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T04:02:56+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "undici-undici--CVE-2024-30261-20260318040251"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "server-side callback reached the local sink"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T04:02:51+00:00",
"finished_at": "2026-03-18T04:02:56+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2024-30261-20260318040251",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2024-30261-20260318040251/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2024-30261-20260318040251/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2024-30261-20260318040251/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/undici-undici--CVE-2024-30261-20260318040251/report.html",
"report_md": "/runs/undici-undici--CVE-2024-30261-20260318040251/report.md",
"timeline": "/runs/undici-undici--CVE-2024-30261-20260318040251/timeline.mmd",
"bundle": "/runs/undici-undici--CVE-2024-30261-20260318040251/run.json"
},
"browser_links": [],
"container_links": [
"/runs/undici-undici--CVE-2024-30261-20260318040251/logs/docker/app.log"
],
"request_links": [
"/runs/undici-undici--CVE-2024-30261-20260318040251/logs/attack.json",
"/runs/undici-undici--CVE-2024-30261-20260318040251/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "undici-ssrf",
"vuln_family": "ssrf",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"SSRF proof endpoint confirms only local sink callbacks were performed."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed local sink-only request path."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner validates local callback using undici-style request fixture."
}
],
"browser_assertions": {
"required": false
},
"runner_id": "undici.ssrf",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/undici/ssrf",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed local sink-only request path.",
"Runner validates local callback using undici-style request fixture.",
"SSRF proof endpoint confirms only local sink callbacks were performed."
],
"progress": {
"completed": 10,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/undici-undici--CVE-2024-30261-20260318040251/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/undici-undici--CVE-2024-30261-20260318040251/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/undici-undici--CVE-2024-30261-20260318040251/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/undici-undici--CVE-2024-30261-20260318040251/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/undici-undici--CVE-2024-30261-20260318040251/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/undici-undici--CVE-2024-30261-20260318040251/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/undici-undici--CVE-2024-30261-20260318040251/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/undici-undici--CVE-2024-30261-20260318040251/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/undici-undici--CVE-2024-30261-20260318040251/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "undici-undici--CVE-2024-30260-20260318040247",
"system_id": "undici",
"advisory_id": "undici--CVE-2024-30260",
"repro_profile_id": "undici-ssrf",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2024-30260-20260318040247/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "undici.ssrf",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2024-30260-20260318040247/logs/attack.json"
}
],
"browser_refs": [],
"browser_evidence": {
"required": false,
"present": false,
"refs": [],
"baseline_refs": [],
"proof_refs": [],
"baseline_title": null,
"proof_title": null,
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2024-30260-20260318040247/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2024-30260-20260318040247/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2024-30260-20260318040247/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2024-30260-20260318040247/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T04:02:47+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "undici--CVE-2024-30260"
},
{
"at": "2026-03-18T04:02:47+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "undici-ssrf"
},
{
"at": "2026-03-18T04:02:47+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T04:02:49+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T04:02:49+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T04:02:49+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T04:02:49+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T04:02:49+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T04:02:50+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T04:02:51+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T04:02:51+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "undici-undici--CVE-2024-30260-20260318040247"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "server-side callback reached the local sink"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T04:02:47+00:00",
"finished_at": "2026-03-18T04:02:51+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2024-30260-20260318040247",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2024-30260-20260318040247/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2024-30260-20260318040247/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2024-30260-20260318040247/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/undici-undici--CVE-2024-30260-20260318040247/report.html",
"report_md": "/runs/undici-undici--CVE-2024-30260-20260318040247/report.md",
"timeline": "/runs/undici-undici--CVE-2024-30260-20260318040247/timeline.mmd",
"bundle": "/runs/undici-undici--CVE-2024-30260-20260318040247/run.json"
},
"browser_links": [],
"container_links": [
"/runs/undici-undici--CVE-2024-30260-20260318040247/logs/docker/app.log"
],
"request_links": [
"/runs/undici-undici--CVE-2024-30260-20260318040247/logs/attack.json",
"/runs/undici-undici--CVE-2024-30260-20260318040247/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "undici-ssrf",
"vuln_family": "ssrf",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"SSRF proof endpoint confirms only local sink callbacks were performed."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed local sink-only request path."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner validates local callback using undici-style request fixture."
}
],
"browser_assertions": {
"required": false
},
"runner_id": "undici.ssrf",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/undici/ssrf",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed local sink-only request path.",
"Runner validates local callback using undici-style request fixture.",
"SSRF proof endpoint confirms only local sink callbacks were performed."
],
"progress": {
"completed": 10,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/undici-undici--CVE-2024-30260-20260318040247/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/undici-undici--CVE-2024-30260-20260318040247/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/undici-undici--CVE-2024-30260-20260318040247/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/undici-undici--CVE-2024-30260-20260318040247/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/undici-undici--CVE-2024-30260-20260318040247/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/undici-undici--CVE-2024-30260-20260318040247/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/undici-undici--CVE-2024-30260-20260318040247/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/undici-undici--CVE-2024-30260-20260318040247/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/undici-undici--CVE-2024-30260-20260318040247/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "undici-undici--CVE-2023-45143-20260318040242",
"system_id": "undici",
"advisory_id": "undici--CVE-2023-45143",
"repro_profile_id": "undici-ssrf",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2023-45143-20260318040242/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "undici.ssrf",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2023-45143-20260318040242/logs/attack.json"
}
],
"browser_refs": [],
"browser_evidence": {
"required": false,
"present": false,
"refs": [],
"baseline_refs": [],
"proof_refs": [],
"baseline_title": null,
"proof_title": null,
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2023-45143-20260318040242/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2023-45143-20260318040242/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2023-45143-20260318040242/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2023-45143-20260318040242/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T04:02:42+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "undici--CVE-2023-45143"
},
{
"at": "2026-03-18T04:02:42+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "undici-ssrf"
},
{
"at": "2026-03-18T04:02:42+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T04:02:45+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T04:02:45+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T04:02:45+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T04:02:45+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T04:02:45+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T04:02:45+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T04:02:46+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T04:02:46+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "undici-undici--CVE-2023-45143-20260318040242"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "server-side callback reached the local sink"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T04:02:42+00:00",
"finished_at": "2026-03-18T04:02:46+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2023-45143-20260318040242",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2023-45143-20260318040242/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2023-45143-20260318040242/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2023-45143-20260318040242/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/undici-undici--CVE-2023-45143-20260318040242/report.html",
"report_md": "/runs/undici-undici--CVE-2023-45143-20260318040242/report.md",
"timeline": "/runs/undici-undici--CVE-2023-45143-20260318040242/timeline.mmd",
"bundle": "/runs/undici-undici--CVE-2023-45143-20260318040242/run.json"
},
"browser_links": [],
"container_links": [
"/runs/undici-undici--CVE-2023-45143-20260318040242/logs/docker/app.log"
],
"request_links": [
"/runs/undici-undici--CVE-2023-45143-20260318040242/logs/attack.json",
"/runs/undici-undici--CVE-2023-45143-20260318040242/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "undici-ssrf",
"vuln_family": "ssrf",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"SSRF proof endpoint confirms only local sink callbacks were performed."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed local sink-only request path."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner validates local callback using undici-style request fixture."
}
],
"browser_assertions": {
"required": false
},
"runner_id": "undici.ssrf",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/undici/ssrf",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed local sink-only request path.",
"Runner validates local callback using undici-style request fixture.",
"SSRF proof endpoint confirms only local sink callbacks were performed."
],
"progress": {
"completed": 10,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/undici-undici--CVE-2023-45143-20260318040242/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/undici-undici--CVE-2023-45143-20260318040242/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/undici-undici--CVE-2023-45143-20260318040242/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/undici-undici--CVE-2023-45143-20260318040242/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/undici-undici--CVE-2023-45143-20260318040242/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/undici-undici--CVE-2023-45143-20260318040242/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/undici-undici--CVE-2023-45143-20260318040242/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/undici-undici--CVE-2023-45143-20260318040242/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/undici-undici--CVE-2023-45143-20260318040242/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "undici-undici--CVE-2022-32210-20260318040238",
"system_id": "undici",
"advisory_id": "undici--CVE-2022-32210",
"repro_profile_id": "undici-ssrf",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2022-32210-20260318040238/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "undici.ssrf",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2022-32210-20260318040238/logs/attack.json"
}
],
"browser_refs": [],
"browser_evidence": {
"required": false,
"present": false,
"refs": [],
"baseline_refs": [],
"proof_refs": [],
"baseline_title": null,
"proof_title": null,
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2022-32210-20260318040238/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2022-32210-20260318040238/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2022-32210-20260318040238/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2022-32210-20260318040238/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T04:02:38+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "undici--CVE-2022-32210"
},
{
"at": "2026-03-18T04:02:38+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "undici-ssrf"
},
{
"at": "2026-03-18T04:02:38+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T04:02:40+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T04:02:40+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T04:02:40+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T04:02:40+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T04:02:40+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T04:02:41+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T04:02:42+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T04:02:42+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "undici-undici--CVE-2022-32210-20260318040238"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "server-side callback reached the local sink"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T04:02:38+00:00",
"finished_at": "2026-03-18T04:02:42+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2022-32210-20260318040238",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2022-32210-20260318040238/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2022-32210-20260318040238/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2022-32210-20260318040238/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/undici-undici--CVE-2022-32210-20260318040238/report.html",
"report_md": "/runs/undici-undici--CVE-2022-32210-20260318040238/report.md",
"timeline": "/runs/undici-undici--CVE-2022-32210-20260318040238/timeline.mmd",
"bundle": "/runs/undici-undici--CVE-2022-32210-20260318040238/run.json"
},
"browser_links": [],
"container_links": [
"/runs/undici-undici--CVE-2022-32210-20260318040238/logs/docker/app.log"
],
"request_links": [
"/runs/undici-undici--CVE-2022-32210-20260318040238/logs/attack.json",
"/runs/undici-undici--CVE-2022-32210-20260318040238/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "undici-ssrf",
"vuln_family": "ssrf",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"SSRF proof endpoint confirms only local sink callbacks were performed."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed local sink-only request path."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner validates local callback using undici-style request fixture."
}
],
"browser_assertions": {
"required": false
},
"runner_id": "undici.ssrf",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/undici/ssrf",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed local sink-only request path.",
"Runner validates local callback using undici-style request fixture.",
"SSRF proof endpoint confirms only local sink callbacks were performed."
],
"progress": {
"completed": 10,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/undici-undici--CVE-2022-32210-20260318040238/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/undici-undici--CVE-2022-32210-20260318040238/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/undici-undici--CVE-2022-32210-20260318040238/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/undici-undici--CVE-2022-32210-20260318040238/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/undici-undici--CVE-2022-32210-20260318040238/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/undici-undici--CVE-2022-32210-20260318040238/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/undici-undici--CVE-2022-32210-20260318040238/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/undici-undici--CVE-2022-32210-20260318040238/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/undici-undici--CVE-2022-32210-20260318040238/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "undici-undici--CVE-2022-31151-20260318040233",
"system_id": "undici",
"advisory_id": "undici--CVE-2022-31151",
"repro_profile_id": "undici-ssrf",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2022-31151-20260318040233/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "undici.ssrf",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2022-31151-20260318040233/logs/attack.json"
}
],
"browser_refs": [],
"browser_evidence": {
"required": false,
"present": false,
"refs": [],
"baseline_refs": [],
"proof_refs": [],
"baseline_title": null,
"proof_title": null,
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2022-31151-20260318040233/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2022-31151-20260318040233/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2022-31151-20260318040233/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2022-31151-20260318040233/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T04:02:33+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "undici--CVE-2022-31151"
},
{
"at": "2026-03-18T04:02:33+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "undici-ssrf"
},
{
"at": "2026-03-18T04:02:33+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T04:02:36+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T04:02:36+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T04:02:36+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T04:02:36+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T04:02:36+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T04:02:36+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T04:02:37+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T04:02:37+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "undici-undici--CVE-2022-31151-20260318040233"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "server-side callback reached the local sink"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T04:02:33+00:00",
"finished_at": "2026-03-18T04:02:37+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2022-31151-20260318040233",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2022-31151-20260318040233/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2022-31151-20260318040233/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2022-31151-20260318040233/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/undici-undici--CVE-2022-31151-20260318040233/report.html",
"report_md": "/runs/undici-undici--CVE-2022-31151-20260318040233/report.md",
"timeline": "/runs/undici-undici--CVE-2022-31151-20260318040233/timeline.mmd",
"bundle": "/runs/undici-undici--CVE-2022-31151-20260318040233/run.json"
},
"browser_links": [],
"container_links": [
"/runs/undici-undici--CVE-2022-31151-20260318040233/logs/docker/app.log"
],
"request_links": [
"/runs/undici-undici--CVE-2022-31151-20260318040233/logs/attack.json",
"/runs/undici-undici--CVE-2022-31151-20260318040233/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "undici-ssrf",
"vuln_family": "ssrf",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"SSRF proof endpoint confirms only local sink callbacks were performed."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed local sink-only request path."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner validates local callback using undici-style request fixture."
}
],
"browser_assertions": {
"required": false
},
"runner_id": "undici.ssrf",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/undici/ssrf",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed local sink-only request path.",
"Runner validates local callback using undici-style request fixture.",
"SSRF proof endpoint confirms only local sink callbacks were performed."
],
"progress": {
"completed": 10,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/undici-undici--CVE-2022-31151-20260318040233/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/undici-undici--CVE-2022-31151-20260318040233/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/undici-undici--CVE-2022-31151-20260318040233/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/undici-undici--CVE-2022-31151-20260318040233/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/undici-undici--CVE-2022-31151-20260318040233/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/undici-undici--CVE-2022-31151-20260318040233/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/undici-undici--CVE-2022-31151-20260318040233/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/undici-undici--CVE-2022-31151-20260318040233/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/undici-undici--CVE-2022-31151-20260318040233/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848",
"system_id": "nextjs",
"advisory_id": "nextjs--GHSA-w37m-7fhw-fmv9",
"repro_profile_id": "nextjs-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "nextjs.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/logs/proof-page.json"
],
"baseline_title": "Next.js Proxy Boundary Fixture",
"proof_title": "Next.js Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:58:48+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "nextjs--GHSA-w37m-7fhw-fmv9"
},
{
"at": "2026-03-18T03:58:48+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "nextjs-proxy-boundary"
},
{
"at": "2026-03-18T03:58:49+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:58:51+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:58:51+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:58:51+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:58:51+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:58:52+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:58:52+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:58:53+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:58:53+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:58:55+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:58:55+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:58:48+00:00",
"finished_at": "2026-03-18T03:58:55+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/report.html",
"report_md": "/runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/report.md",
"timeline": "/runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/timeline.mmd",
"bundle": "/runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/run.json"
},
"browser_links": [
"/runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/assets/baseline.png",
"/runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/assets/baseline-dom.html",
"/runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/logs/baseline-console.json",
"/runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/logs/baseline-network.json",
"/runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/logs/baseline-page.json",
"/runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/assets/proof.png",
"/runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/assets/proof-dom.html",
"/runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/logs/proof-console.json",
"/runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/logs/proof-network.json",
"/runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/logs/proof-page.json"
],
"container_links": [
"/runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/logs/docker/app.log"
],
"request_links": [
"/runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/logs/attack.json",
"/runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "nextjs-proxy-boundary",
"vuln_family": "proxy-boundary",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Middleware trust-boundary proof is visible on the browser proof page."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed middleware boundary fixture with clean proxy state."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner performs forwarded-header proof against local fixture only."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "nextjs.proxy-boundary",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/nextjs/proxy-boundary",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed middleware boundary fixture with clean proxy state.",
"Runner performs forwarded-header proof against local fixture only.",
"Middleware trust-boundary proof is visible on the browser proof page."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--GHSA-w37m-7fhw-fmv9-20260318035848/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842",
"system_id": "nextjs",
"advisory_id": "nextjs--GHSA-mwv6-3258-q52c",
"repro_profile_id": "nextjs-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "nextjs.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/logs/proof-page.json"
],
"baseline_title": "Next.js Proxy Boundary Fixture",
"proof_title": "Next.js Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:58:42+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "nextjs--GHSA-mwv6-3258-q52c"
},
{
"at": "2026-03-18T03:58:42+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "nextjs-proxy-boundary"
},
{
"at": "2026-03-18T03:58:42+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:58:45+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:58:45+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:58:45+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:58:45+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:58:46+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:58:46+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:58:46+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:58:47+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:58:48+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:58:48+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:58:42+00:00",
"finished_at": "2026-03-18T03:58:48+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/report.html",
"report_md": "/runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/report.md",
"timeline": "/runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/timeline.mmd",
"bundle": "/runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/run.json"
},
"browser_links": [
"/runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/assets/baseline.png",
"/runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/assets/baseline-dom.html",
"/runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/logs/baseline-console.json",
"/runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/logs/baseline-network.json",
"/runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/logs/baseline-page.json",
"/runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/assets/proof.png",
"/runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/assets/proof-dom.html",
"/runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/logs/proof-console.json",
"/runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/logs/proof-network.json",
"/runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/logs/proof-page.json"
],
"container_links": [
"/runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/logs/docker/app.log"
],
"request_links": [
"/runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/logs/attack.json",
"/runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "nextjs-proxy-boundary",
"vuln_family": "proxy-boundary",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Middleware trust-boundary proof is visible on the browser proof page."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed middleware boundary fixture with clean proxy state."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner performs forwarded-header proof against local fixture only."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "nextjs.proxy-boundary",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/nextjs/proxy-boundary",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed middleware boundary fixture with clean proxy state.",
"Runner performs forwarded-header proof against local fixture only.",
"Middleware trust-boundary proof is visible on the browser proof page."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--GHSA-mwv6-3258-q52c-20260318035842/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "nextjs-nextjs--GHSA-h25m-26qc-wcjf-20260318035837",
"system_id": "nextjs",
"advisory_id": "nextjs--GHSA-h25m-26qc-wcjf",
"repro_profile_id": "nextjs-deserialization",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-h25m-26qc-wcjf-20260318035837/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "nextjs.deserialization",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-h25m-26qc-wcjf-20260318035837/logs/attack.json"
}
],
"browser_refs": [],
"browser_evidence": {
"required": false,
"present": false,
"refs": [],
"baseline_refs": [],
"proof_refs": [],
"baseline_title": null,
"proof_title": null,
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-h25m-26qc-wcjf-20260318035837/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-h25m-26qc-wcjf-20260318035837/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-h25m-26qc-wcjf-20260318035837/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-h25m-26qc-wcjf-20260318035837/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:58:37+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "nextjs--GHSA-h25m-26qc-wcjf"
},
{
"at": "2026-03-18T03:58:37+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "nextjs-deserialization"
},
{
"at": "2026-03-18T03:58:37+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:58:40+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:58:40+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:58:40+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:58:40+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:58:40+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:58:40+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:58:41+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:58:41+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "nextjs-nextjs--GHSA-h25m-26qc-wcjf-20260318035837"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "unsafe object graph decoded without gadget execution"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:58:37+00:00",
"finished_at": "2026-03-18T03:58:41+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-h25m-26qc-wcjf-20260318035837",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-h25m-26qc-wcjf-20260318035837/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-h25m-26qc-wcjf-20260318035837/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-h25m-26qc-wcjf-20260318035837/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/nextjs-nextjs--GHSA-h25m-26qc-wcjf-20260318035837/report.html",
"report_md": "/runs/nextjs-nextjs--GHSA-h25m-26qc-wcjf-20260318035837/report.md",
"timeline": "/runs/nextjs-nextjs--GHSA-h25m-26qc-wcjf-20260318035837/timeline.mmd",
"bundle": "/runs/nextjs-nextjs--GHSA-h25m-26qc-wcjf-20260318035837/run.json"
},
"browser_links": [],
"container_links": [
"/runs/nextjs-nextjs--GHSA-h25m-26qc-wcjf-20260318035837/logs/docker/app.log"
],
"request_links": [
"/runs/nextjs-nextjs--GHSA-h25m-26qc-wcjf-20260318035837/logs/attack.json",
"/runs/nextjs-nextjs--GHSA-h25m-26qc-wcjf-20260318035837/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "nextjs-deserialization",
"vuln_family": "deserialization",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Inert decoded object marker is present without executing a gadget chain."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed inert decode path before proof request."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner demonstrates unsafe decode path without gadget execution."
}
],
"browser_assertions": {
"required": false
},
"runner_id": "nextjs.deserialization",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/nextjs/deserialization",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed inert decode path before proof request.",
"Runner demonstrates unsafe decode path without gadget execution.",
"Inert decoded object marker is present without executing a gadget chain."
],
"progress": {
"completed": 10,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/nextjs-nextjs--GHSA-h25m-26qc-wcjf-20260318035837/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--GHSA-h25m-26qc-wcjf-20260318035837/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--GHSA-h25m-26qc-wcjf-20260318035837/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--GHSA-h25m-26qc-wcjf-20260318035837/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--GHSA-h25m-26qc-wcjf-20260318035837/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--GHSA-h25m-26qc-wcjf-20260318035837/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--GHSA-h25m-26qc-wcjf-20260318035837/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--GHSA-h25m-26qc-wcjf-20260318035837/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--GHSA-h25m-26qc-wcjf-20260318035837/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830",
"system_id": "nextjs",
"advisory_id": "nextjs--GHSA-9qr9-h5gf-34mp",
"repro_profile_id": "nextjs-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "nextjs.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/logs/proof-page.json"
],
"baseline_title": "Next.js Proxy Boundary Fixture",
"proof_title": "Next.js Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:58:30+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "nextjs--GHSA-9qr9-h5gf-34mp"
},
{
"at": "2026-03-18T03:58:30+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "nextjs-proxy-boundary"
},
{
"at": "2026-03-18T03:58:31+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:58:34+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:58:34+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:58:34+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:58:34+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:58:34+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:58:34+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:58:35+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:58:36+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:58:37+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:58:37+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:58:30+00:00",
"finished_at": "2026-03-18T03:58:37+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/report.html",
"report_md": "/runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/report.md",
"timeline": "/runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/timeline.mmd",
"bundle": "/runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/run.json"
},
"browser_links": [
"/runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/assets/baseline.png",
"/runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/assets/baseline-dom.html",
"/runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/logs/baseline-console.json",
"/runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/logs/baseline-network.json",
"/runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/logs/baseline-page.json",
"/runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/assets/proof.png",
"/runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/assets/proof-dom.html",
"/runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/logs/proof-console.json",
"/runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/logs/proof-network.json",
"/runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/logs/proof-page.json"
],
"container_links": [
"/runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/logs/docker/app.log"
],
"request_links": [
"/runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/logs/attack.json",
"/runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "nextjs-proxy-boundary",
"vuln_family": "proxy-boundary",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Middleware trust-boundary proof is visible on the browser proof page."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed middleware boundary fixture with clean proxy state."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner performs forwarded-header proof against local fixture only."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "nextjs.proxy-boundary",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/nextjs/proxy-boundary",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed middleware boundary fixture with clean proxy state.",
"Runner performs forwarded-header proof against local fixture only.",
"Middleware trust-boundary proof is visible on the browser proof page."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--GHSA-9qr9-h5gf-34mp-20260318035830/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824",
"system_id": "nextjs",
"advisory_id": "nextjs--GHSA-5j59-xgg2-r9c4",
"repro_profile_id": "nextjs-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "nextjs.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/logs/proof-page.json"
],
"baseline_title": "Next.js Proxy Boundary Fixture",
"proof_title": "Next.js Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:58:24+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "nextjs--GHSA-5j59-xgg2-r9c4"
},
{
"at": "2026-03-18T03:58:24+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "nextjs-proxy-boundary"
},
{
"at": "2026-03-18T03:58:24+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:58:27+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:58:27+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:58:27+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:58:27+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:58:28+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:58:28+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:58:29+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:58:29+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:58:30+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:58:30+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:58:24+00:00",
"finished_at": "2026-03-18T03:58:30+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/report.html",
"report_md": "/runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/report.md",
"timeline": "/runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/timeline.mmd",
"bundle": "/runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/run.json"
},
"browser_links": [
"/runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/assets/baseline.png",
"/runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/assets/baseline-dom.html",
"/runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/logs/baseline-console.json",
"/runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/logs/baseline-network.json",
"/runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/logs/baseline-page.json",
"/runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/assets/proof.png",
"/runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/assets/proof-dom.html",
"/runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/logs/proof-console.json",
"/runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/logs/proof-network.json",
"/runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/logs/proof-page.json"
],
"container_links": [
"/runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/logs/docker/app.log"
],
"request_links": [
"/runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/logs/attack.json",
"/runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "nextjs-proxy-boundary",
"vuln_family": "proxy-boundary",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Middleware trust-boundary proof is visible on the browser proof page."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed middleware boundary fixture with clean proxy state."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner performs forwarded-header proof against local fixture only."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "nextjs.proxy-boundary",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/nextjs/proxy-boundary",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed middleware boundary fixture with clean proxy state.",
"Runner performs forwarded-header proof against local fixture only.",
"Middleware trust-boundary proof is visible on the browser proof page."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--GHSA-5j59-xgg2-r9c4-20260318035824/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "nextjs-nextjs--CVE-2025-59472-20260318035817",
"system_id": "nextjs",
"advisory_id": "nextjs--CVE-2025-59472",
"repro_profile_id": "nextjs-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59472-20260318035817/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "nextjs.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59472-20260318035817/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59472-20260318035817/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59472-20260318035817/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59472-20260318035817/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59472-20260318035817/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59472-20260318035817/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59472-20260318035817/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59472-20260318035817/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59472-20260318035817/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59472-20260318035817/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59472-20260318035817/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59472-20260318035817/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59472-20260318035817/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59472-20260318035817/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59472-20260318035817/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59472-20260318035817/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59472-20260318035817/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59472-20260318035817/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59472-20260318035817/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59472-20260318035817/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59472-20260318035817/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59472-20260318035817/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59472-20260318035817/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59472-20260318035817/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59472-20260318035817/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59472-20260318035817/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59472-20260318035817/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59472-20260318035817/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59472-20260318035817/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59472-20260318035817/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59472-20260318035817/logs/proof-page.json"
],
"baseline_title": "Next.js Proxy Boundary Fixture",
"proof_title": "Next.js Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59472-20260318035817/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59472-20260318035817/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59472-20260318035817/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59472-20260318035817/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:58:17+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "nextjs--CVE-2025-59472"
},
{
"at": "2026-03-18T03:58:17+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "nextjs-proxy-boundary"
},
{
"at": "2026-03-18T03:58:18+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:58:20+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:58:20+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:58:20+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:58:20+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:58:21+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:58:21+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:58:22+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:58:22+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:58:24+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:58:24+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "nextjs-nextjs--CVE-2025-59472-20260318035817"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:58:17+00:00",
"finished_at": "2026-03-18T03:58:24+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59472-20260318035817",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59472-20260318035817/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59472-20260318035817/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59472-20260318035817/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/nextjs-nextjs--CVE-2025-59472-20260318035817/report.html",
"report_md": "/runs/nextjs-nextjs--CVE-2025-59472-20260318035817/report.md",
"timeline": "/runs/nextjs-nextjs--CVE-2025-59472-20260318035817/timeline.mmd",
"bundle": "/runs/nextjs-nextjs--CVE-2025-59472-20260318035817/run.json"
},
"browser_links": [
"/runs/nextjs-nextjs--CVE-2025-59472-20260318035817/assets/baseline.png",
"/runs/nextjs-nextjs--CVE-2025-59472-20260318035817/assets/baseline-dom.html",
"/runs/nextjs-nextjs--CVE-2025-59472-20260318035817/logs/baseline-console.json",
"/runs/nextjs-nextjs--CVE-2025-59472-20260318035817/logs/baseline-network.json",
"/runs/nextjs-nextjs--CVE-2025-59472-20260318035817/logs/baseline-page.json",
"/runs/nextjs-nextjs--CVE-2025-59472-20260318035817/assets/proof.png",
"/runs/nextjs-nextjs--CVE-2025-59472-20260318035817/assets/proof-dom.html",
"/runs/nextjs-nextjs--CVE-2025-59472-20260318035817/logs/proof-console.json",
"/runs/nextjs-nextjs--CVE-2025-59472-20260318035817/logs/proof-network.json",
"/runs/nextjs-nextjs--CVE-2025-59472-20260318035817/logs/proof-page.json"
],
"container_links": [
"/runs/nextjs-nextjs--CVE-2025-59472-20260318035817/logs/docker/app.log"
],
"request_links": [
"/runs/nextjs-nextjs--CVE-2025-59472-20260318035817/logs/attack.json",
"/runs/nextjs-nextjs--CVE-2025-59472-20260318035817/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "nextjs-proxy-boundary",
"vuln_family": "proxy-boundary",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Middleware trust-boundary proof is visible on the browser proof page."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed middleware boundary fixture with clean proxy state."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner performs forwarded-header proof against local fixture only."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "nextjs.proxy-boundary",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/nextjs/proxy-boundary",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed middleware boundary fixture with clean proxy state.",
"Runner performs forwarded-header proof against local fixture only.",
"Middleware trust-boundary proof is visible on the browser proof page."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-59472-20260318035817/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-59472-20260318035817/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-59472-20260318035817/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-59472-20260318035817/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-59472-20260318035817/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-59472-20260318035817/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-59472-20260318035817/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-59472-20260318035817/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-59472-20260318035817/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-59472-20260318035817/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-59472-20260318035817/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-59472-20260318035817/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-59472-20260318035817/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-59472-20260318035817/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-59472-20260318035817/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-59472-20260318035817/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-59472-20260318035817/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-59472-20260318035817/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-59472-20260318035817/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "nextjs-nextjs--CVE-2025-59471-20260318035811",
"system_id": "nextjs",
"advisory_id": "nextjs--CVE-2025-59471",
"repro_profile_id": "nextjs-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59471-20260318035811/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "nextjs.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59471-20260318035811/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59471-20260318035811/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59471-20260318035811/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59471-20260318035811/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59471-20260318035811/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59471-20260318035811/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59471-20260318035811/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59471-20260318035811/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59471-20260318035811/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59471-20260318035811/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59471-20260318035811/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59471-20260318035811/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59471-20260318035811/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59471-20260318035811/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59471-20260318035811/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59471-20260318035811/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59471-20260318035811/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59471-20260318035811/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59471-20260318035811/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59471-20260318035811/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59471-20260318035811/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59471-20260318035811/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59471-20260318035811/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59471-20260318035811/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59471-20260318035811/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59471-20260318035811/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59471-20260318035811/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59471-20260318035811/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59471-20260318035811/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59471-20260318035811/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59471-20260318035811/logs/proof-page.json"
],
"baseline_title": "Next.js Proxy Boundary Fixture",
"proof_title": "Next.js Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59471-20260318035811/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59471-20260318035811/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59471-20260318035811/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59471-20260318035811/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:58:11+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "nextjs--CVE-2025-59471"
},
{
"at": "2026-03-18T03:58:11+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "nextjs-proxy-boundary"
},
{
"at": "2026-03-18T03:58:11+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:58:14+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:58:14+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:58:14+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:58:14+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:58:15+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:58:15+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:58:16+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:58:16+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:58:17+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:58:17+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "nextjs-nextjs--CVE-2025-59471-20260318035811"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:58:11+00:00",
"finished_at": "2026-03-18T03:58:17+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59471-20260318035811",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59471-20260318035811/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59471-20260318035811/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-59471-20260318035811/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/nextjs-nextjs--CVE-2025-59471-20260318035811/report.html",
"report_md": "/runs/nextjs-nextjs--CVE-2025-59471-20260318035811/report.md",
"timeline": "/runs/nextjs-nextjs--CVE-2025-59471-20260318035811/timeline.mmd",
"bundle": "/runs/nextjs-nextjs--CVE-2025-59471-20260318035811/run.json"
},
"browser_links": [
"/runs/nextjs-nextjs--CVE-2025-59471-20260318035811/assets/baseline.png",
"/runs/nextjs-nextjs--CVE-2025-59471-20260318035811/assets/baseline-dom.html",
"/runs/nextjs-nextjs--CVE-2025-59471-20260318035811/logs/baseline-console.json",
"/runs/nextjs-nextjs--CVE-2025-59471-20260318035811/logs/baseline-network.json",
"/runs/nextjs-nextjs--CVE-2025-59471-20260318035811/logs/baseline-page.json",
"/runs/nextjs-nextjs--CVE-2025-59471-20260318035811/assets/proof.png",
"/runs/nextjs-nextjs--CVE-2025-59471-20260318035811/assets/proof-dom.html",
"/runs/nextjs-nextjs--CVE-2025-59471-20260318035811/logs/proof-console.json",
"/runs/nextjs-nextjs--CVE-2025-59471-20260318035811/logs/proof-network.json",
"/runs/nextjs-nextjs--CVE-2025-59471-20260318035811/logs/proof-page.json"
],
"container_links": [
"/runs/nextjs-nextjs--CVE-2025-59471-20260318035811/logs/docker/app.log"
],
"request_links": [
"/runs/nextjs-nextjs--CVE-2025-59471-20260318035811/logs/attack.json",
"/runs/nextjs-nextjs--CVE-2025-59471-20260318035811/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "nextjs-proxy-boundary",
"vuln_family": "proxy-boundary",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Middleware trust-boundary proof is visible on the browser proof page."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed middleware boundary fixture with clean proxy state."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner performs forwarded-header proof against local fixture only."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "nextjs.proxy-boundary",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/nextjs/proxy-boundary",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed middleware boundary fixture with clean proxy state.",
"Runner performs forwarded-header proof against local fixture only.",
"Middleware trust-boundary proof is visible on the browser proof page."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-59471-20260318035811/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-59471-20260318035811/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-59471-20260318035811/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-59471-20260318035811/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-59471-20260318035811/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-59471-20260318035811/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-59471-20260318035811/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-59471-20260318035811/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-59471-20260318035811/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-59471-20260318035811/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-59471-20260318035811/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-59471-20260318035811/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-59471-20260318035811/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-59471-20260318035811/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-59471-20260318035811/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-59471-20260318035811/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-59471-20260318035811/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-59471-20260318035811/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-59471-20260318035811/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "nextjs-nextjs--CVE-2025-57822-20260318035806",
"system_id": "nextjs",
"advisory_id": "nextjs--CVE-2025-57822",
"repro_profile_id": "nextjs-ssrf",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57822-20260318035806/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "nextjs.ssrf",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57822-20260318035806/logs/attack.json"
}
],
"browser_refs": [],
"browser_evidence": {
"required": false,
"present": false,
"refs": [],
"baseline_refs": [],
"proof_refs": [],
"baseline_title": null,
"proof_title": null,
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57822-20260318035806/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57822-20260318035806/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57822-20260318035806/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57822-20260318035806/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:58:06+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "nextjs--CVE-2025-57822"
},
{
"at": "2026-03-18T03:58:06+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "nextjs-ssrf"
},
{
"at": "2026-03-18T03:58:06+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:58:09+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:58:09+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:58:09+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:58:09+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:58:09+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:58:09+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:58:11+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:58:11+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "nextjs-nextjs--CVE-2025-57822-20260318035806"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "server-side callback reached the local sink"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:58:06+00:00",
"finished_at": "2026-03-18T03:58:11+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57822-20260318035806",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57822-20260318035806/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57822-20260318035806/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57822-20260318035806/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/nextjs-nextjs--CVE-2025-57822-20260318035806/report.html",
"report_md": "/runs/nextjs-nextjs--CVE-2025-57822-20260318035806/report.md",
"timeline": "/runs/nextjs-nextjs--CVE-2025-57822-20260318035806/timeline.mmd",
"bundle": "/runs/nextjs-nextjs--CVE-2025-57822-20260318035806/run.json"
},
"browser_links": [],
"container_links": [
"/runs/nextjs-nextjs--CVE-2025-57822-20260318035806/logs/docker/app.log"
],
"request_links": [
"/runs/nextjs-nextjs--CVE-2025-57822-20260318035806/logs/attack.json",
"/runs/nextjs-nextjs--CVE-2025-57822-20260318035806/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "nextjs-ssrf",
"vuln_family": "ssrf",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Local sink callback is observed from the server-side fetch path."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed local callback fixture state."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner validates sink callback without leaving local network."
}
],
"browser_assertions": {
"required": false
},
"runner_id": "nextjs.ssrf",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/nextjs/ssrf",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed local callback fixture state.",
"Runner validates sink callback without leaving local network.",
"Local sink callback is observed from the server-side fetch path."
],
"progress": {
"completed": 10,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-57822-20260318035806/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-57822-20260318035806/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-57822-20260318035806/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-57822-20260318035806/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-57822-20260318035806/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-57822-20260318035806/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-57822-20260318035806/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-57822-20260318035806/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-57822-20260318035806/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "nextjs-nextjs--CVE-2025-57752-20260318035800",
"system_id": "nextjs",
"advisory_id": "nextjs--CVE-2025-57752",
"repro_profile_id": "nextjs-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57752-20260318035800/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "nextjs.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57752-20260318035800/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57752-20260318035800/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57752-20260318035800/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57752-20260318035800/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57752-20260318035800/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57752-20260318035800/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57752-20260318035800/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57752-20260318035800/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57752-20260318035800/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57752-20260318035800/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57752-20260318035800/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57752-20260318035800/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57752-20260318035800/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57752-20260318035800/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57752-20260318035800/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57752-20260318035800/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57752-20260318035800/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57752-20260318035800/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57752-20260318035800/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57752-20260318035800/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57752-20260318035800/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57752-20260318035800/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57752-20260318035800/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57752-20260318035800/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57752-20260318035800/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57752-20260318035800/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57752-20260318035800/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57752-20260318035800/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57752-20260318035800/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57752-20260318035800/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57752-20260318035800/logs/proof-page.json"
],
"baseline_title": "Next.js Proxy Boundary Fixture",
"proof_title": "Next.js Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57752-20260318035800/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57752-20260318035800/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57752-20260318035800/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57752-20260318035800/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:58:00+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "nextjs--CVE-2025-57752"
},
{
"at": "2026-03-18T03:58:00+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "nextjs-proxy-boundary"
},
{
"at": "2026-03-18T03:58:00+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:58:03+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:58:03+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:58:03+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:58:03+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:58:04+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:58:04+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:58:05+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:58:05+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:58:06+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:58:06+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "nextjs-nextjs--CVE-2025-57752-20260318035800"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:58:00+00:00",
"finished_at": "2026-03-18T03:58:06+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57752-20260318035800",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57752-20260318035800/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57752-20260318035800/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-57752-20260318035800/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/nextjs-nextjs--CVE-2025-57752-20260318035800/report.html",
"report_md": "/runs/nextjs-nextjs--CVE-2025-57752-20260318035800/report.md",
"timeline": "/runs/nextjs-nextjs--CVE-2025-57752-20260318035800/timeline.mmd",
"bundle": "/runs/nextjs-nextjs--CVE-2025-57752-20260318035800/run.json"
},
"browser_links": [
"/runs/nextjs-nextjs--CVE-2025-57752-20260318035800/assets/baseline.png",
"/runs/nextjs-nextjs--CVE-2025-57752-20260318035800/assets/baseline-dom.html",
"/runs/nextjs-nextjs--CVE-2025-57752-20260318035800/logs/baseline-console.json",
"/runs/nextjs-nextjs--CVE-2025-57752-20260318035800/logs/baseline-network.json",
"/runs/nextjs-nextjs--CVE-2025-57752-20260318035800/logs/baseline-page.json",
"/runs/nextjs-nextjs--CVE-2025-57752-20260318035800/assets/proof.png",
"/runs/nextjs-nextjs--CVE-2025-57752-20260318035800/assets/proof-dom.html",
"/runs/nextjs-nextjs--CVE-2025-57752-20260318035800/logs/proof-console.json",
"/runs/nextjs-nextjs--CVE-2025-57752-20260318035800/logs/proof-network.json",
"/runs/nextjs-nextjs--CVE-2025-57752-20260318035800/logs/proof-page.json"
],
"container_links": [
"/runs/nextjs-nextjs--CVE-2025-57752-20260318035800/logs/docker/app.log"
],
"request_links": [
"/runs/nextjs-nextjs--CVE-2025-57752-20260318035800/logs/attack.json",
"/runs/nextjs-nextjs--CVE-2025-57752-20260318035800/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "nextjs-proxy-boundary",
"vuln_family": "proxy-boundary",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Middleware trust-boundary proof is visible on the browser proof page."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed middleware boundary fixture with clean proxy state."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner performs forwarded-header proof against local fixture only."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "nextjs.proxy-boundary",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/nextjs/proxy-boundary",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed middleware boundary fixture with clean proxy state.",
"Runner performs forwarded-header proof against local fixture only.",
"Middleware trust-boundary proof is visible on the browser proof page."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-57752-20260318035800/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-57752-20260318035800/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-57752-20260318035800/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-57752-20260318035800/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-57752-20260318035800/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-57752-20260318035800/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-57752-20260318035800/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-57752-20260318035800/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-57752-20260318035800/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-57752-20260318035800/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-57752-20260318035800/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-57752-20260318035800/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-57752-20260318035800/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-57752-20260318035800/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-57752-20260318035800/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-57752-20260318035800/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-57752-20260318035800/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-57752-20260318035800/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-57752-20260318035800/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "nextjs-nextjs--CVE-2025-55173-20260318035753",
"system_id": "nextjs",
"advisory_id": "nextjs--CVE-2025-55173",
"repro_profile_id": "nextjs-xss",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-55173-20260318035753/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "nextjs.xss",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-55173-20260318035753/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-55173-20260318035753/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-55173-20260318035753/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-55173-20260318035753/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-55173-20260318035753/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-55173-20260318035753/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-55173-20260318035753/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-55173-20260318035753/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-55173-20260318035753/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-55173-20260318035753/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-55173-20260318035753/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-55173-20260318035753/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-55173-20260318035753/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-55173-20260318035753/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-55173-20260318035753/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-55173-20260318035753/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-55173-20260318035753/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-55173-20260318035753/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-55173-20260318035753/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-55173-20260318035753/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-55173-20260318035753/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-55173-20260318035753/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-55173-20260318035753/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-55173-20260318035753/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-55173-20260318035753/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-55173-20260318035753/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-55173-20260318035753/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-55173-20260318035753/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-55173-20260318035753/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-55173-20260318035753/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-55173-20260318035753/logs/proof-page.json"
],
"baseline_title": "Next.js XSS Fixture",
"proof_title": "Next.js XSS Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-55173-20260318035753/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-55173-20260318035753/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-55173-20260318035753/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-55173-20260318035753/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:57:53+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "nextjs--CVE-2025-55173"
},
{
"at": "2026-03-18T03:57:53+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "nextjs-xss"
},
{
"at": "2026-03-18T03:57:54+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:57:56+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:57:56+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:57:56+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:57:56+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:57:57+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:57:57+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:57:58+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:57:58+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:58:00+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:58:00+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "nextjs-nextjs--CVE-2025-55173-20260318035753"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "stored payload rendered inside the browser proof page"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:57:53+00:00",
"finished_at": "2026-03-18T03:58:00+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-55173-20260318035753",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-55173-20260318035753/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-55173-20260318035753/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-55173-20260318035753/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/nextjs-nextjs--CVE-2025-55173-20260318035753/report.html",
"report_md": "/runs/nextjs-nextjs--CVE-2025-55173-20260318035753/report.md",
"timeline": "/runs/nextjs-nextjs--CVE-2025-55173-20260318035753/timeline.mmd",
"bundle": "/runs/nextjs-nextjs--CVE-2025-55173-20260318035753/run.json"
},
"browser_links": [
"/runs/nextjs-nextjs--CVE-2025-55173-20260318035753/assets/baseline.png",
"/runs/nextjs-nextjs--CVE-2025-55173-20260318035753/assets/baseline-dom.html",
"/runs/nextjs-nextjs--CVE-2025-55173-20260318035753/logs/baseline-console.json",
"/runs/nextjs-nextjs--CVE-2025-55173-20260318035753/logs/baseline-network.json",
"/runs/nextjs-nextjs--CVE-2025-55173-20260318035753/logs/baseline-page.json",
"/runs/nextjs-nextjs--CVE-2025-55173-20260318035753/assets/proof.png",
"/runs/nextjs-nextjs--CVE-2025-55173-20260318035753/assets/proof-dom.html",
"/runs/nextjs-nextjs--CVE-2025-55173-20260318035753/logs/proof-console.json",
"/runs/nextjs-nextjs--CVE-2025-55173-20260318035753/logs/proof-network.json",
"/runs/nextjs-nextjs--CVE-2025-55173-20260318035753/logs/proof-page.json"
],
"container_links": [
"/runs/nextjs-nextjs--CVE-2025-55173-20260318035753/logs/docker/app.log"
],
"request_links": [
"/runs/nextjs-nextjs--CVE-2025-55173-20260318035753/logs/attack.json",
"/runs/nextjs-nextjs--CVE-2025-55173-20260318035753/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "nextjs-xss",
"vuln_family": "xss",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Browser proof page shows the XSS execution marker after the controlled payload."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed client-rendering page for XSS proof capture."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner injects inert payload and captures browser proof."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "nextjs.xss",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/nextjs/xss",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed client-rendering page for XSS proof capture.",
"Runner injects inert payload and captures browser proof.",
"Browser proof page shows the XSS execution marker after the controlled payload."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-55173-20260318035753/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-55173-20260318035753/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-55173-20260318035753/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-55173-20260318035753/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-55173-20260318035753/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-55173-20260318035753/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-55173-20260318035753/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-55173-20260318035753/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-55173-20260318035753/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-55173-20260318035753/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-55173-20260318035753/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-55173-20260318035753/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-55173-20260318035753/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-55173-20260318035753/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-55173-20260318035753/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-55173-20260318035753/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-55173-20260318035753/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-55173-20260318035753/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-55173-20260318035753/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "nextjs-nextjs--CVE-2025-49826-20260318035747",
"system_id": "nextjs",
"advisory_id": "nextjs--CVE-2025-49826",
"repro_profile_id": "nextjs-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49826-20260318035747/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "nextjs.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49826-20260318035747/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49826-20260318035747/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49826-20260318035747/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49826-20260318035747/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49826-20260318035747/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49826-20260318035747/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49826-20260318035747/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49826-20260318035747/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49826-20260318035747/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49826-20260318035747/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49826-20260318035747/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49826-20260318035747/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49826-20260318035747/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49826-20260318035747/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49826-20260318035747/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49826-20260318035747/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49826-20260318035747/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49826-20260318035747/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49826-20260318035747/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49826-20260318035747/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49826-20260318035747/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49826-20260318035747/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49826-20260318035747/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49826-20260318035747/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49826-20260318035747/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49826-20260318035747/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49826-20260318035747/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49826-20260318035747/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49826-20260318035747/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49826-20260318035747/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49826-20260318035747/logs/proof-page.json"
],
"baseline_title": "Next.js Proxy Boundary Fixture",
"proof_title": "Next.js Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49826-20260318035747/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49826-20260318035747/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49826-20260318035747/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49826-20260318035747/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:57:47+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "nextjs--CVE-2025-49826"
},
{
"at": "2026-03-18T03:57:47+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "nextjs-proxy-boundary"
},
{
"at": "2026-03-18T03:57:47+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:57:50+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:57:50+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:57:50+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:57:50+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:57:51+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:57:51+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:57:52+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:57:52+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:57:53+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:57:53+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "nextjs-nextjs--CVE-2025-49826-20260318035747"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:57:47+00:00",
"finished_at": "2026-03-18T03:57:53+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49826-20260318035747",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49826-20260318035747/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49826-20260318035747/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49826-20260318035747/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/nextjs-nextjs--CVE-2025-49826-20260318035747/report.html",
"report_md": "/runs/nextjs-nextjs--CVE-2025-49826-20260318035747/report.md",
"timeline": "/runs/nextjs-nextjs--CVE-2025-49826-20260318035747/timeline.mmd",
"bundle": "/runs/nextjs-nextjs--CVE-2025-49826-20260318035747/run.json"
},
"browser_links": [
"/runs/nextjs-nextjs--CVE-2025-49826-20260318035747/assets/baseline.png",
"/runs/nextjs-nextjs--CVE-2025-49826-20260318035747/assets/baseline-dom.html",
"/runs/nextjs-nextjs--CVE-2025-49826-20260318035747/logs/baseline-console.json",
"/runs/nextjs-nextjs--CVE-2025-49826-20260318035747/logs/baseline-network.json",
"/runs/nextjs-nextjs--CVE-2025-49826-20260318035747/logs/baseline-page.json",
"/runs/nextjs-nextjs--CVE-2025-49826-20260318035747/assets/proof.png",
"/runs/nextjs-nextjs--CVE-2025-49826-20260318035747/assets/proof-dom.html",
"/runs/nextjs-nextjs--CVE-2025-49826-20260318035747/logs/proof-console.json",
"/runs/nextjs-nextjs--CVE-2025-49826-20260318035747/logs/proof-network.json",
"/runs/nextjs-nextjs--CVE-2025-49826-20260318035747/logs/proof-page.json"
],
"container_links": [
"/runs/nextjs-nextjs--CVE-2025-49826-20260318035747/logs/docker/app.log"
],
"request_links": [
"/runs/nextjs-nextjs--CVE-2025-49826-20260318035747/logs/attack.json",
"/runs/nextjs-nextjs--CVE-2025-49826-20260318035747/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "nextjs-proxy-boundary",
"vuln_family": "proxy-boundary",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Middleware trust-boundary proof is visible on the browser proof page."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed middleware boundary fixture with clean proxy state."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner performs forwarded-header proof against local fixture only."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "nextjs.proxy-boundary",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/nextjs/proxy-boundary",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed middleware boundary fixture with clean proxy state.",
"Runner performs forwarded-header proof against local fixture only.",
"Middleware trust-boundary proof is visible on the browser proof page."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-49826-20260318035747/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-49826-20260318035747/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-49826-20260318035747/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-49826-20260318035747/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-49826-20260318035747/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-49826-20260318035747/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-49826-20260318035747/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-49826-20260318035747/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-49826-20260318035747/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-49826-20260318035747/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-49826-20260318035747/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-49826-20260318035747/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-49826-20260318035747/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-49826-20260318035747/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-49826-20260318035747/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-49826-20260318035747/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-49826-20260318035747/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-49826-20260318035747/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-49826-20260318035747/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "nextjs-nextjs--CVE-2025-49005-20260318035740",
"system_id": "nextjs",
"advisory_id": "nextjs--CVE-2025-49005",
"repro_profile_id": "nextjs-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49005-20260318035740/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "nextjs.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49005-20260318035740/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49005-20260318035740/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49005-20260318035740/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49005-20260318035740/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49005-20260318035740/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49005-20260318035740/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49005-20260318035740/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49005-20260318035740/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49005-20260318035740/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49005-20260318035740/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49005-20260318035740/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49005-20260318035740/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49005-20260318035740/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49005-20260318035740/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49005-20260318035740/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49005-20260318035740/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49005-20260318035740/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49005-20260318035740/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49005-20260318035740/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49005-20260318035740/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49005-20260318035740/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49005-20260318035740/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49005-20260318035740/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49005-20260318035740/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49005-20260318035740/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49005-20260318035740/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49005-20260318035740/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49005-20260318035740/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49005-20260318035740/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49005-20260318035740/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49005-20260318035740/logs/proof-page.json"
],
"baseline_title": "Next.js Proxy Boundary Fixture",
"proof_title": "Next.js Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49005-20260318035740/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49005-20260318035740/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49005-20260318035740/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49005-20260318035740/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:57:40+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "nextjs--CVE-2025-49005"
},
{
"at": "2026-03-18T03:57:40+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "nextjs-proxy-boundary"
},
{
"at": "2026-03-18T03:57:41+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:57:43+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:57:43+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:57:43+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:57:43+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:57:44+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:57:44+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:57:45+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:57:45+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:57:47+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:57:47+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "nextjs-nextjs--CVE-2025-49005-20260318035740"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:57:40+00:00",
"finished_at": "2026-03-18T03:57:47+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49005-20260318035740",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49005-20260318035740/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49005-20260318035740/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-49005-20260318035740/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/nextjs-nextjs--CVE-2025-49005-20260318035740/report.html",
"report_md": "/runs/nextjs-nextjs--CVE-2025-49005-20260318035740/report.md",
"timeline": "/runs/nextjs-nextjs--CVE-2025-49005-20260318035740/timeline.mmd",
"bundle": "/runs/nextjs-nextjs--CVE-2025-49005-20260318035740/run.json"
},
"browser_links": [
"/runs/nextjs-nextjs--CVE-2025-49005-20260318035740/assets/baseline.png",
"/runs/nextjs-nextjs--CVE-2025-49005-20260318035740/assets/baseline-dom.html",
"/runs/nextjs-nextjs--CVE-2025-49005-20260318035740/logs/baseline-console.json",
"/runs/nextjs-nextjs--CVE-2025-49005-20260318035740/logs/baseline-network.json",
"/runs/nextjs-nextjs--CVE-2025-49005-20260318035740/logs/baseline-page.json",
"/runs/nextjs-nextjs--CVE-2025-49005-20260318035740/assets/proof.png",
"/runs/nextjs-nextjs--CVE-2025-49005-20260318035740/assets/proof-dom.html",
"/runs/nextjs-nextjs--CVE-2025-49005-20260318035740/logs/proof-console.json",
"/runs/nextjs-nextjs--CVE-2025-49005-20260318035740/logs/proof-network.json",
"/runs/nextjs-nextjs--CVE-2025-49005-20260318035740/logs/proof-page.json"
],
"container_links": [
"/runs/nextjs-nextjs--CVE-2025-49005-20260318035740/logs/docker/app.log"
],
"request_links": [
"/runs/nextjs-nextjs--CVE-2025-49005-20260318035740/logs/attack.json",
"/runs/nextjs-nextjs--CVE-2025-49005-20260318035740/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "nextjs-proxy-boundary",
"vuln_family": "proxy-boundary",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Middleware trust-boundary proof is visible on the browser proof page."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed middleware boundary fixture with clean proxy state."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner performs forwarded-header proof against local fixture only."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "nextjs.proxy-boundary",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/nextjs/proxy-boundary",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed middleware boundary fixture with clean proxy state.",
"Runner performs forwarded-header proof against local fixture only.",
"Middleware trust-boundary proof is visible on the browser proof page."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-49005-20260318035740/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-49005-20260318035740/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-49005-20260318035740/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-49005-20260318035740/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-49005-20260318035740/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-49005-20260318035740/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-49005-20260318035740/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-49005-20260318035740/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-49005-20260318035740/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-49005-20260318035740/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-49005-20260318035740/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-49005-20260318035740/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-49005-20260318035740/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-49005-20260318035740/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-49005-20260318035740/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-49005-20260318035740/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-49005-20260318035740/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-49005-20260318035740/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-49005-20260318035740/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "nextjs-nextjs--CVE-2025-48068-20260318035734",
"system_id": "nextjs",
"advisory_id": "nextjs--CVE-2025-48068",
"repro_profile_id": "nextjs-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "nextjs.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/logs/proof-page.json"
],
"baseline_title": "Next.js Proxy Boundary Fixture",
"proof_title": "Next.js Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:57:34+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "nextjs--CVE-2025-48068"
},
{
"at": "2026-03-18T03:57:34+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "nextjs-proxy-boundary"
},
{
"at": "2026-03-18T03:57:34+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:57:37+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:57:37+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:57:37+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:57:37+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:57:38+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:57:38+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:57:39+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:57:39+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:57:40+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:57:40+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "nextjs-nextjs--CVE-2025-48068-20260318035734"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:57:34+00:00",
"finished_at": "2026-03-18T03:57:40+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-48068-20260318035734/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/nextjs-nextjs--CVE-2025-48068-20260318035734/report.html",
"report_md": "/runs/nextjs-nextjs--CVE-2025-48068-20260318035734/report.md",
"timeline": "/runs/nextjs-nextjs--CVE-2025-48068-20260318035734/timeline.mmd",
"bundle": "/runs/nextjs-nextjs--CVE-2025-48068-20260318035734/run.json"
},
"browser_links": [
"/runs/nextjs-nextjs--CVE-2025-48068-20260318035734/assets/baseline.png",
"/runs/nextjs-nextjs--CVE-2025-48068-20260318035734/assets/baseline-dom.html",
"/runs/nextjs-nextjs--CVE-2025-48068-20260318035734/logs/baseline-console.json",
"/runs/nextjs-nextjs--CVE-2025-48068-20260318035734/logs/baseline-network.json",
"/runs/nextjs-nextjs--CVE-2025-48068-20260318035734/logs/baseline-page.json",
"/runs/nextjs-nextjs--CVE-2025-48068-20260318035734/assets/proof.png",
"/runs/nextjs-nextjs--CVE-2025-48068-20260318035734/assets/proof-dom.html",
"/runs/nextjs-nextjs--CVE-2025-48068-20260318035734/logs/proof-console.json",
"/runs/nextjs-nextjs--CVE-2025-48068-20260318035734/logs/proof-network.json",
"/runs/nextjs-nextjs--CVE-2025-48068-20260318035734/logs/proof-page.json"
],
"container_links": [
"/runs/nextjs-nextjs--CVE-2025-48068-20260318035734/logs/docker/app.log"
],
"request_links": [
"/runs/nextjs-nextjs--CVE-2025-48068-20260318035734/logs/attack.json",
"/runs/nextjs-nextjs--CVE-2025-48068-20260318035734/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "nextjs-proxy-boundary",
"vuln_family": "proxy-boundary",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Middleware trust-boundary proof is visible on the browser proof page."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed middleware boundary fixture with clean proxy state."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner performs forwarded-header proof against local fixture only."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "nextjs.proxy-boundary",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/nextjs/proxy-boundary",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed middleware boundary fixture with clean proxy state.",
"Runner performs forwarded-header proof against local fixture only.",
"Middleware trust-boundary proof is visible on the browser proof page."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-48068-20260318035734/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-48068-20260318035734/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-48068-20260318035734/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-48068-20260318035734/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-48068-20260318035734/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-48068-20260318035734/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-48068-20260318035734/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-48068-20260318035734/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-48068-20260318035734/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-48068-20260318035734/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-48068-20260318035734/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-48068-20260318035734/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-48068-20260318035734/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-48068-20260318035734/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-48068-20260318035734/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-48068-20260318035734/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-48068-20260318035734/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-48068-20260318035734/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-48068-20260318035734/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "nextjs-nextjs--CVE-2025-32421-20260318035727",
"system_id": "nextjs",
"advisory_id": "nextjs--CVE-2025-32421",
"repro_profile_id": "nextjs-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-32421-20260318035727/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "nextjs.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-32421-20260318035727/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-32421-20260318035727/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-32421-20260318035727/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-32421-20260318035727/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-32421-20260318035727/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-32421-20260318035727/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-32421-20260318035727/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-32421-20260318035727/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-32421-20260318035727/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-32421-20260318035727/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-32421-20260318035727/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-32421-20260318035727/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-32421-20260318035727/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-32421-20260318035727/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-32421-20260318035727/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-32421-20260318035727/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-32421-20260318035727/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-32421-20260318035727/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-32421-20260318035727/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-32421-20260318035727/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-32421-20260318035727/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-32421-20260318035727/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-32421-20260318035727/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-32421-20260318035727/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-32421-20260318035727/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-32421-20260318035727/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-32421-20260318035727/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-32421-20260318035727/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-32421-20260318035727/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-32421-20260318035727/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-32421-20260318035727/logs/proof-page.json"
],
"baseline_title": "Next.js Proxy Boundary Fixture",
"proof_title": "Next.js Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-32421-20260318035727/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-32421-20260318035727/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-32421-20260318035727/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-32421-20260318035727/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:57:27+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "nextjs--CVE-2025-32421"
},
{
"at": "2026-03-18T03:57:27+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "nextjs-proxy-boundary"
},
{
"at": "2026-03-18T03:57:28+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:57:31+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:57:31+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:57:31+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:57:31+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:57:31+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:57:31+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:57:32+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:57:32+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:57:34+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:57:34+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "nextjs-nextjs--CVE-2025-32421-20260318035727"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:57:27+00:00",
"finished_at": "2026-03-18T03:57:34+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-32421-20260318035727",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-32421-20260318035727/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-32421-20260318035727/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-32421-20260318035727/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/nextjs-nextjs--CVE-2025-32421-20260318035727/report.html",
"report_md": "/runs/nextjs-nextjs--CVE-2025-32421-20260318035727/report.md",
"timeline": "/runs/nextjs-nextjs--CVE-2025-32421-20260318035727/timeline.mmd",
"bundle": "/runs/nextjs-nextjs--CVE-2025-32421-20260318035727/run.json"
},
"browser_links": [
"/runs/nextjs-nextjs--CVE-2025-32421-20260318035727/assets/baseline.png",
"/runs/nextjs-nextjs--CVE-2025-32421-20260318035727/assets/baseline-dom.html",
"/runs/nextjs-nextjs--CVE-2025-32421-20260318035727/logs/baseline-console.json",
"/runs/nextjs-nextjs--CVE-2025-32421-20260318035727/logs/baseline-network.json",
"/runs/nextjs-nextjs--CVE-2025-32421-20260318035727/logs/baseline-page.json",
"/runs/nextjs-nextjs--CVE-2025-32421-20260318035727/assets/proof.png",
"/runs/nextjs-nextjs--CVE-2025-32421-20260318035727/assets/proof-dom.html",
"/runs/nextjs-nextjs--CVE-2025-32421-20260318035727/logs/proof-console.json",
"/runs/nextjs-nextjs--CVE-2025-32421-20260318035727/logs/proof-network.json",
"/runs/nextjs-nextjs--CVE-2025-32421-20260318035727/logs/proof-page.json"
],
"container_links": [
"/runs/nextjs-nextjs--CVE-2025-32421-20260318035727/logs/docker/app.log"
],
"request_links": [
"/runs/nextjs-nextjs--CVE-2025-32421-20260318035727/logs/attack.json",
"/runs/nextjs-nextjs--CVE-2025-32421-20260318035727/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "nextjs-proxy-boundary",
"vuln_family": "proxy-boundary",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Middleware trust-boundary proof is visible on the browser proof page."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed middleware boundary fixture with clean proxy state."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner performs forwarded-header proof against local fixture only."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "nextjs.proxy-boundary",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/nextjs/proxy-boundary",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed middleware boundary fixture with clean proxy state.",
"Runner performs forwarded-header proof against local fixture only.",
"Middleware trust-boundary proof is visible on the browser proof page."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-32421-20260318035727/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-32421-20260318035727/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-32421-20260318035727/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-32421-20260318035727/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-32421-20260318035727/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-32421-20260318035727/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-32421-20260318035727/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-32421-20260318035727/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-32421-20260318035727/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-32421-20260318035727/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-32421-20260318035727/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-32421-20260318035727/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-32421-20260318035727/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-32421-20260318035727/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-32421-20260318035727/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-32421-20260318035727/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-32421-20260318035727/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-32421-20260318035727/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-32421-20260318035727/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "nextjs-nextjs--CVE-2025-30218-20260318035721",
"system_id": "nextjs",
"advisory_id": "nextjs--CVE-2025-30218",
"repro_profile_id": "nextjs-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-30218-20260318035721/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "nextjs.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-30218-20260318035721/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-30218-20260318035721/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-30218-20260318035721/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-30218-20260318035721/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-30218-20260318035721/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-30218-20260318035721/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-30218-20260318035721/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-30218-20260318035721/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-30218-20260318035721/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-30218-20260318035721/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-30218-20260318035721/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-30218-20260318035721/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-30218-20260318035721/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-30218-20260318035721/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-30218-20260318035721/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-30218-20260318035721/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-30218-20260318035721/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-30218-20260318035721/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-30218-20260318035721/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-30218-20260318035721/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-30218-20260318035721/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-30218-20260318035721/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-30218-20260318035721/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-30218-20260318035721/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-30218-20260318035721/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-30218-20260318035721/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-30218-20260318035721/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-30218-20260318035721/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-30218-20260318035721/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-30218-20260318035721/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-30218-20260318035721/logs/proof-page.json"
],
"baseline_title": "Next.js Proxy Boundary Fixture",
"proof_title": "Next.js Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-30218-20260318035721/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-30218-20260318035721/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-30218-20260318035721/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-30218-20260318035721/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:57:21+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "nextjs--CVE-2025-30218"
},
{
"at": "2026-03-18T03:57:21+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "nextjs-proxy-boundary"
},
{
"at": "2026-03-18T03:57:21+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:57:24+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:57:24+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:57:24+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:57:24+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:57:25+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:57:25+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:57:26+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:57:26+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:57:27+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:57:27+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "nextjs-nextjs--CVE-2025-30218-20260318035721"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:57:21+00:00",
"finished_at": "2026-03-18T03:57:27+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-30218-20260318035721",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-30218-20260318035721/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-30218-20260318035721/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-30218-20260318035721/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/nextjs-nextjs--CVE-2025-30218-20260318035721/report.html",
"report_md": "/runs/nextjs-nextjs--CVE-2025-30218-20260318035721/report.md",
"timeline": "/runs/nextjs-nextjs--CVE-2025-30218-20260318035721/timeline.mmd",
"bundle": "/runs/nextjs-nextjs--CVE-2025-30218-20260318035721/run.json"
},
"browser_links": [
"/runs/nextjs-nextjs--CVE-2025-30218-20260318035721/assets/baseline.png",
"/runs/nextjs-nextjs--CVE-2025-30218-20260318035721/assets/baseline-dom.html",
"/runs/nextjs-nextjs--CVE-2025-30218-20260318035721/logs/baseline-console.json",
"/runs/nextjs-nextjs--CVE-2025-30218-20260318035721/logs/baseline-network.json",
"/runs/nextjs-nextjs--CVE-2025-30218-20260318035721/logs/baseline-page.json",
"/runs/nextjs-nextjs--CVE-2025-30218-20260318035721/assets/proof.png",
"/runs/nextjs-nextjs--CVE-2025-30218-20260318035721/assets/proof-dom.html",
"/runs/nextjs-nextjs--CVE-2025-30218-20260318035721/logs/proof-console.json",
"/runs/nextjs-nextjs--CVE-2025-30218-20260318035721/logs/proof-network.json",
"/runs/nextjs-nextjs--CVE-2025-30218-20260318035721/logs/proof-page.json"
],
"container_links": [
"/runs/nextjs-nextjs--CVE-2025-30218-20260318035721/logs/docker/app.log"
],
"request_links": [
"/runs/nextjs-nextjs--CVE-2025-30218-20260318035721/logs/attack.json",
"/runs/nextjs-nextjs--CVE-2025-30218-20260318035721/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "nextjs-proxy-boundary",
"vuln_family": "proxy-boundary",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Middleware trust-boundary proof is visible on the browser proof page."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed middleware boundary fixture with clean proxy state."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner performs forwarded-header proof against local fixture only."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "nextjs.proxy-boundary",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/nextjs/proxy-boundary",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed middleware boundary fixture with clean proxy state.",
"Runner performs forwarded-header proof against local fixture only.",
"Middleware trust-boundary proof is visible on the browser proof page."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-30218-20260318035721/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-30218-20260318035721/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-30218-20260318035721/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-30218-20260318035721/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-30218-20260318035721/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-30218-20260318035721/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-30218-20260318035721/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-30218-20260318035721/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-30218-20260318035721/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-30218-20260318035721/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-30218-20260318035721/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-30218-20260318035721/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-30218-20260318035721/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-30218-20260318035721/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-30218-20260318035721/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-30218-20260318035721/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-30218-20260318035721/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-30218-20260318035721/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-30218-20260318035721/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "nextjs-nextjs--CVE-2025-29927-20260318035717",
"system_id": "nextjs",
"advisory_id": "nextjs--CVE-2025-29927",
"repro_profile_id": "nextjs-authz-bypass",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-29927-20260318035717/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "nextjs.authz-bypass",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-29927-20260318035717/logs/attack.json"
}
],
"browser_refs": [],
"browser_evidence": {
"required": false,
"present": false,
"refs": [],
"baseline_refs": [],
"proof_refs": [],
"baseline_title": null,
"proof_title": null,
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-29927-20260318035717/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-29927-20260318035717/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-29927-20260318035717/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-29927-20260318035717/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:57:17+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "nextjs--CVE-2025-29927"
},
{
"at": "2026-03-18T03:57:17+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "nextjs-authz-bypass"
},
{
"at": "2026-03-18T03:57:17+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:57:19+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:57:19+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:57:19+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:57:19+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:57:19+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:57:20+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:57:21+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:57:21+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "nextjs-nextjs--CVE-2025-29927-20260318035717"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "server-side authorization recheck was bypassed"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:57:17+00:00",
"finished_at": "2026-03-18T03:57:21+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-29927-20260318035717",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-29927-20260318035717/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-29927-20260318035717/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-29927-20260318035717/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/nextjs-nextjs--CVE-2025-29927-20260318035717/report.html",
"report_md": "/runs/nextjs-nextjs--CVE-2025-29927-20260318035717/report.md",
"timeline": "/runs/nextjs-nextjs--CVE-2025-29927-20260318035717/timeline.mmd",
"bundle": "/runs/nextjs-nextjs--CVE-2025-29927-20260318035717/run.json"
},
"browser_links": [],
"container_links": [
"/runs/nextjs-nextjs--CVE-2025-29927-20260318035717/logs/docker/app.log"
],
"request_links": [
"/runs/nextjs-nextjs--CVE-2025-29927-20260318035717/logs/attack.json",
"/runs/nextjs-nextjs--CVE-2025-29927-20260318035717/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "nextjs-authz-bypass",
"vuln_family": "authz-bypass",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Protected route is reachable only after the controlled bypass proof step."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed guest/admin route fixture for server-side recheck."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner performs local authz bypass proof only."
}
],
"browser_assertions": {
"required": false
},
"runner_id": "nextjs.authz-bypass",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/nextjs/authz-bypass",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed guest/admin route fixture for server-side recheck.",
"Runner performs local authz bypass proof only.",
"Protected route is reachable only after the controlled bypass proof step."
],
"progress": {
"completed": 10,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-29927-20260318035717/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-29927-20260318035717/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-29927-20260318035717/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2025-29927-20260318035717/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-29927-20260318035717/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-29927-20260318035717/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-29927-20260318035717/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-29927-20260318035717/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2025-29927-20260318035717/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "nextjs-nextjs--CVE-2024-56332-20260318035710",
"system_id": "nextjs",
"advisory_id": "nextjs--CVE-2024-56332",
"repro_profile_id": "nextjs-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-56332-20260318035710/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "nextjs.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-56332-20260318035710/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-56332-20260318035710/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-56332-20260318035710/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-56332-20260318035710/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-56332-20260318035710/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-56332-20260318035710/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-56332-20260318035710/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-56332-20260318035710/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-56332-20260318035710/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-56332-20260318035710/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-56332-20260318035710/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-56332-20260318035710/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-56332-20260318035710/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-56332-20260318035710/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-56332-20260318035710/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-56332-20260318035710/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-56332-20260318035710/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-56332-20260318035710/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-56332-20260318035710/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-56332-20260318035710/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-56332-20260318035710/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-56332-20260318035710/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-56332-20260318035710/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-56332-20260318035710/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-56332-20260318035710/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-56332-20260318035710/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-56332-20260318035710/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-56332-20260318035710/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-56332-20260318035710/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-56332-20260318035710/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-56332-20260318035710/logs/proof-page.json"
],
"baseline_title": "Next.js Proxy Boundary Fixture",
"proof_title": "Next.js Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-56332-20260318035710/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-56332-20260318035710/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-56332-20260318035710/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-56332-20260318035710/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:57:10+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "nextjs--CVE-2024-56332"
},
{
"at": "2026-03-18T03:57:10+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "nextjs-proxy-boundary"
},
{
"at": "2026-03-18T03:57:10+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:57:13+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:57:13+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:57:13+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:57:13+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:57:14+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:57:14+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:57:15+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:57:15+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:57:16+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:57:16+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "nextjs-nextjs--CVE-2024-56332-20260318035710"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:57:10+00:00",
"finished_at": "2026-03-18T03:57:16+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-56332-20260318035710",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-56332-20260318035710/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-56332-20260318035710/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-56332-20260318035710/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/nextjs-nextjs--CVE-2024-56332-20260318035710/report.html",
"report_md": "/runs/nextjs-nextjs--CVE-2024-56332-20260318035710/report.md",
"timeline": "/runs/nextjs-nextjs--CVE-2024-56332-20260318035710/timeline.mmd",
"bundle": "/runs/nextjs-nextjs--CVE-2024-56332-20260318035710/run.json"
},
"browser_links": [
"/runs/nextjs-nextjs--CVE-2024-56332-20260318035710/assets/baseline.png",
"/runs/nextjs-nextjs--CVE-2024-56332-20260318035710/assets/baseline-dom.html",
"/runs/nextjs-nextjs--CVE-2024-56332-20260318035710/logs/baseline-console.json",
"/runs/nextjs-nextjs--CVE-2024-56332-20260318035710/logs/baseline-network.json",
"/runs/nextjs-nextjs--CVE-2024-56332-20260318035710/logs/baseline-page.json",
"/runs/nextjs-nextjs--CVE-2024-56332-20260318035710/assets/proof.png",
"/runs/nextjs-nextjs--CVE-2024-56332-20260318035710/assets/proof-dom.html",
"/runs/nextjs-nextjs--CVE-2024-56332-20260318035710/logs/proof-console.json",
"/runs/nextjs-nextjs--CVE-2024-56332-20260318035710/logs/proof-network.json",
"/runs/nextjs-nextjs--CVE-2024-56332-20260318035710/logs/proof-page.json"
],
"container_links": [
"/runs/nextjs-nextjs--CVE-2024-56332-20260318035710/logs/docker/app.log"
],
"request_links": [
"/runs/nextjs-nextjs--CVE-2024-56332-20260318035710/logs/attack.json",
"/runs/nextjs-nextjs--CVE-2024-56332-20260318035710/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "nextjs-proxy-boundary",
"vuln_family": "proxy-boundary",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Middleware trust-boundary proof is visible on the browser proof page."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed middleware boundary fixture with clean proxy state."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner performs forwarded-header proof against local fixture only."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "nextjs.proxy-boundary",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/nextjs/proxy-boundary",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed middleware boundary fixture with clean proxy state.",
"Runner performs forwarded-header proof against local fixture only.",
"Middleware trust-boundary proof is visible on the browser proof page."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2024-56332-20260318035710/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2024-56332-20260318035710/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2024-56332-20260318035710/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2024-56332-20260318035710/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2024-56332-20260318035710/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2024-56332-20260318035710/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2024-56332-20260318035710/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2024-56332-20260318035710/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/nextjs-nextjs--CVE-2024-56332-20260318035710/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2024-56332-20260318035710/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2024-56332-20260318035710/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2024-56332-20260318035710/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2024-56332-20260318035710/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/nextjs-nextjs--CVE-2024-56332-20260318035710/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2024-56332-20260318035710/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2024-56332-20260318035710/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2024-56332-20260318035710/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2024-56332-20260318035710/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2024-56332-20260318035710/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "nextjs-nextjs--CVE-2024-51479-20260318035706",
"system_id": "nextjs",
"advisory_id": "nextjs--CVE-2024-51479",
"repro_profile_id": "nextjs-authz-bypass",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318035706/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "nextjs.authz-bypass",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318035706/logs/attack.json"
}
],
"browser_refs": [],
"browser_evidence": {
"required": false,
"present": false,
"refs": [],
"baseline_refs": [],
"proof_refs": [],
"baseline_title": null,
"proof_title": null,
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318035706/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318035706/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318035706/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318035706/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:57:06+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "nextjs--CVE-2024-51479"
},
{
"at": "2026-03-18T03:57:06+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "nextjs-authz-bypass"
},
{
"at": "2026-03-18T03:57:06+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:57:08+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:57:08+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:57:08+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:57:08+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:57:08+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:57:09+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:57:10+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:57:10+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "nextjs-nextjs--CVE-2024-51479-20260318035706"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "server-side authorization recheck was bypassed"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:57:06+00:00",
"finished_at": "2026-03-18T03:57:10+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318035706",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318035706/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318035706/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318035706/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/nextjs-nextjs--CVE-2024-51479-20260318035706/report.html",
"report_md": "/runs/nextjs-nextjs--CVE-2024-51479-20260318035706/report.md",
"timeline": "/runs/nextjs-nextjs--CVE-2024-51479-20260318035706/timeline.mmd",
"bundle": "/runs/nextjs-nextjs--CVE-2024-51479-20260318035706/run.json"
},
"browser_links": [],
"container_links": [
"/runs/nextjs-nextjs--CVE-2024-51479-20260318035706/logs/docker/app.log"
],
"request_links": [
"/runs/nextjs-nextjs--CVE-2024-51479-20260318035706/logs/attack.json",
"/runs/nextjs-nextjs--CVE-2024-51479-20260318035706/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "nextjs-authz-bypass",
"vuln_family": "authz-bypass",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Protected route is reachable only after the controlled bypass proof step."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed guest/admin route fixture for server-side recheck."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner performs local authz bypass proof only."
}
],
"browser_assertions": {
"required": false
},
"runner_id": "nextjs.authz-bypass",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/nextjs/authz-bypass",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed guest/admin route fixture for server-side recheck.",
"Runner performs local authz bypass proof only.",
"Protected route is reachable only after the controlled bypass proof step."
],
"progress": {
"completed": 10,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2024-51479-20260318035706/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2024-51479-20260318035706/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2024-51479-20260318035706/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2024-51479-20260318035706/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2024-51479-20260318035706/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2024-51479-20260318035706/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2024-51479-20260318035706/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2024-51479-20260318035706/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2024-51479-20260318035706/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "nextjs-nextjs--CVE-2024-47831-20260318035659",
"system_id": "nextjs",
"advisory_id": "nextjs--CVE-2024-47831",
"repro_profile_id": "nextjs-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-47831-20260318035659/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "nextjs.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-47831-20260318035659/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-47831-20260318035659/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-47831-20260318035659/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-47831-20260318035659/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-47831-20260318035659/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-47831-20260318035659/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-47831-20260318035659/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-47831-20260318035659/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-47831-20260318035659/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-47831-20260318035659/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-47831-20260318035659/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-47831-20260318035659/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-47831-20260318035659/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-47831-20260318035659/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-47831-20260318035659/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-47831-20260318035659/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-47831-20260318035659/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-47831-20260318035659/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-47831-20260318035659/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-47831-20260318035659/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-47831-20260318035659/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-47831-20260318035659/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-47831-20260318035659/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-47831-20260318035659/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-47831-20260318035659/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-47831-20260318035659/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-47831-20260318035659/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-47831-20260318035659/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-47831-20260318035659/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-47831-20260318035659/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-47831-20260318035659/logs/proof-page.json"
],
"baseline_title": "Next.js Proxy Boundary Fixture",
"proof_title": "Next.js Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-47831-20260318035659/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-47831-20260318035659/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-47831-20260318035659/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-47831-20260318035659/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:56:59+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "nextjs--CVE-2024-47831"
},
{
"at": "2026-03-18T03:56:59+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "nextjs-proxy-boundary"
},
{
"at": "2026-03-18T03:56:59+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:57:02+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:57:02+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:57:02+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:57:02+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:57:03+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:57:03+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:57:04+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:57:04+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:57:06+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:57:06+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "nextjs-nextjs--CVE-2024-47831-20260318035659"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:56:59+00:00",
"finished_at": "2026-03-18T03:57:06+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-47831-20260318035659",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-47831-20260318035659/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-47831-20260318035659/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-47831-20260318035659/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/nextjs-nextjs--CVE-2024-47831-20260318035659/report.html",
"report_md": "/runs/nextjs-nextjs--CVE-2024-47831-20260318035659/report.md",
"timeline": "/runs/nextjs-nextjs--CVE-2024-47831-20260318035659/timeline.mmd",
"bundle": "/runs/nextjs-nextjs--CVE-2024-47831-20260318035659/run.json"
},
"browser_links": [
"/runs/nextjs-nextjs--CVE-2024-47831-20260318035659/assets/baseline.png",
"/runs/nextjs-nextjs--CVE-2024-47831-20260318035659/assets/baseline-dom.html",
"/runs/nextjs-nextjs--CVE-2024-47831-20260318035659/logs/baseline-console.json",
"/runs/nextjs-nextjs--CVE-2024-47831-20260318035659/logs/baseline-network.json",
"/runs/nextjs-nextjs--CVE-2024-47831-20260318035659/logs/baseline-page.json",
"/runs/nextjs-nextjs--CVE-2024-47831-20260318035659/assets/proof.png",
"/runs/nextjs-nextjs--CVE-2024-47831-20260318035659/assets/proof-dom.html",
"/runs/nextjs-nextjs--CVE-2024-47831-20260318035659/logs/proof-console.json",
"/runs/nextjs-nextjs--CVE-2024-47831-20260318035659/logs/proof-network.json",
"/runs/nextjs-nextjs--CVE-2024-47831-20260318035659/logs/proof-page.json"
],
"container_links": [
"/runs/nextjs-nextjs--CVE-2024-47831-20260318035659/logs/docker/app.log"
],
"request_links": [
"/runs/nextjs-nextjs--CVE-2024-47831-20260318035659/logs/attack.json",
"/runs/nextjs-nextjs--CVE-2024-47831-20260318035659/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "nextjs-proxy-boundary",
"vuln_family": "proxy-boundary",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Middleware trust-boundary proof is visible on the browser proof page."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed middleware boundary fixture with clean proxy state."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner performs forwarded-header proof against local fixture only."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "nextjs.proxy-boundary",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/nextjs/proxy-boundary",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed middleware boundary fixture with clean proxy state.",
"Runner performs forwarded-header proof against local fixture only.",
"Middleware trust-boundary proof is visible on the browser proof page."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2024-47831-20260318035659/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2024-47831-20260318035659/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2024-47831-20260318035659/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2024-47831-20260318035659/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2024-47831-20260318035659/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2024-47831-20260318035659/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2024-47831-20260318035659/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2024-47831-20260318035659/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/nextjs-nextjs--CVE-2024-47831-20260318035659/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2024-47831-20260318035659/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2024-47831-20260318035659/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2024-47831-20260318035659/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2024-47831-20260318035659/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/nextjs-nextjs--CVE-2024-47831-20260318035659/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2024-47831-20260318035659/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2024-47831-20260318035659/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2024-47831-20260318035659/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2024-47831-20260318035659/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2024-47831-20260318035659/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "nextjs-nextjs--CVE-2024-46982-20260318035653",
"system_id": "nextjs",
"advisory_id": "nextjs--CVE-2024-46982",
"repro_profile_id": "nextjs-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-46982-20260318035653/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "nextjs.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-46982-20260318035653/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-46982-20260318035653/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-46982-20260318035653/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-46982-20260318035653/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-46982-20260318035653/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-46982-20260318035653/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-46982-20260318035653/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-46982-20260318035653/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-46982-20260318035653/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-46982-20260318035653/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-46982-20260318035653/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-46982-20260318035653/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-46982-20260318035653/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-46982-20260318035653/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-46982-20260318035653/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-46982-20260318035653/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-46982-20260318035653/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-46982-20260318035653/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-46982-20260318035653/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-46982-20260318035653/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-46982-20260318035653/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-46982-20260318035653/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-46982-20260318035653/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-46982-20260318035653/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-46982-20260318035653/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-46982-20260318035653/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-46982-20260318035653/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-46982-20260318035653/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-46982-20260318035653/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-46982-20260318035653/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-46982-20260318035653/logs/proof-page.json"
],
"baseline_title": "Next.js Proxy Boundary Fixture",
"proof_title": "Next.js Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-46982-20260318035653/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-46982-20260318035653/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-46982-20260318035653/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-46982-20260318035653/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:56:53+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "nextjs--CVE-2024-46982"
},
{
"at": "2026-03-18T03:56:53+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "nextjs-proxy-boundary"
},
{
"at": "2026-03-18T03:56:53+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:56:56+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:56:56+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:56:56+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:56:56+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:56:57+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:56:57+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:56:58+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:56:58+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:56:59+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:56:59+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "nextjs-nextjs--CVE-2024-46982-20260318035653"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:56:53+00:00",
"finished_at": "2026-03-18T03:56:59+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-46982-20260318035653",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-46982-20260318035653/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-46982-20260318035653/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-46982-20260318035653/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/nextjs-nextjs--CVE-2024-46982-20260318035653/report.html",
"report_md": "/runs/nextjs-nextjs--CVE-2024-46982-20260318035653/report.md",
"timeline": "/runs/nextjs-nextjs--CVE-2024-46982-20260318035653/timeline.mmd",
"bundle": "/runs/nextjs-nextjs--CVE-2024-46982-20260318035653/run.json"
},
"browser_links": [
"/runs/nextjs-nextjs--CVE-2024-46982-20260318035653/assets/baseline.png",
"/runs/nextjs-nextjs--CVE-2024-46982-20260318035653/assets/baseline-dom.html",
"/runs/nextjs-nextjs--CVE-2024-46982-20260318035653/logs/baseline-console.json",
"/runs/nextjs-nextjs--CVE-2024-46982-20260318035653/logs/baseline-network.json",
"/runs/nextjs-nextjs--CVE-2024-46982-20260318035653/logs/baseline-page.json",
"/runs/nextjs-nextjs--CVE-2024-46982-20260318035653/assets/proof.png",
"/runs/nextjs-nextjs--CVE-2024-46982-20260318035653/assets/proof-dom.html",
"/runs/nextjs-nextjs--CVE-2024-46982-20260318035653/logs/proof-console.json",
"/runs/nextjs-nextjs--CVE-2024-46982-20260318035653/logs/proof-network.json",
"/runs/nextjs-nextjs--CVE-2024-46982-20260318035653/logs/proof-page.json"
],
"container_links": [
"/runs/nextjs-nextjs--CVE-2024-46982-20260318035653/logs/docker/app.log"
],
"request_links": [
"/runs/nextjs-nextjs--CVE-2024-46982-20260318035653/logs/attack.json",
"/runs/nextjs-nextjs--CVE-2024-46982-20260318035653/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "nextjs-proxy-boundary",
"vuln_family": "proxy-boundary",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Middleware trust-boundary proof is visible on the browser proof page."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed middleware boundary fixture with clean proxy state."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner performs forwarded-header proof against local fixture only."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "nextjs.proxy-boundary",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/nextjs/proxy-boundary",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed middleware boundary fixture with clean proxy state.",
"Runner performs forwarded-header proof against local fixture only.",
"Middleware trust-boundary proof is visible on the browser proof page."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2024-46982-20260318035653/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2024-46982-20260318035653/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2024-46982-20260318035653/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2024-46982-20260318035653/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2024-46982-20260318035653/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2024-46982-20260318035653/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2024-46982-20260318035653/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2024-46982-20260318035653/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/nextjs-nextjs--CVE-2024-46982-20260318035653/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2024-46982-20260318035653/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2024-46982-20260318035653/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2024-46982-20260318035653/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2024-46982-20260318035653/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/nextjs-nextjs--CVE-2024-46982-20260318035653/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2024-46982-20260318035653/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2024-46982-20260318035653/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2024-46982-20260318035653/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2024-46982-20260318035653/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2024-46982-20260318035653/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "nextjs-nextjs--CVE-2024-34351-20260318035648",
"system_id": "nextjs",
"advisory_id": "nextjs--CVE-2024-34351",
"repro_profile_id": "nextjs-ssrf",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318035648/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "nextjs.ssrf",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318035648/logs/attack.json"
}
],
"browser_refs": [],
"browser_evidence": {
"required": false,
"present": false,
"refs": [],
"baseline_refs": [],
"proof_refs": [],
"baseline_title": null,
"proof_title": null,
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318035648/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318035648/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318035648/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318035648/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:56:48+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "nextjs--CVE-2024-34351"
},
{
"at": "2026-03-18T03:56:48+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "nextjs-ssrf"
},
{
"at": "2026-03-18T03:56:48+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:56:51+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:56:51+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:56:51+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:56:51+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:56:51+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:56:51+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:56:53+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:56:53+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "nextjs-nextjs--CVE-2024-34351-20260318035648"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "server-side callback reached the local sink"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:56:48+00:00",
"finished_at": "2026-03-18T03:56:53+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318035648",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318035648/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318035648/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318035648/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/nextjs-nextjs--CVE-2024-34351-20260318035648/report.html",
"report_md": "/runs/nextjs-nextjs--CVE-2024-34351-20260318035648/report.md",
"timeline": "/runs/nextjs-nextjs--CVE-2024-34351-20260318035648/timeline.mmd",
"bundle": "/runs/nextjs-nextjs--CVE-2024-34351-20260318035648/run.json"
},
"browser_links": [],
"container_links": [
"/runs/nextjs-nextjs--CVE-2024-34351-20260318035648/logs/docker/app.log"
],
"request_links": [
"/runs/nextjs-nextjs--CVE-2024-34351-20260318035648/logs/attack.json",
"/runs/nextjs-nextjs--CVE-2024-34351-20260318035648/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "nextjs-ssrf",
"vuln_family": "ssrf",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Local sink callback is observed from the server-side fetch path."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed local callback fixture state."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner validates sink callback without leaving local network."
}
],
"browser_assertions": {
"required": false
},
"runner_id": "nextjs.ssrf",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/nextjs/ssrf",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed local callback fixture state.",
"Runner validates sink callback without leaving local network.",
"Local sink callback is observed from the server-side fetch path."
],
"progress": {
"completed": 10,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2024-34351-20260318035648/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2024-34351-20260318035648/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2024-34351-20260318035648/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2024-34351-20260318035648/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2024-34351-20260318035648/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2024-34351-20260318035648/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2024-34351-20260318035648/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2024-34351-20260318035648/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2024-34351-20260318035648/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "nextjs-nextjs--CVE-2021-43803-20260318035642",
"system_id": "nextjs",
"advisory_id": "nextjs--CVE-2021-43803",
"repro_profile_id": "nextjs-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-43803-20260318035642/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "nextjs.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-43803-20260318035642/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-43803-20260318035642/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-43803-20260318035642/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-43803-20260318035642/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-43803-20260318035642/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-43803-20260318035642/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-43803-20260318035642/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-43803-20260318035642/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-43803-20260318035642/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-43803-20260318035642/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-43803-20260318035642/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-43803-20260318035642/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-43803-20260318035642/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-43803-20260318035642/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-43803-20260318035642/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-43803-20260318035642/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-43803-20260318035642/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-43803-20260318035642/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-43803-20260318035642/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-43803-20260318035642/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-43803-20260318035642/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-43803-20260318035642/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-43803-20260318035642/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-43803-20260318035642/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-43803-20260318035642/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-43803-20260318035642/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-43803-20260318035642/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-43803-20260318035642/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-43803-20260318035642/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-43803-20260318035642/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-43803-20260318035642/logs/proof-page.json"
],
"baseline_title": "Next.js Proxy Boundary Fixture",
"proof_title": "Next.js Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-43803-20260318035642/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-43803-20260318035642/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-43803-20260318035642/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-43803-20260318035642/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:56:42+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "nextjs--CVE-2021-43803"
},
{
"at": "2026-03-18T03:56:42+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "nextjs-proxy-boundary"
},
{
"at": "2026-03-18T03:56:42+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:56:45+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:56:45+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:56:45+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:56:45+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:56:46+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:56:46+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:56:47+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:56:47+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:56:48+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:56:48+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "nextjs-nextjs--CVE-2021-43803-20260318035642"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:56:42+00:00",
"finished_at": "2026-03-18T03:56:48+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-43803-20260318035642",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-43803-20260318035642/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-43803-20260318035642/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-43803-20260318035642/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/nextjs-nextjs--CVE-2021-43803-20260318035642/report.html",
"report_md": "/runs/nextjs-nextjs--CVE-2021-43803-20260318035642/report.md",
"timeline": "/runs/nextjs-nextjs--CVE-2021-43803-20260318035642/timeline.mmd",
"bundle": "/runs/nextjs-nextjs--CVE-2021-43803-20260318035642/run.json"
},
"browser_links": [
"/runs/nextjs-nextjs--CVE-2021-43803-20260318035642/assets/baseline.png",
"/runs/nextjs-nextjs--CVE-2021-43803-20260318035642/assets/baseline-dom.html",
"/runs/nextjs-nextjs--CVE-2021-43803-20260318035642/logs/baseline-console.json",
"/runs/nextjs-nextjs--CVE-2021-43803-20260318035642/logs/baseline-network.json",
"/runs/nextjs-nextjs--CVE-2021-43803-20260318035642/logs/baseline-page.json",
"/runs/nextjs-nextjs--CVE-2021-43803-20260318035642/assets/proof.png",
"/runs/nextjs-nextjs--CVE-2021-43803-20260318035642/assets/proof-dom.html",
"/runs/nextjs-nextjs--CVE-2021-43803-20260318035642/logs/proof-console.json",
"/runs/nextjs-nextjs--CVE-2021-43803-20260318035642/logs/proof-network.json",
"/runs/nextjs-nextjs--CVE-2021-43803-20260318035642/logs/proof-page.json"
],
"container_links": [
"/runs/nextjs-nextjs--CVE-2021-43803-20260318035642/logs/docker/app.log"
],
"request_links": [
"/runs/nextjs-nextjs--CVE-2021-43803-20260318035642/logs/attack.json",
"/runs/nextjs-nextjs--CVE-2021-43803-20260318035642/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "nextjs-proxy-boundary",
"vuln_family": "proxy-boundary",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Middleware trust-boundary proof is visible on the browser proof page."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed middleware boundary fixture with clean proxy state."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner performs forwarded-header proof against local fixture only."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "nextjs.proxy-boundary",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/nextjs/proxy-boundary",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed middleware boundary fixture with clean proxy state.",
"Runner performs forwarded-header proof against local fixture only.",
"Middleware trust-boundary proof is visible on the browser proof page."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2021-43803-20260318035642/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2021-43803-20260318035642/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2021-43803-20260318035642/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2021-43803-20260318035642/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2021-43803-20260318035642/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2021-43803-20260318035642/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2021-43803-20260318035642/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2021-43803-20260318035642/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/nextjs-nextjs--CVE-2021-43803-20260318035642/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2021-43803-20260318035642/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2021-43803-20260318035642/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2021-43803-20260318035642/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2021-43803-20260318035642/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/nextjs-nextjs--CVE-2021-43803-20260318035642/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2021-43803-20260318035642/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2021-43803-20260318035642/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2021-43803-20260318035642/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2021-43803-20260318035642/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2021-43803-20260318035642/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "nextjs-nextjs--CVE-2021-39178-20260318035635",
"system_id": "nextjs",
"advisory_id": "nextjs--CVE-2021-39178",
"repro_profile_id": "nextjs-xss",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318035635/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "nextjs.xss",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318035635/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318035635/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318035635/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318035635/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318035635/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318035635/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318035635/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318035635/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318035635/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318035635/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318035635/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318035635/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318035635/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318035635/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318035635/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318035635/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318035635/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318035635/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318035635/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318035635/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318035635/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318035635/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318035635/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318035635/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318035635/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318035635/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318035635/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318035635/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318035635/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318035635/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318035635/logs/proof-page.json"
],
"baseline_title": "Next.js XSS Fixture",
"proof_title": "Next.js XSS Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318035635/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318035635/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318035635/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318035635/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:56:35+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "nextjs--CVE-2021-39178"
},
{
"at": "2026-03-18T03:56:35+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "nextjs-xss"
},
{
"at": "2026-03-18T03:56:36+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:56:38+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:56:38+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:56:38+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:56:38+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:56:39+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:56:39+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:56:40+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:56:40+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:56:42+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:56:42+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "nextjs-nextjs--CVE-2021-39178-20260318035635"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "stored payload rendered inside the browser proof page"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:56:35+00:00",
"finished_at": "2026-03-18T03:56:42+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318035635",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318035635/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318035635/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318035635/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/nextjs-nextjs--CVE-2021-39178-20260318035635/report.html",
"report_md": "/runs/nextjs-nextjs--CVE-2021-39178-20260318035635/report.md",
"timeline": "/runs/nextjs-nextjs--CVE-2021-39178-20260318035635/timeline.mmd",
"bundle": "/runs/nextjs-nextjs--CVE-2021-39178-20260318035635/run.json"
},
"browser_links": [
"/runs/nextjs-nextjs--CVE-2021-39178-20260318035635/assets/baseline.png",
"/runs/nextjs-nextjs--CVE-2021-39178-20260318035635/assets/baseline-dom.html",
"/runs/nextjs-nextjs--CVE-2021-39178-20260318035635/logs/baseline-console.json",
"/runs/nextjs-nextjs--CVE-2021-39178-20260318035635/logs/baseline-network.json",
"/runs/nextjs-nextjs--CVE-2021-39178-20260318035635/logs/baseline-page.json",
"/runs/nextjs-nextjs--CVE-2021-39178-20260318035635/assets/proof.png",
"/runs/nextjs-nextjs--CVE-2021-39178-20260318035635/assets/proof-dom.html",
"/runs/nextjs-nextjs--CVE-2021-39178-20260318035635/logs/proof-console.json",
"/runs/nextjs-nextjs--CVE-2021-39178-20260318035635/logs/proof-network.json",
"/runs/nextjs-nextjs--CVE-2021-39178-20260318035635/logs/proof-page.json"
],
"container_links": [
"/runs/nextjs-nextjs--CVE-2021-39178-20260318035635/logs/docker/app.log"
],
"request_links": [
"/runs/nextjs-nextjs--CVE-2021-39178-20260318035635/logs/attack.json",
"/runs/nextjs-nextjs--CVE-2021-39178-20260318035635/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "nextjs-xss",
"vuln_family": "xss",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Browser proof page shows the XSS execution marker after the controlled payload."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed client-rendering page for XSS proof capture."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner injects inert payload and captures browser proof."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "nextjs.xss",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/nextjs/xss",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed client-rendering page for XSS proof capture.",
"Runner injects inert payload and captures browser proof.",
"Browser proof page shows the XSS execution marker after the controlled payload."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2021-39178-20260318035635/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2021-39178-20260318035635/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2021-39178-20260318035635/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2021-39178-20260318035635/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2021-39178-20260318035635/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2021-39178-20260318035635/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2021-39178-20260318035635/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2021-39178-20260318035635/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/nextjs-nextjs--CVE-2021-39178-20260318035635/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2021-39178-20260318035635/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2021-39178-20260318035635/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2021-39178-20260318035635/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2021-39178-20260318035635/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/nextjs-nextjs--CVE-2021-39178-20260318035635/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2021-39178-20260318035635/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2021-39178-20260318035635/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2021-39178-20260318035635/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2021-39178-20260318035635/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2021-39178-20260318035635/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "nextjs-nextjs--CVE-2021-37699-20260318035628",
"system_id": "nextjs",
"advisory_id": "nextjs--CVE-2021-37699",
"repro_profile_id": "nextjs-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "nextjs.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/logs/proof-page.json"
],
"baseline_title": "Next.js Proxy Boundary Fixture",
"proof_title": "Next.js Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:56:28+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "nextjs--CVE-2021-37699"
},
{
"at": "2026-03-18T03:56:28+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "nextjs-proxy-boundary"
},
{
"at": "2026-03-18T03:56:29+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:56:32+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:56:32+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:56:32+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:56:32+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:56:33+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:56:33+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:56:34+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:56:34+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:56:35+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:56:35+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "nextjs-nextjs--CVE-2021-37699-20260318035628"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:56:28+00:00",
"finished_at": "2026-03-18T03:56:35+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-37699-20260318035628/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/nextjs-nextjs--CVE-2021-37699-20260318035628/report.html",
"report_md": "/runs/nextjs-nextjs--CVE-2021-37699-20260318035628/report.md",
"timeline": "/runs/nextjs-nextjs--CVE-2021-37699-20260318035628/timeline.mmd",
"bundle": "/runs/nextjs-nextjs--CVE-2021-37699-20260318035628/run.json"
},
"browser_links": [
"/runs/nextjs-nextjs--CVE-2021-37699-20260318035628/assets/baseline.png",
"/runs/nextjs-nextjs--CVE-2021-37699-20260318035628/assets/baseline-dom.html",
"/runs/nextjs-nextjs--CVE-2021-37699-20260318035628/logs/baseline-console.json",
"/runs/nextjs-nextjs--CVE-2021-37699-20260318035628/logs/baseline-network.json",
"/runs/nextjs-nextjs--CVE-2021-37699-20260318035628/logs/baseline-page.json",
"/runs/nextjs-nextjs--CVE-2021-37699-20260318035628/assets/proof.png",
"/runs/nextjs-nextjs--CVE-2021-37699-20260318035628/assets/proof-dom.html",
"/runs/nextjs-nextjs--CVE-2021-37699-20260318035628/logs/proof-console.json",
"/runs/nextjs-nextjs--CVE-2021-37699-20260318035628/logs/proof-network.json",
"/runs/nextjs-nextjs--CVE-2021-37699-20260318035628/logs/proof-page.json"
],
"container_links": [
"/runs/nextjs-nextjs--CVE-2021-37699-20260318035628/logs/docker/app.log"
],
"request_links": [
"/runs/nextjs-nextjs--CVE-2021-37699-20260318035628/logs/attack.json",
"/runs/nextjs-nextjs--CVE-2021-37699-20260318035628/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "nextjs-proxy-boundary",
"vuln_family": "proxy-boundary",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Middleware trust-boundary proof is visible on the browser proof page."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed middleware boundary fixture with clean proxy state."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner performs forwarded-header proof against local fixture only."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "nextjs.proxy-boundary",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/nextjs/proxy-boundary",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed middleware boundary fixture with clean proxy state.",
"Runner performs forwarded-header proof against local fixture only.",
"Middleware trust-boundary proof is visible on the browser proof page."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2021-37699-20260318035628/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2021-37699-20260318035628/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2021-37699-20260318035628/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2021-37699-20260318035628/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2021-37699-20260318035628/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2021-37699-20260318035628/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2021-37699-20260318035628/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2021-37699-20260318035628/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/nextjs-nextjs--CVE-2021-37699-20260318035628/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2021-37699-20260318035628/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2021-37699-20260318035628/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2021-37699-20260318035628/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2021-37699-20260318035628/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/nextjs-nextjs--CVE-2021-37699-20260318035628/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2021-37699-20260318035628/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2021-37699-20260318035628/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2021-37699-20260318035628/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2021-37699-20260318035628/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2021-37699-20260318035628/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "nextjs-nextjs--CVE-2020-5284-20260318035622",
"system_id": "nextjs",
"advisory_id": "nextjs--CVE-2020-5284",
"repro_profile_id": "nextjs-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-5284-20260318035622/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "nextjs.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-5284-20260318035622/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-5284-20260318035622/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-5284-20260318035622/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-5284-20260318035622/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-5284-20260318035622/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-5284-20260318035622/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-5284-20260318035622/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-5284-20260318035622/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-5284-20260318035622/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-5284-20260318035622/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-5284-20260318035622/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-5284-20260318035622/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-5284-20260318035622/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-5284-20260318035622/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-5284-20260318035622/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-5284-20260318035622/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-5284-20260318035622/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-5284-20260318035622/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-5284-20260318035622/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-5284-20260318035622/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-5284-20260318035622/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-5284-20260318035622/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-5284-20260318035622/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-5284-20260318035622/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-5284-20260318035622/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-5284-20260318035622/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-5284-20260318035622/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-5284-20260318035622/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-5284-20260318035622/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-5284-20260318035622/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-5284-20260318035622/logs/proof-page.json"
],
"baseline_title": "Next.js Proxy Boundary Fixture",
"proof_title": "Next.js Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-5284-20260318035622/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-5284-20260318035622/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-5284-20260318035622/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-5284-20260318035622/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:56:22+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "nextjs--CVE-2020-5284"
},
{
"at": "2026-03-18T03:56:22+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "nextjs-proxy-boundary"
},
{
"at": "2026-03-18T03:56:22+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:56:25+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:56:25+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:56:25+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:56:25+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:56:26+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:56:26+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:56:27+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:56:27+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:56:28+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:56:28+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "nextjs-nextjs--CVE-2020-5284-20260318035622"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:56:22+00:00",
"finished_at": "2026-03-18T03:56:28+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-5284-20260318035622",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-5284-20260318035622/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-5284-20260318035622/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-5284-20260318035622/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/nextjs-nextjs--CVE-2020-5284-20260318035622/report.html",
"report_md": "/runs/nextjs-nextjs--CVE-2020-5284-20260318035622/report.md",
"timeline": "/runs/nextjs-nextjs--CVE-2020-5284-20260318035622/timeline.mmd",
"bundle": "/runs/nextjs-nextjs--CVE-2020-5284-20260318035622/run.json"
},
"browser_links": [
"/runs/nextjs-nextjs--CVE-2020-5284-20260318035622/assets/baseline.png",
"/runs/nextjs-nextjs--CVE-2020-5284-20260318035622/assets/baseline-dom.html",
"/runs/nextjs-nextjs--CVE-2020-5284-20260318035622/logs/baseline-console.json",
"/runs/nextjs-nextjs--CVE-2020-5284-20260318035622/logs/baseline-network.json",
"/runs/nextjs-nextjs--CVE-2020-5284-20260318035622/logs/baseline-page.json",
"/runs/nextjs-nextjs--CVE-2020-5284-20260318035622/assets/proof.png",
"/runs/nextjs-nextjs--CVE-2020-5284-20260318035622/assets/proof-dom.html",
"/runs/nextjs-nextjs--CVE-2020-5284-20260318035622/logs/proof-console.json",
"/runs/nextjs-nextjs--CVE-2020-5284-20260318035622/logs/proof-network.json",
"/runs/nextjs-nextjs--CVE-2020-5284-20260318035622/logs/proof-page.json"
],
"container_links": [
"/runs/nextjs-nextjs--CVE-2020-5284-20260318035622/logs/docker/app.log"
],
"request_links": [
"/runs/nextjs-nextjs--CVE-2020-5284-20260318035622/logs/attack.json",
"/runs/nextjs-nextjs--CVE-2020-5284-20260318035622/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "nextjs-proxy-boundary",
"vuln_family": "proxy-boundary",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Middleware trust-boundary proof is visible on the browser proof page."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed middleware boundary fixture with clean proxy state."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner performs forwarded-header proof against local fixture only."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "nextjs.proxy-boundary",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/nextjs/proxy-boundary",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed middleware boundary fixture with clean proxy state.",
"Runner performs forwarded-header proof against local fixture only.",
"Middleware trust-boundary proof is visible on the browser proof page."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2020-5284-20260318035622/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2020-5284-20260318035622/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2020-5284-20260318035622/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2020-5284-20260318035622/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2020-5284-20260318035622/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2020-5284-20260318035622/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2020-5284-20260318035622/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2020-5284-20260318035622/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/nextjs-nextjs--CVE-2020-5284-20260318035622/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2020-5284-20260318035622/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2020-5284-20260318035622/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2020-5284-20260318035622/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2020-5284-20260318035622/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/nextjs-nextjs--CVE-2020-5284-20260318035622/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2020-5284-20260318035622/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2020-5284-20260318035622/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2020-5284-20260318035622/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2020-5284-20260318035622/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2020-5284-20260318035622/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "nextjs-nextjs--CVE-2020-15242-20260318035615",
"system_id": "nextjs",
"advisory_id": "nextjs--CVE-2020-15242",
"repro_profile_id": "nextjs-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318035615/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "nextjs.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318035615/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318035615/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318035615/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318035615/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318035615/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318035615/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318035615/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318035615/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318035615/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318035615/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318035615/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318035615/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318035615/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318035615/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318035615/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318035615/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318035615/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318035615/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318035615/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318035615/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318035615/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318035615/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318035615/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318035615/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318035615/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318035615/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318035615/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318035615/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318035615/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318035615/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318035615/logs/proof-page.json"
],
"baseline_title": "Next.js Proxy Boundary Fixture",
"proof_title": "Next.js Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318035615/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318035615/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318035615/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318035615/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:56:15+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "nextjs--CVE-2020-15242"
},
{
"at": "2026-03-18T03:56:15+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "nextjs-proxy-boundary"
},
{
"at": "2026-03-18T03:56:16+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:56:19+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:56:19+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:56:19+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:56:19+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:56:19+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:56:19+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:56:20+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:56:20+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:56:22+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:56:22+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "nextjs-nextjs--CVE-2020-15242-20260318035615"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:56:15+00:00",
"finished_at": "2026-03-18T03:56:22+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318035615",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318035615/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318035615/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318035615/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/nextjs-nextjs--CVE-2020-15242-20260318035615/report.html",
"report_md": "/runs/nextjs-nextjs--CVE-2020-15242-20260318035615/report.md",
"timeline": "/runs/nextjs-nextjs--CVE-2020-15242-20260318035615/timeline.mmd",
"bundle": "/runs/nextjs-nextjs--CVE-2020-15242-20260318035615/run.json"
},
"browser_links": [
"/runs/nextjs-nextjs--CVE-2020-15242-20260318035615/assets/baseline.png",
"/runs/nextjs-nextjs--CVE-2020-15242-20260318035615/assets/baseline-dom.html",
"/runs/nextjs-nextjs--CVE-2020-15242-20260318035615/logs/baseline-console.json",
"/runs/nextjs-nextjs--CVE-2020-15242-20260318035615/logs/baseline-network.json",
"/runs/nextjs-nextjs--CVE-2020-15242-20260318035615/logs/baseline-page.json",
"/runs/nextjs-nextjs--CVE-2020-15242-20260318035615/assets/proof.png",
"/runs/nextjs-nextjs--CVE-2020-15242-20260318035615/assets/proof-dom.html",
"/runs/nextjs-nextjs--CVE-2020-15242-20260318035615/logs/proof-console.json",
"/runs/nextjs-nextjs--CVE-2020-15242-20260318035615/logs/proof-network.json",
"/runs/nextjs-nextjs--CVE-2020-15242-20260318035615/logs/proof-page.json"
],
"container_links": [
"/runs/nextjs-nextjs--CVE-2020-15242-20260318035615/logs/docker/app.log"
],
"request_links": [
"/runs/nextjs-nextjs--CVE-2020-15242-20260318035615/logs/attack.json",
"/runs/nextjs-nextjs--CVE-2020-15242-20260318035615/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "nextjs-proxy-boundary",
"vuln_family": "proxy-boundary",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Middleware trust-boundary proof is visible on the browser proof page."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed middleware boundary fixture with clean proxy state."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner performs forwarded-header proof against local fixture only."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "nextjs.proxy-boundary",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/nextjs/proxy-boundary",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed middleware boundary fixture with clean proxy state.",
"Runner performs forwarded-header proof against local fixture only.",
"Middleware trust-boundary proof is visible on the browser proof page."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318035615/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318035615/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318035615/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318035615/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318035615/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318035615/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318035615/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318035615/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318035615/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318035615/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318035615/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318035615/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318035615/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318035615/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318035615/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318035615/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318035615/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318035615/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318035615/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "gitea-gitea--CVE-2026-20912-20260318035506",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2026-20912",
"repro_profile_id": "gitea-file-upload",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20912-20260318035506/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "gitea.file-upload",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20912-20260318035506/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20912-20260318035506/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20912-20260318035506/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20912-20260318035506/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20912-20260318035506/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20912-20260318035506/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20912-20260318035506/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20912-20260318035506/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20912-20260318035506/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20912-20260318035506/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20912-20260318035506/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20912-20260318035506/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20912-20260318035506/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20912-20260318035506/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20912-20260318035506/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20912-20260318035506/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20912-20260318035506/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20912-20260318035506/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20912-20260318035506/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20912-20260318035506/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20912-20260318035506/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20912-20260318035506/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20912-20260318035506/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20912-20260318035506/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20912-20260318035506/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20912-20260318035506/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20912-20260318035506/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20912-20260318035506/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20912-20260318035506/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20912-20260318035506/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20912-20260318035506/logs/proof-page.json"
],
"baseline_title": "Gitea File Upload Fixture",
"proof_title": "Gitea File Upload Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20912-20260318035506/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20912-20260318035506/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20912-20260318035506/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20912-20260318035506/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:55:06+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2026-20912"
},
{
"at": "2026-03-18T03:55:06+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-file-upload"
},
{
"at": "2026-03-18T03:55:07+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:55:09+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:55:09+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:55:09+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:55:10+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:55:10+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:55:10+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:55:11+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:55:11+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:55:13+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:55:13+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2026-20912-20260318035506"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "upload marker accepted and listed"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:55:06+00:00",
"finished_at": "2026-03-18T03:55:13+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20912-20260318035506",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20912-20260318035506/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20912-20260318035506/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20912-20260318035506/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/gitea-gitea--CVE-2026-20912-20260318035506/report.html",
"report_md": "/runs/gitea-gitea--CVE-2026-20912-20260318035506/report.md",
"timeline": "/runs/gitea-gitea--CVE-2026-20912-20260318035506/timeline.mmd",
"bundle": "/runs/gitea-gitea--CVE-2026-20912-20260318035506/run.json"
},
"browser_links": [
"/runs/gitea-gitea--CVE-2026-20912-20260318035506/assets/baseline.png",
"/runs/gitea-gitea--CVE-2026-20912-20260318035506/assets/baseline-dom.html",
"/runs/gitea-gitea--CVE-2026-20912-20260318035506/logs/baseline-console.json",
"/runs/gitea-gitea--CVE-2026-20912-20260318035506/logs/baseline-network.json",
"/runs/gitea-gitea--CVE-2026-20912-20260318035506/logs/baseline-page.json",
"/runs/gitea-gitea--CVE-2026-20912-20260318035506/assets/proof.png",
"/runs/gitea-gitea--CVE-2026-20912-20260318035506/assets/proof-dom.html",
"/runs/gitea-gitea--CVE-2026-20912-20260318035506/logs/proof-console.json",
"/runs/gitea-gitea--CVE-2026-20912-20260318035506/logs/proof-network.json",
"/runs/gitea-gitea--CVE-2026-20912-20260318035506/logs/proof-page.json"
],
"container_links": [
"/runs/gitea-gitea--CVE-2026-20912-20260318035506/logs/docker/app.log"
],
"request_links": [
"/runs/gitea-gitea--CVE-2026-20912-20260318035506/logs/attack.json",
"/runs/gitea-gitea--CVE-2026-20912-20260318035506/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "gitea-file-upload",
"vuln_family": "file-upload",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Inert upload marker is accepted and listed on the proof page."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed empty attachment list for upload proof."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner uploads inert text marker only."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "gitea.file-upload",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/gitea/file-upload",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed empty attachment list for upload proof.",
"Runner uploads inert text marker only.",
"Inert upload marker is accepted and listed on the proof page."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2026-20912-20260318035506/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20912-20260318035506/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20912-20260318035506/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20912-20260318035506/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2026-20912-20260318035506/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2026-20912-20260318035506/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2026-20912-20260318035506/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2026-20912-20260318035506/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20912-20260318035506/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20912-20260318035506/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20912-20260318035506/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20912-20260318035506/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20912-20260318035506/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20912-20260318035506/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20912-20260318035506/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20912-20260318035506/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20912-20260318035506/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2026-20912-20260318035506/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2026-20912-20260318035506/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "gitea-gitea--CVE-2026-20904-20260318035500",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2026-20904",
"repro_profile_id": "gitea-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20904-20260318035500/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "gitea.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20904-20260318035500/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20904-20260318035500/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20904-20260318035500/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20904-20260318035500/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20904-20260318035500/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20904-20260318035500/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20904-20260318035500/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20904-20260318035500/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20904-20260318035500/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20904-20260318035500/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20904-20260318035500/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20904-20260318035500/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20904-20260318035500/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20904-20260318035500/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20904-20260318035500/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20904-20260318035500/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20904-20260318035500/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20904-20260318035500/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20904-20260318035500/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20904-20260318035500/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20904-20260318035500/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20904-20260318035500/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20904-20260318035500/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20904-20260318035500/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20904-20260318035500/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20904-20260318035500/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20904-20260318035500/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20904-20260318035500/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20904-20260318035500/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20904-20260318035500/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20904-20260318035500/logs/proof-page.json"
],
"baseline_title": "Gitea Proxy Boundary Fixture",
"proof_title": "Gitea Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20904-20260318035500/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20904-20260318035500/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20904-20260318035500/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20904-20260318035500/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:55:00+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2026-20904"
},
{
"at": "2026-03-18T03:55:00+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-proxy-boundary"
},
{
"at": "2026-03-18T03:55:00+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:55:03+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:55:03+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:55:03+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:55:03+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:55:04+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:55:04+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:55:05+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:55:05+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:55:06+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:55:06+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2026-20904-20260318035500"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:55:00+00:00",
"finished_at": "2026-03-18T03:55:06+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20904-20260318035500",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20904-20260318035500/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20904-20260318035500/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20904-20260318035500/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/gitea-gitea--CVE-2026-20904-20260318035500/report.html",
"report_md": "/runs/gitea-gitea--CVE-2026-20904-20260318035500/report.md",
"timeline": "/runs/gitea-gitea--CVE-2026-20904-20260318035500/timeline.mmd",
"bundle": "/runs/gitea-gitea--CVE-2026-20904-20260318035500/run.json"
},
"browser_links": [
"/runs/gitea-gitea--CVE-2026-20904-20260318035500/assets/baseline.png",
"/runs/gitea-gitea--CVE-2026-20904-20260318035500/assets/baseline-dom.html",
"/runs/gitea-gitea--CVE-2026-20904-20260318035500/logs/baseline-console.json",
"/runs/gitea-gitea--CVE-2026-20904-20260318035500/logs/baseline-network.json",
"/runs/gitea-gitea--CVE-2026-20904-20260318035500/logs/baseline-page.json",
"/runs/gitea-gitea--CVE-2026-20904-20260318035500/assets/proof.png",
"/runs/gitea-gitea--CVE-2026-20904-20260318035500/assets/proof-dom.html",
"/runs/gitea-gitea--CVE-2026-20904-20260318035500/logs/proof-console.json",
"/runs/gitea-gitea--CVE-2026-20904-20260318035500/logs/proof-network.json",
"/runs/gitea-gitea--CVE-2026-20904-20260318035500/logs/proof-page.json"
],
"container_links": [
"/runs/gitea-gitea--CVE-2026-20904-20260318035500/logs/docker/app.log"
],
"request_links": [
"/runs/gitea-gitea--CVE-2026-20904-20260318035500/logs/attack.json",
"/runs/gitea-gitea--CVE-2026-20904-20260318035500/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "gitea-proxy-boundary",
"vuln_family": "proxy-boundary",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed forwarded-header boundary fixture with clean state."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner performs local forwarded-header trust proof only inside the fixture."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "gitea.proxy-boundary",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/gitea/proxy-boundary",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed forwarded-header boundary fixture with clean state.",
"Runner performs local forwarded-header trust proof only inside the fixture.",
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2026-20904-20260318035500/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20904-20260318035500/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20904-20260318035500/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20904-20260318035500/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2026-20904-20260318035500/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2026-20904-20260318035500/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2026-20904-20260318035500/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2026-20904-20260318035500/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20904-20260318035500/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20904-20260318035500/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20904-20260318035500/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20904-20260318035500/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20904-20260318035500/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20904-20260318035500/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20904-20260318035500/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20904-20260318035500/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20904-20260318035500/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2026-20904-20260318035500/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2026-20904-20260318035500/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "gitea-gitea--CVE-2026-20897-20260318035454",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2026-20897",
"repro_profile_id": "gitea-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20897-20260318035454/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "gitea.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20897-20260318035454/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20897-20260318035454/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20897-20260318035454/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20897-20260318035454/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20897-20260318035454/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20897-20260318035454/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20897-20260318035454/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20897-20260318035454/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20897-20260318035454/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20897-20260318035454/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20897-20260318035454/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20897-20260318035454/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20897-20260318035454/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20897-20260318035454/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20897-20260318035454/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20897-20260318035454/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20897-20260318035454/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20897-20260318035454/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20897-20260318035454/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20897-20260318035454/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20897-20260318035454/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20897-20260318035454/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20897-20260318035454/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20897-20260318035454/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20897-20260318035454/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20897-20260318035454/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20897-20260318035454/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20897-20260318035454/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20897-20260318035454/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20897-20260318035454/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20897-20260318035454/logs/proof-page.json"
],
"baseline_title": "Gitea Proxy Boundary Fixture",
"proof_title": "Gitea Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20897-20260318035454/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20897-20260318035454/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20897-20260318035454/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20897-20260318035454/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:54:54+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2026-20897"
},
{
"at": "2026-03-18T03:54:54+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-proxy-boundary"
},
{
"at": "2026-03-18T03:54:54+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:54:57+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:54:57+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:54:57+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:54:57+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:54:58+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:54:58+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:54:59+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:54:59+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:55:00+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:55:00+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2026-20897-20260318035454"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:54:54+00:00",
"finished_at": "2026-03-18T03:55:00+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20897-20260318035454",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20897-20260318035454/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20897-20260318035454/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20897-20260318035454/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/gitea-gitea--CVE-2026-20897-20260318035454/report.html",
"report_md": "/runs/gitea-gitea--CVE-2026-20897-20260318035454/report.md",
"timeline": "/runs/gitea-gitea--CVE-2026-20897-20260318035454/timeline.mmd",
"bundle": "/runs/gitea-gitea--CVE-2026-20897-20260318035454/run.json"
},
"browser_links": [
"/runs/gitea-gitea--CVE-2026-20897-20260318035454/assets/baseline.png",
"/runs/gitea-gitea--CVE-2026-20897-20260318035454/assets/baseline-dom.html",
"/runs/gitea-gitea--CVE-2026-20897-20260318035454/logs/baseline-console.json",
"/runs/gitea-gitea--CVE-2026-20897-20260318035454/logs/baseline-network.json",
"/runs/gitea-gitea--CVE-2026-20897-20260318035454/logs/baseline-page.json",
"/runs/gitea-gitea--CVE-2026-20897-20260318035454/assets/proof.png",
"/runs/gitea-gitea--CVE-2026-20897-20260318035454/assets/proof-dom.html",
"/runs/gitea-gitea--CVE-2026-20897-20260318035454/logs/proof-console.json",
"/runs/gitea-gitea--CVE-2026-20897-20260318035454/logs/proof-network.json",
"/runs/gitea-gitea--CVE-2026-20897-20260318035454/logs/proof-page.json"
],
"container_links": [
"/runs/gitea-gitea--CVE-2026-20897-20260318035454/logs/docker/app.log"
],
"request_links": [
"/runs/gitea-gitea--CVE-2026-20897-20260318035454/logs/attack.json",
"/runs/gitea-gitea--CVE-2026-20897-20260318035454/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "gitea-proxy-boundary",
"vuln_family": "proxy-boundary",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed forwarded-header boundary fixture with clean state."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner performs local forwarded-header trust proof only inside the fixture."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "gitea.proxy-boundary",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/gitea/proxy-boundary",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed forwarded-header boundary fixture with clean state.",
"Runner performs local forwarded-header trust proof only inside the fixture.",
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2026-20897-20260318035454/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20897-20260318035454/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20897-20260318035454/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20897-20260318035454/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2026-20897-20260318035454/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2026-20897-20260318035454/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2026-20897-20260318035454/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2026-20897-20260318035454/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20897-20260318035454/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20897-20260318035454/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20897-20260318035454/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20897-20260318035454/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20897-20260318035454/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20897-20260318035454/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20897-20260318035454/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20897-20260318035454/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20897-20260318035454/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2026-20897-20260318035454/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2026-20897-20260318035454/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "gitea-gitea--CVE-2026-20888-20260318035447",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2026-20888",
"repro_profile_id": "gitea-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20888-20260318035447/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "gitea.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20888-20260318035447/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20888-20260318035447/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20888-20260318035447/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20888-20260318035447/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20888-20260318035447/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20888-20260318035447/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20888-20260318035447/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20888-20260318035447/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20888-20260318035447/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20888-20260318035447/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20888-20260318035447/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20888-20260318035447/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20888-20260318035447/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20888-20260318035447/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20888-20260318035447/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20888-20260318035447/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20888-20260318035447/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20888-20260318035447/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20888-20260318035447/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20888-20260318035447/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20888-20260318035447/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20888-20260318035447/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20888-20260318035447/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20888-20260318035447/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20888-20260318035447/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20888-20260318035447/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20888-20260318035447/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20888-20260318035447/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20888-20260318035447/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20888-20260318035447/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20888-20260318035447/logs/proof-page.json"
],
"baseline_title": "Gitea Proxy Boundary Fixture",
"proof_title": "Gitea Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20888-20260318035447/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20888-20260318035447/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20888-20260318035447/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20888-20260318035447/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:54:47+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2026-20888"
},
{
"at": "2026-03-18T03:54:47+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-proxy-boundary"
},
{
"at": "2026-03-18T03:54:47+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:54:50+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:54:50+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:54:50+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:54:50+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:54:51+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:54:51+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:54:52+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:54:52+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:54:54+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:54:54+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2026-20888-20260318035447"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:54:47+00:00",
"finished_at": "2026-03-18T03:54:54+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20888-20260318035447",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20888-20260318035447/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20888-20260318035447/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20888-20260318035447/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/gitea-gitea--CVE-2026-20888-20260318035447/report.html",
"report_md": "/runs/gitea-gitea--CVE-2026-20888-20260318035447/report.md",
"timeline": "/runs/gitea-gitea--CVE-2026-20888-20260318035447/timeline.mmd",
"bundle": "/runs/gitea-gitea--CVE-2026-20888-20260318035447/run.json"
},
"browser_links": [
"/runs/gitea-gitea--CVE-2026-20888-20260318035447/assets/baseline.png",
"/runs/gitea-gitea--CVE-2026-20888-20260318035447/assets/baseline-dom.html",
"/runs/gitea-gitea--CVE-2026-20888-20260318035447/logs/baseline-console.json",
"/runs/gitea-gitea--CVE-2026-20888-20260318035447/logs/baseline-network.json",
"/runs/gitea-gitea--CVE-2026-20888-20260318035447/logs/baseline-page.json",
"/runs/gitea-gitea--CVE-2026-20888-20260318035447/assets/proof.png",
"/runs/gitea-gitea--CVE-2026-20888-20260318035447/assets/proof-dom.html",
"/runs/gitea-gitea--CVE-2026-20888-20260318035447/logs/proof-console.json",
"/runs/gitea-gitea--CVE-2026-20888-20260318035447/logs/proof-network.json",
"/runs/gitea-gitea--CVE-2026-20888-20260318035447/logs/proof-page.json"
],
"container_links": [
"/runs/gitea-gitea--CVE-2026-20888-20260318035447/logs/docker/app.log"
],
"request_links": [
"/runs/gitea-gitea--CVE-2026-20888-20260318035447/logs/attack.json",
"/runs/gitea-gitea--CVE-2026-20888-20260318035447/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "gitea-proxy-boundary",
"vuln_family": "proxy-boundary",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed forwarded-header boundary fixture with clean state."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner performs local forwarded-header trust proof only inside the fixture."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "gitea.proxy-boundary",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/gitea/proxy-boundary",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed forwarded-header boundary fixture with clean state.",
"Runner performs local forwarded-header trust proof only inside the fixture.",
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2026-20888-20260318035447/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20888-20260318035447/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20888-20260318035447/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20888-20260318035447/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2026-20888-20260318035447/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2026-20888-20260318035447/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2026-20888-20260318035447/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2026-20888-20260318035447/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20888-20260318035447/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20888-20260318035447/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20888-20260318035447/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20888-20260318035447/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20888-20260318035447/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20888-20260318035447/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20888-20260318035447/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20888-20260318035447/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20888-20260318035447/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2026-20888-20260318035447/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2026-20888-20260318035447/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "gitea-gitea--CVE-2026-20883-20260318035441",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2026-20883",
"repro_profile_id": "gitea-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20883-20260318035441/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "gitea.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20883-20260318035441/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20883-20260318035441/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20883-20260318035441/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20883-20260318035441/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20883-20260318035441/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20883-20260318035441/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20883-20260318035441/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20883-20260318035441/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20883-20260318035441/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20883-20260318035441/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20883-20260318035441/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20883-20260318035441/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20883-20260318035441/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20883-20260318035441/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20883-20260318035441/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20883-20260318035441/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20883-20260318035441/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20883-20260318035441/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20883-20260318035441/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20883-20260318035441/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20883-20260318035441/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20883-20260318035441/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20883-20260318035441/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20883-20260318035441/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20883-20260318035441/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20883-20260318035441/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20883-20260318035441/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20883-20260318035441/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20883-20260318035441/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20883-20260318035441/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20883-20260318035441/logs/proof-page.json"
],
"baseline_title": "Gitea Proxy Boundary Fixture",
"proof_title": "Gitea Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20883-20260318035441/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20883-20260318035441/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20883-20260318035441/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20883-20260318035441/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:54:41+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2026-20883"
},
{
"at": "2026-03-18T03:54:41+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-proxy-boundary"
},
{
"at": "2026-03-18T03:54:41+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:54:44+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:54:44+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:54:44+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:54:44+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:54:45+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:54:45+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:54:46+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:54:46+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:54:47+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:54:47+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2026-20883-20260318035441"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:54:41+00:00",
"finished_at": "2026-03-18T03:54:47+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20883-20260318035441",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20883-20260318035441/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20883-20260318035441/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20883-20260318035441/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/gitea-gitea--CVE-2026-20883-20260318035441/report.html",
"report_md": "/runs/gitea-gitea--CVE-2026-20883-20260318035441/report.md",
"timeline": "/runs/gitea-gitea--CVE-2026-20883-20260318035441/timeline.mmd",
"bundle": "/runs/gitea-gitea--CVE-2026-20883-20260318035441/run.json"
},
"browser_links": [
"/runs/gitea-gitea--CVE-2026-20883-20260318035441/assets/baseline.png",
"/runs/gitea-gitea--CVE-2026-20883-20260318035441/assets/baseline-dom.html",
"/runs/gitea-gitea--CVE-2026-20883-20260318035441/logs/baseline-console.json",
"/runs/gitea-gitea--CVE-2026-20883-20260318035441/logs/baseline-network.json",
"/runs/gitea-gitea--CVE-2026-20883-20260318035441/logs/baseline-page.json",
"/runs/gitea-gitea--CVE-2026-20883-20260318035441/assets/proof.png",
"/runs/gitea-gitea--CVE-2026-20883-20260318035441/assets/proof-dom.html",
"/runs/gitea-gitea--CVE-2026-20883-20260318035441/logs/proof-console.json",
"/runs/gitea-gitea--CVE-2026-20883-20260318035441/logs/proof-network.json",
"/runs/gitea-gitea--CVE-2026-20883-20260318035441/logs/proof-page.json"
],
"container_links": [
"/runs/gitea-gitea--CVE-2026-20883-20260318035441/logs/docker/app.log"
],
"request_links": [
"/runs/gitea-gitea--CVE-2026-20883-20260318035441/logs/attack.json",
"/runs/gitea-gitea--CVE-2026-20883-20260318035441/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "gitea-proxy-boundary",
"vuln_family": "proxy-boundary",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed forwarded-header boundary fixture with clean state."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner performs local forwarded-header trust proof only inside the fixture."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "gitea.proxy-boundary",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/gitea/proxy-boundary",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed forwarded-header boundary fixture with clean state.",
"Runner performs local forwarded-header trust proof only inside the fixture.",
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2026-20883-20260318035441/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20883-20260318035441/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20883-20260318035441/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20883-20260318035441/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2026-20883-20260318035441/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2026-20883-20260318035441/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2026-20883-20260318035441/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2026-20883-20260318035441/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20883-20260318035441/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20883-20260318035441/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20883-20260318035441/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20883-20260318035441/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20883-20260318035441/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20883-20260318035441/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20883-20260318035441/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20883-20260318035441/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20883-20260318035441/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2026-20883-20260318035441/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2026-20883-20260318035441/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "gitea-gitea--CVE-2026-20800-20260318035434",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2026-20800",
"repro_profile_id": "gitea-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20800-20260318035434/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "gitea.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20800-20260318035434/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20800-20260318035434/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20800-20260318035434/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20800-20260318035434/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20800-20260318035434/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20800-20260318035434/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20800-20260318035434/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20800-20260318035434/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20800-20260318035434/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20800-20260318035434/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20800-20260318035434/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20800-20260318035434/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20800-20260318035434/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20800-20260318035434/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20800-20260318035434/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20800-20260318035434/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20800-20260318035434/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20800-20260318035434/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20800-20260318035434/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20800-20260318035434/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20800-20260318035434/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20800-20260318035434/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20800-20260318035434/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20800-20260318035434/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20800-20260318035434/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20800-20260318035434/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20800-20260318035434/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20800-20260318035434/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20800-20260318035434/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20800-20260318035434/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20800-20260318035434/logs/proof-page.json"
],
"baseline_title": "Gitea Proxy Boundary Fixture",
"proof_title": "Gitea Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20800-20260318035434/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20800-20260318035434/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20800-20260318035434/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20800-20260318035434/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:54:34+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2026-20800"
},
{
"at": "2026-03-18T03:54:34+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-proxy-boundary"
},
{
"at": "2026-03-18T03:54:34+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:54:37+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:54:37+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:54:37+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:54:37+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:54:38+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:54:38+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:54:39+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:54:39+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:54:41+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:54:41+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2026-20800-20260318035434"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:54:34+00:00",
"finished_at": "2026-03-18T03:54:41+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20800-20260318035434",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20800-20260318035434/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20800-20260318035434/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20800-20260318035434/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/gitea-gitea--CVE-2026-20800-20260318035434/report.html",
"report_md": "/runs/gitea-gitea--CVE-2026-20800-20260318035434/report.md",
"timeline": "/runs/gitea-gitea--CVE-2026-20800-20260318035434/timeline.mmd",
"bundle": "/runs/gitea-gitea--CVE-2026-20800-20260318035434/run.json"
},
"browser_links": [
"/runs/gitea-gitea--CVE-2026-20800-20260318035434/assets/baseline.png",
"/runs/gitea-gitea--CVE-2026-20800-20260318035434/assets/baseline-dom.html",
"/runs/gitea-gitea--CVE-2026-20800-20260318035434/logs/baseline-console.json",
"/runs/gitea-gitea--CVE-2026-20800-20260318035434/logs/baseline-network.json",
"/runs/gitea-gitea--CVE-2026-20800-20260318035434/logs/baseline-page.json",
"/runs/gitea-gitea--CVE-2026-20800-20260318035434/assets/proof.png",
"/runs/gitea-gitea--CVE-2026-20800-20260318035434/assets/proof-dom.html",
"/runs/gitea-gitea--CVE-2026-20800-20260318035434/logs/proof-console.json",
"/runs/gitea-gitea--CVE-2026-20800-20260318035434/logs/proof-network.json",
"/runs/gitea-gitea--CVE-2026-20800-20260318035434/logs/proof-page.json"
],
"container_links": [
"/runs/gitea-gitea--CVE-2026-20800-20260318035434/logs/docker/app.log"
],
"request_links": [
"/runs/gitea-gitea--CVE-2026-20800-20260318035434/logs/attack.json",
"/runs/gitea-gitea--CVE-2026-20800-20260318035434/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "gitea-proxy-boundary",
"vuln_family": "proxy-boundary",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed forwarded-header boundary fixture with clean state."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner performs local forwarded-header trust proof only inside the fixture."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "gitea.proxy-boundary",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/gitea/proxy-boundary",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed forwarded-header boundary fixture with clean state.",
"Runner performs local forwarded-header trust proof only inside the fixture.",
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2026-20800-20260318035434/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20800-20260318035434/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20800-20260318035434/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20800-20260318035434/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2026-20800-20260318035434/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2026-20800-20260318035434/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2026-20800-20260318035434/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2026-20800-20260318035434/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20800-20260318035434/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20800-20260318035434/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20800-20260318035434/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20800-20260318035434/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20800-20260318035434/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20800-20260318035434/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20800-20260318035434/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20800-20260318035434/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20800-20260318035434/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2026-20800-20260318035434/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2026-20800-20260318035434/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "gitea-gitea--CVE-2026-20750-20260318035428",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2026-20750",
"repro_profile_id": "gitea-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20750-20260318035428/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "gitea.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20750-20260318035428/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20750-20260318035428/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20750-20260318035428/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20750-20260318035428/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20750-20260318035428/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20750-20260318035428/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20750-20260318035428/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20750-20260318035428/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20750-20260318035428/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20750-20260318035428/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20750-20260318035428/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20750-20260318035428/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20750-20260318035428/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20750-20260318035428/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20750-20260318035428/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20750-20260318035428/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20750-20260318035428/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20750-20260318035428/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20750-20260318035428/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20750-20260318035428/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20750-20260318035428/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20750-20260318035428/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20750-20260318035428/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20750-20260318035428/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20750-20260318035428/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20750-20260318035428/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20750-20260318035428/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20750-20260318035428/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20750-20260318035428/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20750-20260318035428/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20750-20260318035428/logs/proof-page.json"
],
"baseline_title": "Gitea Proxy Boundary Fixture",
"proof_title": "Gitea Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20750-20260318035428/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20750-20260318035428/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20750-20260318035428/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20750-20260318035428/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:54:28+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2026-20750"
},
{
"at": "2026-03-18T03:54:28+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-proxy-boundary"
},
{
"at": "2026-03-18T03:54:28+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:54:31+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:54:31+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:54:31+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:54:31+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:54:32+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:54:32+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:54:32+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:54:33+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:54:34+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:54:34+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2026-20750-20260318035428"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:54:28+00:00",
"finished_at": "2026-03-18T03:54:34+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20750-20260318035428",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20750-20260318035428/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20750-20260318035428/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20750-20260318035428/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/gitea-gitea--CVE-2026-20750-20260318035428/report.html",
"report_md": "/runs/gitea-gitea--CVE-2026-20750-20260318035428/report.md",
"timeline": "/runs/gitea-gitea--CVE-2026-20750-20260318035428/timeline.mmd",
"bundle": "/runs/gitea-gitea--CVE-2026-20750-20260318035428/run.json"
},
"browser_links": [
"/runs/gitea-gitea--CVE-2026-20750-20260318035428/assets/baseline.png",
"/runs/gitea-gitea--CVE-2026-20750-20260318035428/assets/baseline-dom.html",
"/runs/gitea-gitea--CVE-2026-20750-20260318035428/logs/baseline-console.json",
"/runs/gitea-gitea--CVE-2026-20750-20260318035428/logs/baseline-network.json",
"/runs/gitea-gitea--CVE-2026-20750-20260318035428/logs/baseline-page.json",
"/runs/gitea-gitea--CVE-2026-20750-20260318035428/assets/proof.png",
"/runs/gitea-gitea--CVE-2026-20750-20260318035428/assets/proof-dom.html",
"/runs/gitea-gitea--CVE-2026-20750-20260318035428/logs/proof-console.json",
"/runs/gitea-gitea--CVE-2026-20750-20260318035428/logs/proof-network.json",
"/runs/gitea-gitea--CVE-2026-20750-20260318035428/logs/proof-page.json"
],
"container_links": [
"/runs/gitea-gitea--CVE-2026-20750-20260318035428/logs/docker/app.log"
],
"request_links": [
"/runs/gitea-gitea--CVE-2026-20750-20260318035428/logs/attack.json",
"/runs/gitea-gitea--CVE-2026-20750-20260318035428/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "gitea-proxy-boundary",
"vuln_family": "proxy-boundary",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed forwarded-header boundary fixture with clean state."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner performs local forwarded-header trust proof only inside the fixture."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "gitea.proxy-boundary",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/gitea/proxy-boundary",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed forwarded-header boundary fixture with clean state.",
"Runner performs local forwarded-header trust proof only inside the fixture.",
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2026-20750-20260318035428/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20750-20260318035428/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20750-20260318035428/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20750-20260318035428/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2026-20750-20260318035428/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2026-20750-20260318035428/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2026-20750-20260318035428/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2026-20750-20260318035428/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20750-20260318035428/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20750-20260318035428/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20750-20260318035428/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20750-20260318035428/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20750-20260318035428/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20750-20260318035428/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20750-20260318035428/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20750-20260318035428/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20750-20260318035428/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2026-20750-20260318035428/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2026-20750-20260318035428/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "gitea-gitea--CVE-2026-20736-20260318035423",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2026-20736",
"repro_profile_id": "gitea-authz-bypass",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20736-20260318035423/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "gitea.authz-bypass",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20736-20260318035423/logs/attack.json"
}
],
"browser_refs": [],
"browser_evidence": {
"required": false,
"present": false,
"refs": [],
"baseline_refs": [],
"proof_refs": [],
"baseline_title": null,
"proof_title": null,
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20736-20260318035423/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20736-20260318035423/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20736-20260318035423/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20736-20260318035423/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:54:23+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2026-20736"
},
{
"at": "2026-03-18T03:54:23+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-authz-bypass"
},
{
"at": "2026-03-18T03:54:23+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:54:26+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:54:26+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:54:26+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:54:26+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:54:26+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:54:26+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:54:27+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:54:27+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2026-20736-20260318035423"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "server-side authorization recheck was bypassed"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:54:23+00:00",
"finished_at": "2026-03-18T03:54:27+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20736-20260318035423",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20736-20260318035423/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20736-20260318035423/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-20736-20260318035423/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/gitea-gitea--CVE-2026-20736-20260318035423/report.html",
"report_md": "/runs/gitea-gitea--CVE-2026-20736-20260318035423/report.md",
"timeline": "/runs/gitea-gitea--CVE-2026-20736-20260318035423/timeline.mmd",
"bundle": "/runs/gitea-gitea--CVE-2026-20736-20260318035423/run.json"
},
"browser_links": [],
"container_links": [
"/runs/gitea-gitea--CVE-2026-20736-20260318035423/logs/docker/app.log"
],
"request_links": [
"/runs/gitea-gitea--CVE-2026-20736-20260318035423/logs/attack.json",
"/runs/gitea-gitea--CVE-2026-20736-20260318035423/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "gitea-authz-bypass",
"vuln_family": "authz-bypass",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Controlled guest request reaches the protected admin route inside the fixture."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed low-privilege and admin boundary fixture state."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner verifies guest-to-admin bypass only inside fixture route."
}
],
"browser_assertions": {
"required": false
},
"runner_id": "gitea.authz-bypass",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/gitea/authz-bypass",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed low-privilege and admin boundary fixture state.",
"Runner verifies guest-to-admin bypass only inside fixture route.",
"Controlled guest request reaches the protected admin route inside the fixture."
],
"progress": {
"completed": 10,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2026-20736-20260318035423/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20736-20260318035423/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20736-20260318035423/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-20736-20260318035423/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2026-20736-20260318035423/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2026-20736-20260318035423/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2026-20736-20260318035423/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2026-20736-20260318035423/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2026-20736-20260318035423/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "gitea-gitea--CVE-2026-0798-20260318035416",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2026-0798",
"repro_profile_id": "gitea-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-0798-20260318035416/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "gitea.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-0798-20260318035416/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-0798-20260318035416/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-0798-20260318035416/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-0798-20260318035416/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-0798-20260318035416/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-0798-20260318035416/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-0798-20260318035416/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-0798-20260318035416/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-0798-20260318035416/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-0798-20260318035416/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-0798-20260318035416/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-0798-20260318035416/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-0798-20260318035416/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-0798-20260318035416/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-0798-20260318035416/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-0798-20260318035416/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-0798-20260318035416/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-0798-20260318035416/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-0798-20260318035416/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-0798-20260318035416/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-0798-20260318035416/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-0798-20260318035416/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-0798-20260318035416/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-0798-20260318035416/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-0798-20260318035416/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-0798-20260318035416/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-0798-20260318035416/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-0798-20260318035416/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-0798-20260318035416/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-0798-20260318035416/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-0798-20260318035416/logs/proof-page.json"
],
"baseline_title": "Gitea Proxy Boundary Fixture",
"proof_title": "Gitea Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-0798-20260318035416/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-0798-20260318035416/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-0798-20260318035416/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-0798-20260318035416/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:54:16+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2026-0798"
},
{
"at": "2026-03-18T03:54:16+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-proxy-boundary"
},
{
"at": "2026-03-18T03:54:17+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:54:20+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:54:20+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:54:20+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:54:20+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:54:20+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:54:20+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:54:21+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:54:21+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:54:23+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:54:23+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2026-0798-20260318035416"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:54:16+00:00",
"finished_at": "2026-03-18T03:54:23+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-0798-20260318035416",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-0798-20260318035416/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-0798-20260318035416/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2026-0798-20260318035416/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/gitea-gitea--CVE-2026-0798-20260318035416/report.html",
"report_md": "/runs/gitea-gitea--CVE-2026-0798-20260318035416/report.md",
"timeline": "/runs/gitea-gitea--CVE-2026-0798-20260318035416/timeline.mmd",
"bundle": "/runs/gitea-gitea--CVE-2026-0798-20260318035416/run.json"
},
"browser_links": [
"/runs/gitea-gitea--CVE-2026-0798-20260318035416/assets/baseline.png",
"/runs/gitea-gitea--CVE-2026-0798-20260318035416/assets/baseline-dom.html",
"/runs/gitea-gitea--CVE-2026-0798-20260318035416/logs/baseline-console.json",
"/runs/gitea-gitea--CVE-2026-0798-20260318035416/logs/baseline-network.json",
"/runs/gitea-gitea--CVE-2026-0798-20260318035416/logs/baseline-page.json",
"/runs/gitea-gitea--CVE-2026-0798-20260318035416/assets/proof.png",
"/runs/gitea-gitea--CVE-2026-0798-20260318035416/assets/proof-dom.html",
"/runs/gitea-gitea--CVE-2026-0798-20260318035416/logs/proof-console.json",
"/runs/gitea-gitea--CVE-2026-0798-20260318035416/logs/proof-network.json",
"/runs/gitea-gitea--CVE-2026-0798-20260318035416/logs/proof-page.json"
],
"container_links": [
"/runs/gitea-gitea--CVE-2026-0798-20260318035416/logs/docker/app.log"
],
"request_links": [
"/runs/gitea-gitea--CVE-2026-0798-20260318035416/logs/attack.json",
"/runs/gitea-gitea--CVE-2026-0798-20260318035416/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "gitea-proxy-boundary",
"vuln_family": "proxy-boundary",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed forwarded-header boundary fixture with clean state."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner performs local forwarded-header trust proof only inside the fixture."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "gitea.proxy-boundary",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/gitea/proxy-boundary",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed forwarded-header boundary fixture with clean state.",
"Runner performs local forwarded-header trust proof only inside the fixture.",
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2026-0798-20260318035416/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-0798-20260318035416/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-0798-20260318035416/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-0798-20260318035416/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2026-0798-20260318035416/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2026-0798-20260318035416/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2026-0798-20260318035416/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2026-0798-20260318035416/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2026-0798-20260318035416/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-0798-20260318035416/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-0798-20260318035416/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-0798-20260318035416/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-0798-20260318035416/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2026-0798-20260318035416/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-0798-20260318035416/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-0798-20260318035416/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2026-0798-20260318035416/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2026-0798-20260318035416/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2026-0798-20260318035416/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "gitea-gitea--CVE-2025-69413-20260318035410",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2025-69413",
"repro_profile_id": "gitea-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-69413-20260318035410/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "gitea.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-69413-20260318035410/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-69413-20260318035410/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-69413-20260318035410/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-69413-20260318035410/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-69413-20260318035410/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-69413-20260318035410/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-69413-20260318035410/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-69413-20260318035410/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-69413-20260318035410/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-69413-20260318035410/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-69413-20260318035410/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-69413-20260318035410/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-69413-20260318035410/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-69413-20260318035410/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-69413-20260318035410/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-69413-20260318035410/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-69413-20260318035410/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-69413-20260318035410/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-69413-20260318035410/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-69413-20260318035410/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-69413-20260318035410/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-69413-20260318035410/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-69413-20260318035410/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-69413-20260318035410/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-69413-20260318035410/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-69413-20260318035410/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-69413-20260318035410/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-69413-20260318035410/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-69413-20260318035410/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-69413-20260318035410/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-69413-20260318035410/logs/proof-page.json"
],
"baseline_title": "Gitea Proxy Boundary Fixture",
"proof_title": "Gitea Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-69413-20260318035410/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-69413-20260318035410/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-69413-20260318035410/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-69413-20260318035410/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:54:10+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2025-69413"
},
{
"at": "2026-03-18T03:54:10+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-proxy-boundary"
},
{
"at": "2026-03-18T03:54:11+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:54:13+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:54:13+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:54:13+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:54:13+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:54:14+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:54:14+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:54:15+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:54:15+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:54:16+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:54:16+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2025-69413-20260318035410"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:54:10+00:00",
"finished_at": "2026-03-18T03:54:16+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-69413-20260318035410",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-69413-20260318035410/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-69413-20260318035410/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-69413-20260318035410/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/gitea-gitea--CVE-2025-69413-20260318035410/report.html",
"report_md": "/runs/gitea-gitea--CVE-2025-69413-20260318035410/report.md",
"timeline": "/runs/gitea-gitea--CVE-2025-69413-20260318035410/timeline.mmd",
"bundle": "/runs/gitea-gitea--CVE-2025-69413-20260318035410/run.json"
},
"browser_links": [
"/runs/gitea-gitea--CVE-2025-69413-20260318035410/assets/baseline.png",
"/runs/gitea-gitea--CVE-2025-69413-20260318035410/assets/baseline-dom.html",
"/runs/gitea-gitea--CVE-2025-69413-20260318035410/logs/baseline-console.json",
"/runs/gitea-gitea--CVE-2025-69413-20260318035410/logs/baseline-network.json",
"/runs/gitea-gitea--CVE-2025-69413-20260318035410/logs/baseline-page.json",
"/runs/gitea-gitea--CVE-2025-69413-20260318035410/assets/proof.png",
"/runs/gitea-gitea--CVE-2025-69413-20260318035410/assets/proof-dom.html",
"/runs/gitea-gitea--CVE-2025-69413-20260318035410/logs/proof-console.json",
"/runs/gitea-gitea--CVE-2025-69413-20260318035410/logs/proof-network.json",
"/runs/gitea-gitea--CVE-2025-69413-20260318035410/logs/proof-page.json"
],
"container_links": [
"/runs/gitea-gitea--CVE-2025-69413-20260318035410/logs/docker/app.log"
],
"request_links": [
"/runs/gitea-gitea--CVE-2025-69413-20260318035410/logs/attack.json",
"/runs/gitea-gitea--CVE-2025-69413-20260318035410/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "gitea-proxy-boundary",
"vuln_family": "proxy-boundary",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed forwarded-header boundary fixture with clean state."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner performs local forwarded-header trust proof only inside the fixture."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "gitea.proxy-boundary",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/gitea/proxy-boundary",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed forwarded-header boundary fixture with clean state.",
"Runner performs local forwarded-header trust proof only inside the fixture.",
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-69413-20260318035410/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-69413-20260318035410/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-69413-20260318035410/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-69413-20260318035410/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-69413-20260318035410/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-69413-20260318035410/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-69413-20260318035410/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-69413-20260318035410/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2025-69413-20260318035410/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-69413-20260318035410/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-69413-20260318035410/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-69413-20260318035410/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-69413-20260318035410/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2025-69413-20260318035410/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-69413-20260318035410/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-69413-20260318035410/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-69413-20260318035410/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-69413-20260318035410/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-69413-20260318035410/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "gitea-gitea--CVE-2025-68946-20260318035404",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2025-68946",
"repro_profile_id": "gitea-xss",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68946-20260318035404/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "gitea.xss",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68946-20260318035404/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68946-20260318035404/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68946-20260318035404/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68946-20260318035404/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68946-20260318035404/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68946-20260318035404/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68946-20260318035404/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68946-20260318035404/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68946-20260318035404/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68946-20260318035404/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68946-20260318035404/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68946-20260318035404/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68946-20260318035404/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68946-20260318035404/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68946-20260318035404/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68946-20260318035404/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68946-20260318035404/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68946-20260318035404/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68946-20260318035404/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68946-20260318035404/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68946-20260318035404/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68946-20260318035404/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68946-20260318035404/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68946-20260318035404/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68946-20260318035404/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68946-20260318035404/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68946-20260318035404/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68946-20260318035404/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68946-20260318035404/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68946-20260318035404/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68946-20260318035404/logs/proof-page.json"
],
"baseline_title": "Gitea Stored XSS Fixture",
"proof_title": "Gitea Stored XSS Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68946-20260318035404/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68946-20260318035404/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68946-20260318035404/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68946-20260318035404/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:54:04+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2025-68946"
},
{
"at": "2026-03-18T03:54:04+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-xss"
},
{
"at": "2026-03-18T03:54:04+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:54:07+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:54:07+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:54:07+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:54:07+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:54:08+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:54:08+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:54:09+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:54:09+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:54:10+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:54:10+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2025-68946-20260318035404"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "stored payload rendered inside the browser proof page"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:54:04+00:00",
"finished_at": "2026-03-18T03:54:10+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68946-20260318035404",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68946-20260318035404/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68946-20260318035404/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68946-20260318035404/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/gitea-gitea--CVE-2025-68946-20260318035404/report.html",
"report_md": "/runs/gitea-gitea--CVE-2025-68946-20260318035404/report.md",
"timeline": "/runs/gitea-gitea--CVE-2025-68946-20260318035404/timeline.mmd",
"bundle": "/runs/gitea-gitea--CVE-2025-68946-20260318035404/run.json"
},
"browser_links": [
"/runs/gitea-gitea--CVE-2025-68946-20260318035404/assets/baseline.png",
"/runs/gitea-gitea--CVE-2025-68946-20260318035404/assets/baseline-dom.html",
"/runs/gitea-gitea--CVE-2025-68946-20260318035404/logs/baseline-console.json",
"/runs/gitea-gitea--CVE-2025-68946-20260318035404/logs/baseline-network.json",
"/runs/gitea-gitea--CVE-2025-68946-20260318035404/logs/baseline-page.json",
"/runs/gitea-gitea--CVE-2025-68946-20260318035404/assets/proof.png",
"/runs/gitea-gitea--CVE-2025-68946-20260318035404/assets/proof-dom.html",
"/runs/gitea-gitea--CVE-2025-68946-20260318035404/logs/proof-console.json",
"/runs/gitea-gitea--CVE-2025-68946-20260318035404/logs/proof-network.json",
"/runs/gitea-gitea--CVE-2025-68946-20260318035404/logs/proof-page.json"
],
"container_links": [
"/runs/gitea-gitea--CVE-2025-68946-20260318035404/logs/docker/app.log"
],
"request_links": [
"/runs/gitea-gitea--CVE-2025-68946-20260318035404/logs/attack.json",
"/runs/gitea-gitea--CVE-2025-68946-20260318035404/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "gitea-xss",
"vuln_family": "xss",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Browser proof page renders the stored XSS marker after the controlled payload."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed stored content page before browser proof capture."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner stores inert script payload and captures proof page."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "gitea.xss",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/gitea/xss",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed stored content page before browser proof capture.",
"Runner stores inert script payload and captures proof page.",
"Browser proof page renders the stored XSS marker after the controlled payload."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-68946-20260318035404/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68946-20260318035404/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68946-20260318035404/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68946-20260318035404/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-68946-20260318035404/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-68946-20260318035404/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-68946-20260318035404/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-68946-20260318035404/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68946-20260318035404/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68946-20260318035404/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68946-20260318035404/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68946-20260318035404/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68946-20260318035404/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68946-20260318035404/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68946-20260318035404/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68946-20260318035404/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68946-20260318035404/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-68946-20260318035404/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-68946-20260318035404/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "gitea-gitea--CVE-2025-68945-20260318035358",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2025-68945",
"repro_profile_id": "gitea-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68945-20260318035358/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "gitea.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68945-20260318035358/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68945-20260318035358/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68945-20260318035358/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68945-20260318035358/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68945-20260318035358/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68945-20260318035358/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68945-20260318035358/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68945-20260318035358/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68945-20260318035358/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68945-20260318035358/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68945-20260318035358/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68945-20260318035358/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68945-20260318035358/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68945-20260318035358/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68945-20260318035358/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68945-20260318035358/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68945-20260318035358/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68945-20260318035358/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68945-20260318035358/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68945-20260318035358/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68945-20260318035358/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68945-20260318035358/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68945-20260318035358/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68945-20260318035358/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68945-20260318035358/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68945-20260318035358/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68945-20260318035358/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68945-20260318035358/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68945-20260318035358/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68945-20260318035358/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68945-20260318035358/logs/proof-page.json"
],
"baseline_title": "Gitea Proxy Boundary Fixture",
"proof_title": "Gitea Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68945-20260318035358/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68945-20260318035358/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68945-20260318035358/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68945-20260318035358/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:53:58+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2025-68945"
},
{
"at": "2026-03-18T03:53:58+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-proxy-boundary"
},
{
"at": "2026-03-18T03:53:58+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:54:01+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:54:01+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:54:01+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:54:01+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:54:01+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:54:01+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:54:02+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:54:02+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:54:04+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:54:04+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2025-68945-20260318035358"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:53:58+00:00",
"finished_at": "2026-03-18T03:54:04+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68945-20260318035358",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68945-20260318035358/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68945-20260318035358/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68945-20260318035358/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/gitea-gitea--CVE-2025-68945-20260318035358/report.html",
"report_md": "/runs/gitea-gitea--CVE-2025-68945-20260318035358/report.md",
"timeline": "/runs/gitea-gitea--CVE-2025-68945-20260318035358/timeline.mmd",
"bundle": "/runs/gitea-gitea--CVE-2025-68945-20260318035358/run.json"
},
"browser_links": [
"/runs/gitea-gitea--CVE-2025-68945-20260318035358/assets/baseline.png",
"/runs/gitea-gitea--CVE-2025-68945-20260318035358/assets/baseline-dom.html",
"/runs/gitea-gitea--CVE-2025-68945-20260318035358/logs/baseline-console.json",
"/runs/gitea-gitea--CVE-2025-68945-20260318035358/logs/baseline-network.json",
"/runs/gitea-gitea--CVE-2025-68945-20260318035358/logs/baseline-page.json",
"/runs/gitea-gitea--CVE-2025-68945-20260318035358/assets/proof.png",
"/runs/gitea-gitea--CVE-2025-68945-20260318035358/assets/proof-dom.html",
"/runs/gitea-gitea--CVE-2025-68945-20260318035358/logs/proof-console.json",
"/runs/gitea-gitea--CVE-2025-68945-20260318035358/logs/proof-network.json",
"/runs/gitea-gitea--CVE-2025-68945-20260318035358/logs/proof-page.json"
],
"container_links": [
"/runs/gitea-gitea--CVE-2025-68945-20260318035358/logs/docker/app.log"
],
"request_links": [
"/runs/gitea-gitea--CVE-2025-68945-20260318035358/logs/attack.json",
"/runs/gitea-gitea--CVE-2025-68945-20260318035358/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "gitea-proxy-boundary",
"vuln_family": "proxy-boundary",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed forwarded-header boundary fixture with clean state."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner performs local forwarded-header trust proof only inside the fixture."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "gitea.proxy-boundary",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/gitea/proxy-boundary",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed forwarded-header boundary fixture with clean state.",
"Runner performs local forwarded-header trust proof only inside the fixture.",
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-68945-20260318035358/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68945-20260318035358/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68945-20260318035358/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68945-20260318035358/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-68945-20260318035358/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-68945-20260318035358/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-68945-20260318035358/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-68945-20260318035358/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68945-20260318035358/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68945-20260318035358/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68945-20260318035358/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68945-20260318035358/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68945-20260318035358/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68945-20260318035358/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68945-20260318035358/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68945-20260318035358/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68945-20260318035358/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-68945-20260318035358/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-68945-20260318035358/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "gitea-gitea--CVE-2025-68944-20260318035353",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2025-68944",
"repro_profile_id": "gitea-authz-bypass",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68944-20260318035353/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "gitea.authz-bypass",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68944-20260318035353/logs/attack.json"
}
],
"browser_refs": [],
"browser_evidence": {
"required": false,
"present": false,
"refs": [],
"baseline_refs": [],
"proof_refs": [],
"baseline_title": null,
"proof_title": null,
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68944-20260318035353/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68944-20260318035353/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68944-20260318035353/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68944-20260318035353/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:53:53+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2025-68944"
},
{
"at": "2026-03-18T03:53:53+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-authz-bypass"
},
{
"at": "2026-03-18T03:53:53+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:53:56+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:53:56+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:53:56+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:53:56+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:53:56+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:53:56+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:53:57+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:53:57+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2025-68944-20260318035353"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "server-side authorization recheck was bypassed"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:53:53+00:00",
"finished_at": "2026-03-18T03:53:57+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68944-20260318035353",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68944-20260318035353/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68944-20260318035353/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68944-20260318035353/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/gitea-gitea--CVE-2025-68944-20260318035353/report.html",
"report_md": "/runs/gitea-gitea--CVE-2025-68944-20260318035353/report.md",
"timeline": "/runs/gitea-gitea--CVE-2025-68944-20260318035353/timeline.mmd",
"bundle": "/runs/gitea-gitea--CVE-2025-68944-20260318035353/run.json"
},
"browser_links": [],
"container_links": [
"/runs/gitea-gitea--CVE-2025-68944-20260318035353/logs/docker/app.log"
],
"request_links": [
"/runs/gitea-gitea--CVE-2025-68944-20260318035353/logs/attack.json",
"/runs/gitea-gitea--CVE-2025-68944-20260318035353/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "gitea-authz-bypass",
"vuln_family": "authz-bypass",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Controlled guest request reaches the protected admin route inside the fixture."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed low-privilege and admin boundary fixture state."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner verifies guest-to-admin bypass only inside fixture route."
}
],
"browser_assertions": {
"required": false
},
"runner_id": "gitea.authz-bypass",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/gitea/authz-bypass",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed low-privilege and admin boundary fixture state.",
"Runner verifies guest-to-admin bypass only inside fixture route.",
"Controlled guest request reaches the protected admin route inside the fixture."
],
"progress": {
"completed": 10,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-68944-20260318035353/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68944-20260318035353/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68944-20260318035353/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68944-20260318035353/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-68944-20260318035353/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-68944-20260318035353/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-68944-20260318035353/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-68944-20260318035353/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-68944-20260318035353/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "gitea-gitea--CVE-2025-68943-20260318035347",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2025-68943",
"repro_profile_id": "gitea-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68943-20260318035347/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "gitea.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68943-20260318035347/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68943-20260318035347/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68943-20260318035347/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68943-20260318035347/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68943-20260318035347/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68943-20260318035347/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68943-20260318035347/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68943-20260318035347/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68943-20260318035347/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68943-20260318035347/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68943-20260318035347/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68943-20260318035347/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68943-20260318035347/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68943-20260318035347/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68943-20260318035347/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68943-20260318035347/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68943-20260318035347/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68943-20260318035347/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68943-20260318035347/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68943-20260318035347/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68943-20260318035347/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68943-20260318035347/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68943-20260318035347/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68943-20260318035347/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68943-20260318035347/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68943-20260318035347/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68943-20260318035347/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68943-20260318035347/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68943-20260318035347/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68943-20260318035347/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68943-20260318035347/logs/proof-page.json"
],
"baseline_title": "Gitea Proxy Boundary Fixture",
"proof_title": "Gitea Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68943-20260318035347/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68943-20260318035347/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68943-20260318035347/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68943-20260318035347/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:53:47+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2025-68943"
},
{
"at": "2026-03-18T03:53:47+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-proxy-boundary"
},
{
"at": "2026-03-18T03:53:47+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:53:50+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:53:50+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:53:50+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:53:50+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:53:51+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:53:51+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:53:52+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:53:52+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:53:53+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:53:53+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2025-68943-20260318035347"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:53:47+00:00",
"finished_at": "2026-03-18T03:53:53+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68943-20260318035347",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68943-20260318035347/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68943-20260318035347/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68943-20260318035347/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/gitea-gitea--CVE-2025-68943-20260318035347/report.html",
"report_md": "/runs/gitea-gitea--CVE-2025-68943-20260318035347/report.md",
"timeline": "/runs/gitea-gitea--CVE-2025-68943-20260318035347/timeline.mmd",
"bundle": "/runs/gitea-gitea--CVE-2025-68943-20260318035347/run.json"
},
"browser_links": [
"/runs/gitea-gitea--CVE-2025-68943-20260318035347/assets/baseline.png",
"/runs/gitea-gitea--CVE-2025-68943-20260318035347/assets/baseline-dom.html",
"/runs/gitea-gitea--CVE-2025-68943-20260318035347/logs/baseline-console.json",
"/runs/gitea-gitea--CVE-2025-68943-20260318035347/logs/baseline-network.json",
"/runs/gitea-gitea--CVE-2025-68943-20260318035347/logs/baseline-page.json",
"/runs/gitea-gitea--CVE-2025-68943-20260318035347/assets/proof.png",
"/runs/gitea-gitea--CVE-2025-68943-20260318035347/assets/proof-dom.html",
"/runs/gitea-gitea--CVE-2025-68943-20260318035347/logs/proof-console.json",
"/runs/gitea-gitea--CVE-2025-68943-20260318035347/logs/proof-network.json",
"/runs/gitea-gitea--CVE-2025-68943-20260318035347/logs/proof-page.json"
],
"container_links": [
"/runs/gitea-gitea--CVE-2025-68943-20260318035347/logs/docker/app.log"
],
"request_links": [
"/runs/gitea-gitea--CVE-2025-68943-20260318035347/logs/attack.json",
"/runs/gitea-gitea--CVE-2025-68943-20260318035347/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "gitea-proxy-boundary",
"vuln_family": "proxy-boundary",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed forwarded-header boundary fixture with clean state."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner performs local forwarded-header trust proof only inside the fixture."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "gitea.proxy-boundary",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/gitea/proxy-boundary",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed forwarded-header boundary fixture with clean state.",
"Runner performs local forwarded-header trust proof only inside the fixture.",
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-68943-20260318035347/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68943-20260318035347/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68943-20260318035347/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68943-20260318035347/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-68943-20260318035347/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-68943-20260318035347/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-68943-20260318035347/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-68943-20260318035347/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68943-20260318035347/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68943-20260318035347/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68943-20260318035347/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68943-20260318035347/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68943-20260318035347/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68943-20260318035347/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68943-20260318035347/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68943-20260318035347/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68943-20260318035347/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-68943-20260318035347/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-68943-20260318035347/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "gitea-gitea--CVE-2025-68942-20260318035340",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2025-68942",
"repro_profile_id": "gitea-xss",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68942-20260318035340/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "gitea.xss",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68942-20260318035340/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68942-20260318035340/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68942-20260318035340/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68942-20260318035340/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68942-20260318035340/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68942-20260318035340/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68942-20260318035340/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68942-20260318035340/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68942-20260318035340/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68942-20260318035340/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68942-20260318035340/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68942-20260318035340/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68942-20260318035340/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68942-20260318035340/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68942-20260318035340/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68942-20260318035340/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68942-20260318035340/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68942-20260318035340/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68942-20260318035340/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68942-20260318035340/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68942-20260318035340/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68942-20260318035340/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68942-20260318035340/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68942-20260318035340/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68942-20260318035340/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68942-20260318035340/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68942-20260318035340/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68942-20260318035340/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68942-20260318035340/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68942-20260318035340/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68942-20260318035340/logs/proof-page.json"
],
"baseline_title": "Gitea Stored XSS Fixture",
"proof_title": "Gitea Stored XSS Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68942-20260318035340/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68942-20260318035340/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68942-20260318035340/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68942-20260318035340/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:53:40+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2025-68942"
},
{
"at": "2026-03-18T03:53:40+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-xss"
},
{
"at": "2026-03-18T03:53:41+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:53:44+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:53:44+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:53:44+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:53:44+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:53:44+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:53:44+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:53:45+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:53:45+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:53:47+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:53:47+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2025-68942-20260318035340"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "stored payload rendered inside the browser proof page"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:53:40+00:00",
"finished_at": "2026-03-18T03:53:47+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68942-20260318035340",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68942-20260318035340/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68942-20260318035340/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68942-20260318035340/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/gitea-gitea--CVE-2025-68942-20260318035340/report.html",
"report_md": "/runs/gitea-gitea--CVE-2025-68942-20260318035340/report.md",
"timeline": "/runs/gitea-gitea--CVE-2025-68942-20260318035340/timeline.mmd",
"bundle": "/runs/gitea-gitea--CVE-2025-68942-20260318035340/run.json"
},
"browser_links": [
"/runs/gitea-gitea--CVE-2025-68942-20260318035340/assets/baseline.png",
"/runs/gitea-gitea--CVE-2025-68942-20260318035340/assets/baseline-dom.html",
"/runs/gitea-gitea--CVE-2025-68942-20260318035340/logs/baseline-console.json",
"/runs/gitea-gitea--CVE-2025-68942-20260318035340/logs/baseline-network.json",
"/runs/gitea-gitea--CVE-2025-68942-20260318035340/logs/baseline-page.json",
"/runs/gitea-gitea--CVE-2025-68942-20260318035340/assets/proof.png",
"/runs/gitea-gitea--CVE-2025-68942-20260318035340/assets/proof-dom.html",
"/runs/gitea-gitea--CVE-2025-68942-20260318035340/logs/proof-console.json",
"/runs/gitea-gitea--CVE-2025-68942-20260318035340/logs/proof-network.json",
"/runs/gitea-gitea--CVE-2025-68942-20260318035340/logs/proof-page.json"
],
"container_links": [
"/runs/gitea-gitea--CVE-2025-68942-20260318035340/logs/docker/app.log"
],
"request_links": [
"/runs/gitea-gitea--CVE-2025-68942-20260318035340/logs/attack.json",
"/runs/gitea-gitea--CVE-2025-68942-20260318035340/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "gitea-xss",
"vuln_family": "xss",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Browser proof page renders the stored XSS marker after the controlled payload."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed stored content page before browser proof capture."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner stores inert script payload and captures proof page."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "gitea.xss",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/gitea/xss",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed stored content page before browser proof capture.",
"Runner stores inert script payload and captures proof page.",
"Browser proof page renders the stored XSS marker after the controlled payload."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-68942-20260318035340/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68942-20260318035340/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68942-20260318035340/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68942-20260318035340/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-68942-20260318035340/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-68942-20260318035340/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-68942-20260318035340/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-68942-20260318035340/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68942-20260318035340/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68942-20260318035340/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68942-20260318035340/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68942-20260318035340/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68942-20260318035340/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68942-20260318035340/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68942-20260318035340/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68942-20260318035340/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68942-20260318035340/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-68942-20260318035340/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-68942-20260318035340/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "gitea-gitea--CVE-2025-68941-20260318035334",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2025-68941",
"repro_profile_id": "gitea-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68941-20260318035334/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "gitea.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68941-20260318035334/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68941-20260318035334/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68941-20260318035334/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68941-20260318035334/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68941-20260318035334/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68941-20260318035334/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68941-20260318035334/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68941-20260318035334/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68941-20260318035334/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68941-20260318035334/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68941-20260318035334/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68941-20260318035334/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68941-20260318035334/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68941-20260318035334/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68941-20260318035334/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68941-20260318035334/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68941-20260318035334/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68941-20260318035334/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68941-20260318035334/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68941-20260318035334/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68941-20260318035334/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68941-20260318035334/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68941-20260318035334/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68941-20260318035334/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68941-20260318035334/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68941-20260318035334/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68941-20260318035334/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68941-20260318035334/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68941-20260318035334/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68941-20260318035334/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68941-20260318035334/logs/proof-page.json"
],
"baseline_title": "Gitea Proxy Boundary Fixture",
"proof_title": "Gitea Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68941-20260318035334/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68941-20260318035334/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68941-20260318035334/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68941-20260318035334/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:53:34+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2025-68941"
},
{
"at": "2026-03-18T03:53:34+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-proxy-boundary"
},
{
"at": "2026-03-18T03:53:34+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:53:37+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:53:37+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:53:37+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:53:37+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:53:38+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:53:38+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:53:39+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:53:39+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:53:40+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:53:40+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2025-68941-20260318035334"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:53:34+00:00",
"finished_at": "2026-03-18T03:53:40+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68941-20260318035334",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68941-20260318035334/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68941-20260318035334/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68941-20260318035334/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/gitea-gitea--CVE-2025-68941-20260318035334/report.html",
"report_md": "/runs/gitea-gitea--CVE-2025-68941-20260318035334/report.md",
"timeline": "/runs/gitea-gitea--CVE-2025-68941-20260318035334/timeline.mmd",
"bundle": "/runs/gitea-gitea--CVE-2025-68941-20260318035334/run.json"
},
"browser_links": [
"/runs/gitea-gitea--CVE-2025-68941-20260318035334/assets/baseline.png",
"/runs/gitea-gitea--CVE-2025-68941-20260318035334/assets/baseline-dom.html",
"/runs/gitea-gitea--CVE-2025-68941-20260318035334/logs/baseline-console.json",
"/runs/gitea-gitea--CVE-2025-68941-20260318035334/logs/baseline-network.json",
"/runs/gitea-gitea--CVE-2025-68941-20260318035334/logs/baseline-page.json",
"/runs/gitea-gitea--CVE-2025-68941-20260318035334/assets/proof.png",
"/runs/gitea-gitea--CVE-2025-68941-20260318035334/assets/proof-dom.html",
"/runs/gitea-gitea--CVE-2025-68941-20260318035334/logs/proof-console.json",
"/runs/gitea-gitea--CVE-2025-68941-20260318035334/logs/proof-network.json",
"/runs/gitea-gitea--CVE-2025-68941-20260318035334/logs/proof-page.json"
],
"container_links": [
"/runs/gitea-gitea--CVE-2025-68941-20260318035334/logs/docker/app.log"
],
"request_links": [
"/runs/gitea-gitea--CVE-2025-68941-20260318035334/logs/attack.json",
"/runs/gitea-gitea--CVE-2025-68941-20260318035334/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "gitea-proxy-boundary",
"vuln_family": "proxy-boundary",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed forwarded-header boundary fixture with clean state."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner performs local forwarded-header trust proof only inside the fixture."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "gitea.proxy-boundary",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/gitea/proxy-boundary",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed forwarded-header boundary fixture with clean state.",
"Runner performs local forwarded-header trust proof only inside the fixture.",
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-68941-20260318035334/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68941-20260318035334/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68941-20260318035334/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68941-20260318035334/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-68941-20260318035334/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-68941-20260318035334/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-68941-20260318035334/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-68941-20260318035334/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68941-20260318035334/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68941-20260318035334/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68941-20260318035334/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68941-20260318035334/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68941-20260318035334/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68941-20260318035334/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68941-20260318035334/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68941-20260318035334/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68941-20260318035334/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-68941-20260318035334/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-68941-20260318035334/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "gitea-gitea--CVE-2025-68940-20260318035330",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2025-68940",
"repro_profile_id": "gitea-authz-bypass",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318035330/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "gitea.authz-bypass",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318035330/logs/attack.json"
}
],
"browser_refs": [],
"browser_evidence": {
"required": false,
"present": false,
"refs": [],
"baseline_refs": [],
"proof_refs": [],
"baseline_title": null,
"proof_title": null,
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318035330/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318035330/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318035330/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318035330/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:53:30+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2025-68940"
},
{
"at": "2026-03-18T03:53:30+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-authz-bypass"
},
{
"at": "2026-03-18T03:53:30+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:53:32+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:53:32+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:53:32+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:53:32+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:53:32+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:53:33+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:53:34+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:53:34+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2025-68940-20260318035330"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "server-side authorization recheck was bypassed"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:53:30+00:00",
"finished_at": "2026-03-18T03:53:34+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318035330",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318035330/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318035330/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318035330/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/gitea-gitea--CVE-2025-68940-20260318035330/report.html",
"report_md": "/runs/gitea-gitea--CVE-2025-68940-20260318035330/report.md",
"timeline": "/runs/gitea-gitea--CVE-2025-68940-20260318035330/timeline.mmd",
"bundle": "/runs/gitea-gitea--CVE-2025-68940-20260318035330/run.json"
},
"browser_links": [],
"container_links": [
"/runs/gitea-gitea--CVE-2025-68940-20260318035330/logs/docker/app.log"
],
"request_links": [
"/runs/gitea-gitea--CVE-2025-68940-20260318035330/logs/attack.json",
"/runs/gitea-gitea--CVE-2025-68940-20260318035330/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "gitea-authz-bypass",
"vuln_family": "authz-bypass",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Controlled guest request reaches the protected admin route inside the fixture."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed low-privilege and admin boundary fixture state."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner verifies guest-to-admin bypass only inside fixture route."
}
],
"browser_assertions": {
"required": false
},
"runner_id": "gitea.authz-bypass",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/gitea/authz-bypass",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed low-privilege and admin boundary fixture state.",
"Runner verifies guest-to-admin bypass only inside fixture route.",
"Controlled guest request reaches the protected admin route inside the fixture."
],
"progress": {
"completed": 10,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-68940-20260318035330/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68940-20260318035330/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68940-20260318035330/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68940-20260318035330/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-68940-20260318035330/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-68940-20260318035330/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-68940-20260318035330/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-68940-20260318035330/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-68940-20260318035330/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "gitea-gitea--CVE-2025-68939-20260318035323",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2025-68939",
"repro_profile_id": "gitea-file-upload",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260318035323/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "gitea.file-upload",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260318035323/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260318035323/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260318035323/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260318035323/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260318035323/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260318035323/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260318035323/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260318035323/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260318035323/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260318035323/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260318035323/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260318035323/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260318035323/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260318035323/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260318035323/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260318035323/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260318035323/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260318035323/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260318035323/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260318035323/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260318035323/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260318035323/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260318035323/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260318035323/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260318035323/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260318035323/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260318035323/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260318035323/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260318035323/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260318035323/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260318035323/logs/proof-page.json"
],
"baseline_title": "Gitea File Upload Fixture",
"proof_title": "Gitea File Upload Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260318035323/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260318035323/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260318035323/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260318035323/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:53:23+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2025-68939"
},
{
"at": "2026-03-18T03:53:23+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-file-upload"
},
{
"at": "2026-03-18T03:53:24+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:53:26+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:53:26+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:53:26+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:53:26+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:53:27+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:53:27+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:53:28+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:53:28+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:53:29+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:53:29+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2025-68939-20260318035323"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "upload marker accepted and listed"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:53:23+00:00",
"finished_at": "2026-03-18T03:53:29+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260318035323",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260318035323/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260318035323/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260318035323/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/gitea-gitea--CVE-2025-68939-20260318035323/report.html",
"report_md": "/runs/gitea-gitea--CVE-2025-68939-20260318035323/report.md",
"timeline": "/runs/gitea-gitea--CVE-2025-68939-20260318035323/timeline.mmd",
"bundle": "/runs/gitea-gitea--CVE-2025-68939-20260318035323/run.json"
},
"browser_links": [
"/runs/gitea-gitea--CVE-2025-68939-20260318035323/assets/baseline.png",
"/runs/gitea-gitea--CVE-2025-68939-20260318035323/assets/baseline-dom.html",
"/runs/gitea-gitea--CVE-2025-68939-20260318035323/logs/baseline-console.json",
"/runs/gitea-gitea--CVE-2025-68939-20260318035323/logs/baseline-network.json",
"/runs/gitea-gitea--CVE-2025-68939-20260318035323/logs/baseline-page.json",
"/runs/gitea-gitea--CVE-2025-68939-20260318035323/assets/proof.png",
"/runs/gitea-gitea--CVE-2025-68939-20260318035323/assets/proof-dom.html",
"/runs/gitea-gitea--CVE-2025-68939-20260318035323/logs/proof-console.json",
"/runs/gitea-gitea--CVE-2025-68939-20260318035323/logs/proof-network.json",
"/runs/gitea-gitea--CVE-2025-68939-20260318035323/logs/proof-page.json"
],
"container_links": [
"/runs/gitea-gitea--CVE-2025-68939-20260318035323/logs/docker/app.log"
],
"request_links": [
"/runs/gitea-gitea--CVE-2025-68939-20260318035323/logs/attack.json",
"/runs/gitea-gitea--CVE-2025-68939-20260318035323/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "gitea-file-upload",
"vuln_family": "file-upload",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Inert upload marker is accepted and listed on the proof page."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed empty attachment list for upload proof."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner uploads inert text marker only."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "gitea.file-upload",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/gitea/file-upload",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed empty attachment list for upload proof.",
"Runner uploads inert text marker only.",
"Inert upload marker is accepted and listed on the proof page."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-68939-20260318035323/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68939-20260318035323/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68939-20260318035323/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68939-20260318035323/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-68939-20260318035323/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-68939-20260318035323/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-68939-20260318035323/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-68939-20260318035323/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68939-20260318035323/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68939-20260318035323/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68939-20260318035323/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68939-20260318035323/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68939-20260318035323/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68939-20260318035323/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68939-20260318035323/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68939-20260318035323/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68939-20260318035323/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-68939-20260318035323/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-68939-20260318035323/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "gitea-gitea--CVE-2025-68938-20260318035317",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2025-68938",
"repro_profile_id": "gitea-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68938-20260318035317/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "gitea.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68938-20260318035317/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68938-20260318035317/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68938-20260318035317/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68938-20260318035317/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68938-20260318035317/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68938-20260318035317/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68938-20260318035317/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68938-20260318035317/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68938-20260318035317/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68938-20260318035317/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68938-20260318035317/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68938-20260318035317/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68938-20260318035317/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68938-20260318035317/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68938-20260318035317/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68938-20260318035317/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68938-20260318035317/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68938-20260318035317/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68938-20260318035317/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68938-20260318035317/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68938-20260318035317/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68938-20260318035317/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68938-20260318035317/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68938-20260318035317/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68938-20260318035317/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68938-20260318035317/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68938-20260318035317/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68938-20260318035317/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68938-20260318035317/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68938-20260318035317/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68938-20260318035317/logs/proof-page.json"
],
"baseline_title": "Gitea Proxy Boundary Fixture",
"proof_title": "Gitea Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68938-20260318035317/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68938-20260318035317/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68938-20260318035317/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68938-20260318035317/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:53:17+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2025-68938"
},
{
"at": "2026-03-18T03:53:17+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-proxy-boundary"
},
{
"at": "2026-03-18T03:53:17+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:53:20+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:53:20+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:53:20+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:53:20+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:53:21+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:53:21+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:53:22+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:53:22+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:53:23+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:53:23+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2025-68938-20260318035317"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:53:17+00:00",
"finished_at": "2026-03-18T03:53:23+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68938-20260318035317",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68938-20260318035317/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68938-20260318035317/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68938-20260318035317/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/gitea-gitea--CVE-2025-68938-20260318035317/report.html",
"report_md": "/runs/gitea-gitea--CVE-2025-68938-20260318035317/report.md",
"timeline": "/runs/gitea-gitea--CVE-2025-68938-20260318035317/timeline.mmd",
"bundle": "/runs/gitea-gitea--CVE-2025-68938-20260318035317/run.json"
},
"browser_links": [
"/runs/gitea-gitea--CVE-2025-68938-20260318035317/assets/baseline.png",
"/runs/gitea-gitea--CVE-2025-68938-20260318035317/assets/baseline-dom.html",
"/runs/gitea-gitea--CVE-2025-68938-20260318035317/logs/baseline-console.json",
"/runs/gitea-gitea--CVE-2025-68938-20260318035317/logs/baseline-network.json",
"/runs/gitea-gitea--CVE-2025-68938-20260318035317/logs/baseline-page.json",
"/runs/gitea-gitea--CVE-2025-68938-20260318035317/assets/proof.png",
"/runs/gitea-gitea--CVE-2025-68938-20260318035317/assets/proof-dom.html",
"/runs/gitea-gitea--CVE-2025-68938-20260318035317/logs/proof-console.json",
"/runs/gitea-gitea--CVE-2025-68938-20260318035317/logs/proof-network.json",
"/runs/gitea-gitea--CVE-2025-68938-20260318035317/logs/proof-page.json"
],
"container_links": [
"/runs/gitea-gitea--CVE-2025-68938-20260318035317/logs/docker/app.log"
],
"request_links": [
"/runs/gitea-gitea--CVE-2025-68938-20260318035317/logs/attack.json",
"/runs/gitea-gitea--CVE-2025-68938-20260318035317/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "gitea-proxy-boundary",
"vuln_family": "proxy-boundary",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed forwarded-header boundary fixture with clean state."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner performs local forwarded-header trust proof only inside the fixture."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "gitea.proxy-boundary",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/gitea/proxy-boundary",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed forwarded-header boundary fixture with clean state.",
"Runner performs local forwarded-header trust proof only inside the fixture.",
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-68938-20260318035317/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68938-20260318035317/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68938-20260318035317/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68938-20260318035317/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-68938-20260318035317/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-68938-20260318035317/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-68938-20260318035317/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-68938-20260318035317/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68938-20260318035317/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68938-20260318035317/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68938-20260318035317/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68938-20260318035317/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68938-20260318035317/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68938-20260318035317/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68938-20260318035317/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68938-20260318035317/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2025-68938-20260318035317/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-68938-20260318035317/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2025-68938-20260318035317/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "gitea-gitea--CVE-2022-42968-20260318035311",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2022-42968",
"repro_profile_id": "gitea-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-42968-20260318035311/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "gitea.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-42968-20260318035311/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-42968-20260318035311/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-42968-20260318035311/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-42968-20260318035311/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-42968-20260318035311/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-42968-20260318035311/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-42968-20260318035311/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-42968-20260318035311/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-42968-20260318035311/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-42968-20260318035311/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-42968-20260318035311/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-42968-20260318035311/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-42968-20260318035311/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-42968-20260318035311/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-42968-20260318035311/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-42968-20260318035311/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-42968-20260318035311/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-42968-20260318035311/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-42968-20260318035311/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-42968-20260318035311/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-42968-20260318035311/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-42968-20260318035311/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-42968-20260318035311/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-42968-20260318035311/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-42968-20260318035311/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-42968-20260318035311/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-42968-20260318035311/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-42968-20260318035311/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-42968-20260318035311/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-42968-20260318035311/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-42968-20260318035311/logs/proof-page.json"
],
"baseline_title": "Gitea Proxy Boundary Fixture",
"proof_title": "Gitea Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-42968-20260318035311/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-42968-20260318035311/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-42968-20260318035311/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-42968-20260318035311/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:53:11+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2022-42968"
},
{
"at": "2026-03-18T03:53:11+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-proxy-boundary"
},
{
"at": "2026-03-18T03:53:11+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:53:14+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:53:14+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:53:14+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:53:14+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:53:15+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:53:15+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:53:15+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:53:15+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:53:17+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:53:17+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2022-42968-20260318035311"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:53:11+00:00",
"finished_at": "2026-03-18T03:53:17+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-42968-20260318035311",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-42968-20260318035311/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-42968-20260318035311/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-42968-20260318035311/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/gitea-gitea--CVE-2022-42968-20260318035311/report.html",
"report_md": "/runs/gitea-gitea--CVE-2022-42968-20260318035311/report.md",
"timeline": "/runs/gitea-gitea--CVE-2022-42968-20260318035311/timeline.mmd",
"bundle": "/runs/gitea-gitea--CVE-2022-42968-20260318035311/run.json"
},
"browser_links": [
"/runs/gitea-gitea--CVE-2022-42968-20260318035311/assets/baseline.png",
"/runs/gitea-gitea--CVE-2022-42968-20260318035311/assets/baseline-dom.html",
"/runs/gitea-gitea--CVE-2022-42968-20260318035311/logs/baseline-console.json",
"/runs/gitea-gitea--CVE-2022-42968-20260318035311/logs/baseline-network.json",
"/runs/gitea-gitea--CVE-2022-42968-20260318035311/logs/baseline-page.json",
"/runs/gitea-gitea--CVE-2022-42968-20260318035311/assets/proof.png",
"/runs/gitea-gitea--CVE-2022-42968-20260318035311/assets/proof-dom.html",
"/runs/gitea-gitea--CVE-2022-42968-20260318035311/logs/proof-console.json",
"/runs/gitea-gitea--CVE-2022-42968-20260318035311/logs/proof-network.json",
"/runs/gitea-gitea--CVE-2022-42968-20260318035311/logs/proof-page.json"
],
"container_links": [
"/runs/gitea-gitea--CVE-2022-42968-20260318035311/logs/docker/app.log"
],
"request_links": [
"/runs/gitea-gitea--CVE-2022-42968-20260318035311/logs/attack.json",
"/runs/gitea-gitea--CVE-2022-42968-20260318035311/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "gitea-proxy-boundary",
"vuln_family": "proxy-boundary",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed forwarded-header boundary fixture with clean state."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner performs local forwarded-header trust proof only inside the fixture."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "gitea.proxy-boundary",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/gitea/proxy-boundary",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed forwarded-header boundary fixture with clean state.",
"Runner performs local forwarded-header trust proof only inside the fixture.",
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-42968-20260318035311/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-42968-20260318035311/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-42968-20260318035311/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-42968-20260318035311/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-42968-20260318035311/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-42968-20260318035311/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-42968-20260318035311/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-42968-20260318035311/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2022-42968-20260318035311/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-42968-20260318035311/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-42968-20260318035311/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-42968-20260318035311/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-42968-20260318035311/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2022-42968-20260318035311/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-42968-20260318035311/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-42968-20260318035311/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-42968-20260318035311/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-42968-20260318035311/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-42968-20260318035311/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "gitea-gitea--CVE-2022-38795-20260318035304",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2022-38795",
"repro_profile_id": "gitea-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "gitea.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/logs/proof-page.json"
],
"baseline_title": "Gitea Proxy Boundary Fixture",
"proof_title": "Gitea Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:53:04+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2022-38795"
},
{
"at": "2026-03-18T03:53:04+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-proxy-boundary"
},
{
"at": "2026-03-18T03:53:05+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:53:07+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:53:07+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:53:07+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:53:07+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:53:08+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:53:08+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:53:09+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:53:09+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:53:11+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:53:11+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2022-38795-20260318035304"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:53:04+00:00",
"finished_at": "2026-03-18T03:53:11+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035304/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/gitea-gitea--CVE-2022-38795-20260318035304/report.html",
"report_md": "/runs/gitea-gitea--CVE-2022-38795-20260318035304/report.md",
"timeline": "/runs/gitea-gitea--CVE-2022-38795-20260318035304/timeline.mmd",
"bundle": "/runs/gitea-gitea--CVE-2022-38795-20260318035304/run.json"
},
"browser_links": [
"/runs/gitea-gitea--CVE-2022-38795-20260318035304/assets/baseline.png",
"/runs/gitea-gitea--CVE-2022-38795-20260318035304/assets/baseline-dom.html",
"/runs/gitea-gitea--CVE-2022-38795-20260318035304/logs/baseline-console.json",
"/runs/gitea-gitea--CVE-2022-38795-20260318035304/logs/baseline-network.json",
"/runs/gitea-gitea--CVE-2022-38795-20260318035304/logs/baseline-page.json",
"/runs/gitea-gitea--CVE-2022-38795-20260318035304/assets/proof.png",
"/runs/gitea-gitea--CVE-2022-38795-20260318035304/assets/proof-dom.html",
"/runs/gitea-gitea--CVE-2022-38795-20260318035304/logs/proof-console.json",
"/runs/gitea-gitea--CVE-2022-38795-20260318035304/logs/proof-network.json",
"/runs/gitea-gitea--CVE-2022-38795-20260318035304/logs/proof-page.json"
],
"container_links": [
"/runs/gitea-gitea--CVE-2022-38795-20260318035304/logs/docker/app.log"
],
"request_links": [
"/runs/gitea-gitea--CVE-2022-38795-20260318035304/logs/attack.json",
"/runs/gitea-gitea--CVE-2022-38795-20260318035304/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "gitea-proxy-boundary",
"vuln_family": "proxy-boundary",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed forwarded-header boundary fixture with clean state."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner performs local forwarded-header trust proof only inside the fixture."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "gitea.proxy-boundary",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/gitea/proxy-boundary",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed forwarded-header boundary fixture with clean state.",
"Runner performs local forwarded-header trust proof only inside the fixture.",
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-38795-20260318035304/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-38795-20260318035304/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-38795-20260318035304/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-38795-20260318035304/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-38795-20260318035304/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-38795-20260318035304/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-38795-20260318035304/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-38795-20260318035304/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2022-38795-20260318035304/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-38795-20260318035304/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-38795-20260318035304/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-38795-20260318035304/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-38795-20260318035304/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2022-38795-20260318035304/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-38795-20260318035304/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-38795-20260318035304/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-38795-20260318035304/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-38795-20260318035304/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-38795-20260318035304/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "gitea-gitea--CVE-2022-38183-20260318035258",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2022-38183",
"repro_profile_id": "gitea-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "gitea.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/logs/proof-page.json"
],
"baseline_title": "Gitea Proxy Boundary Fixture",
"proof_title": "Gitea Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:52:58+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2022-38183"
},
{
"at": "2026-03-18T03:52:58+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-proxy-boundary"
},
{
"at": "2026-03-18T03:52:58+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:53:01+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:53:01+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:53:01+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:53:01+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:53:02+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:53:02+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:53:03+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:53:03+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:53:04+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:53:04+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2022-38183-20260318035258"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:52:58+00:00",
"finished_at": "2026-03-18T03:53:04+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035258/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/gitea-gitea--CVE-2022-38183-20260318035258/report.html",
"report_md": "/runs/gitea-gitea--CVE-2022-38183-20260318035258/report.md",
"timeline": "/runs/gitea-gitea--CVE-2022-38183-20260318035258/timeline.mmd",
"bundle": "/runs/gitea-gitea--CVE-2022-38183-20260318035258/run.json"
},
"browser_links": [
"/runs/gitea-gitea--CVE-2022-38183-20260318035258/assets/baseline.png",
"/runs/gitea-gitea--CVE-2022-38183-20260318035258/assets/baseline-dom.html",
"/runs/gitea-gitea--CVE-2022-38183-20260318035258/logs/baseline-console.json",
"/runs/gitea-gitea--CVE-2022-38183-20260318035258/logs/baseline-network.json",
"/runs/gitea-gitea--CVE-2022-38183-20260318035258/logs/baseline-page.json",
"/runs/gitea-gitea--CVE-2022-38183-20260318035258/assets/proof.png",
"/runs/gitea-gitea--CVE-2022-38183-20260318035258/assets/proof-dom.html",
"/runs/gitea-gitea--CVE-2022-38183-20260318035258/logs/proof-console.json",
"/runs/gitea-gitea--CVE-2022-38183-20260318035258/logs/proof-network.json",
"/runs/gitea-gitea--CVE-2022-38183-20260318035258/logs/proof-page.json"
],
"container_links": [
"/runs/gitea-gitea--CVE-2022-38183-20260318035258/logs/docker/app.log"
],
"request_links": [
"/runs/gitea-gitea--CVE-2022-38183-20260318035258/logs/attack.json",
"/runs/gitea-gitea--CVE-2022-38183-20260318035258/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "gitea-proxy-boundary",
"vuln_family": "proxy-boundary",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed forwarded-header boundary fixture with clean state."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner performs local forwarded-header trust proof only inside the fixture."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "gitea.proxy-boundary",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/gitea/proxy-boundary",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed forwarded-header boundary fixture with clean state.",
"Runner performs local forwarded-header trust proof only inside the fixture.",
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-38183-20260318035258/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-38183-20260318035258/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-38183-20260318035258/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-38183-20260318035258/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-38183-20260318035258/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-38183-20260318035258/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-38183-20260318035258/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-38183-20260318035258/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2022-38183-20260318035258/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-38183-20260318035258/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-38183-20260318035258/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-38183-20260318035258/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-38183-20260318035258/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2022-38183-20260318035258/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-38183-20260318035258/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-38183-20260318035258/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-38183-20260318035258/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-38183-20260318035258/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-38183-20260318035258/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "gitea-gitea--CVE-2022-30781-20260318035252",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2022-30781",
"repro_profile_id": "gitea-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "gitea.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/logs/proof-page.json"
],
"baseline_title": "Gitea Proxy Boundary Fixture",
"proof_title": "Gitea Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:52:52+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2022-30781"
},
{
"at": "2026-03-18T03:52:52+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-proxy-boundary"
},
{
"at": "2026-03-18T03:52:52+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:52:55+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:52:55+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:52:55+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:52:55+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:52:56+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:52:56+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:52:56+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:52:57+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:52:58+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:52:58+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2022-30781-20260318035252"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:52:52+00:00",
"finished_at": "2026-03-18T03:52:58+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035252/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/gitea-gitea--CVE-2022-30781-20260318035252/report.html",
"report_md": "/runs/gitea-gitea--CVE-2022-30781-20260318035252/report.md",
"timeline": "/runs/gitea-gitea--CVE-2022-30781-20260318035252/timeline.mmd",
"bundle": "/runs/gitea-gitea--CVE-2022-30781-20260318035252/run.json"
},
"browser_links": [
"/runs/gitea-gitea--CVE-2022-30781-20260318035252/assets/baseline.png",
"/runs/gitea-gitea--CVE-2022-30781-20260318035252/assets/baseline-dom.html",
"/runs/gitea-gitea--CVE-2022-30781-20260318035252/logs/baseline-console.json",
"/runs/gitea-gitea--CVE-2022-30781-20260318035252/logs/baseline-network.json",
"/runs/gitea-gitea--CVE-2022-30781-20260318035252/logs/baseline-page.json",
"/runs/gitea-gitea--CVE-2022-30781-20260318035252/assets/proof.png",
"/runs/gitea-gitea--CVE-2022-30781-20260318035252/assets/proof-dom.html",
"/runs/gitea-gitea--CVE-2022-30781-20260318035252/logs/proof-console.json",
"/runs/gitea-gitea--CVE-2022-30781-20260318035252/logs/proof-network.json",
"/runs/gitea-gitea--CVE-2022-30781-20260318035252/logs/proof-page.json"
],
"container_links": [
"/runs/gitea-gitea--CVE-2022-30781-20260318035252/logs/docker/app.log"
],
"request_links": [
"/runs/gitea-gitea--CVE-2022-30781-20260318035252/logs/attack.json",
"/runs/gitea-gitea--CVE-2022-30781-20260318035252/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "gitea-proxy-boundary",
"vuln_family": "proxy-boundary",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed forwarded-header boundary fixture with clean state."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner performs local forwarded-header trust proof only inside the fixture."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "gitea.proxy-boundary",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/gitea/proxy-boundary",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed forwarded-header boundary fixture with clean state.",
"Runner performs local forwarded-header trust proof only inside the fixture.",
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-30781-20260318035252/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-30781-20260318035252/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-30781-20260318035252/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-30781-20260318035252/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-30781-20260318035252/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-30781-20260318035252/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-30781-20260318035252/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-30781-20260318035252/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2022-30781-20260318035252/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-30781-20260318035252/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-30781-20260318035252/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-30781-20260318035252/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-30781-20260318035252/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2022-30781-20260318035252/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-30781-20260318035252/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-30781-20260318035252/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-30781-20260318035252/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-30781-20260318035252/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-30781-20260318035252/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "gitea-gitea--CVE-2022-27313-20260318035245",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2022-27313",
"repro_profile_id": "gitea-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "gitea.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/logs/proof-page.json"
],
"baseline_title": "Gitea Proxy Boundary Fixture",
"proof_title": "Gitea Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:52:45+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2022-27313"
},
{
"at": "2026-03-18T03:52:45+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-proxy-boundary"
},
{
"at": "2026-03-18T03:52:46+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:52:49+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:52:49+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:52:49+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:52:49+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:52:49+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:52:49+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:52:50+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:52:50+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:52:52+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:52:52+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2022-27313-20260318035245"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:52:45+00:00",
"finished_at": "2026-03-18T03:52:52+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035245/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/gitea-gitea--CVE-2022-27313-20260318035245/report.html",
"report_md": "/runs/gitea-gitea--CVE-2022-27313-20260318035245/report.md",
"timeline": "/runs/gitea-gitea--CVE-2022-27313-20260318035245/timeline.mmd",
"bundle": "/runs/gitea-gitea--CVE-2022-27313-20260318035245/run.json"
},
"browser_links": [
"/runs/gitea-gitea--CVE-2022-27313-20260318035245/assets/baseline.png",
"/runs/gitea-gitea--CVE-2022-27313-20260318035245/assets/baseline-dom.html",
"/runs/gitea-gitea--CVE-2022-27313-20260318035245/logs/baseline-console.json",
"/runs/gitea-gitea--CVE-2022-27313-20260318035245/logs/baseline-network.json",
"/runs/gitea-gitea--CVE-2022-27313-20260318035245/logs/baseline-page.json",
"/runs/gitea-gitea--CVE-2022-27313-20260318035245/assets/proof.png",
"/runs/gitea-gitea--CVE-2022-27313-20260318035245/assets/proof-dom.html",
"/runs/gitea-gitea--CVE-2022-27313-20260318035245/logs/proof-console.json",
"/runs/gitea-gitea--CVE-2022-27313-20260318035245/logs/proof-network.json",
"/runs/gitea-gitea--CVE-2022-27313-20260318035245/logs/proof-page.json"
],
"container_links": [
"/runs/gitea-gitea--CVE-2022-27313-20260318035245/logs/docker/app.log"
],
"request_links": [
"/runs/gitea-gitea--CVE-2022-27313-20260318035245/logs/attack.json",
"/runs/gitea-gitea--CVE-2022-27313-20260318035245/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "gitea-proxy-boundary",
"vuln_family": "proxy-boundary",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed forwarded-header boundary fixture with clean state."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner performs local forwarded-header trust proof only inside the fixture."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "gitea.proxy-boundary",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/gitea/proxy-boundary",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed forwarded-header boundary fixture with clean state.",
"Runner performs local forwarded-header trust proof only inside the fixture.",
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-27313-20260318035245/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-27313-20260318035245/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-27313-20260318035245/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-27313-20260318035245/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-27313-20260318035245/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-27313-20260318035245/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-27313-20260318035245/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-27313-20260318035245/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2022-27313-20260318035245/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-27313-20260318035245/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-27313-20260318035245/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-27313-20260318035245/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-27313-20260318035245/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2022-27313-20260318035245/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-27313-20260318035245/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-27313-20260318035245/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-27313-20260318035245/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-27313-20260318035245/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-27313-20260318035245/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "gitea-gitea--CVE-2022-1928-20260318035239",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2022-1928",
"repro_profile_id": "gitea-xss",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "gitea.xss",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/logs/proof-page.json"
],
"baseline_title": "Gitea Stored XSS Fixture",
"proof_title": "Gitea Stored XSS Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:52:39+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2022-1928"
},
{
"at": "2026-03-18T03:52:39+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-xss"
},
{
"at": "2026-03-18T03:52:39+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:52:42+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:52:42+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:52:42+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:52:42+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:52:43+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:52:43+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:52:44+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:52:44+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:52:45+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:52:45+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2022-1928-20260318035239"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "stored payload rendered inside the browser proof page"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:52:39+00:00",
"finished_at": "2026-03-18T03:52:45+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035239/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/gitea-gitea--CVE-2022-1928-20260318035239/report.html",
"report_md": "/runs/gitea-gitea--CVE-2022-1928-20260318035239/report.md",
"timeline": "/runs/gitea-gitea--CVE-2022-1928-20260318035239/timeline.mmd",
"bundle": "/runs/gitea-gitea--CVE-2022-1928-20260318035239/run.json"
},
"browser_links": [
"/runs/gitea-gitea--CVE-2022-1928-20260318035239/assets/baseline.png",
"/runs/gitea-gitea--CVE-2022-1928-20260318035239/assets/baseline-dom.html",
"/runs/gitea-gitea--CVE-2022-1928-20260318035239/logs/baseline-console.json",
"/runs/gitea-gitea--CVE-2022-1928-20260318035239/logs/baseline-network.json",
"/runs/gitea-gitea--CVE-2022-1928-20260318035239/logs/baseline-page.json",
"/runs/gitea-gitea--CVE-2022-1928-20260318035239/assets/proof.png",
"/runs/gitea-gitea--CVE-2022-1928-20260318035239/assets/proof-dom.html",
"/runs/gitea-gitea--CVE-2022-1928-20260318035239/logs/proof-console.json",
"/runs/gitea-gitea--CVE-2022-1928-20260318035239/logs/proof-network.json",
"/runs/gitea-gitea--CVE-2022-1928-20260318035239/logs/proof-page.json"
],
"container_links": [
"/runs/gitea-gitea--CVE-2022-1928-20260318035239/logs/docker/app.log"
],
"request_links": [
"/runs/gitea-gitea--CVE-2022-1928-20260318035239/logs/attack.json",
"/runs/gitea-gitea--CVE-2022-1928-20260318035239/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "gitea-xss",
"vuln_family": "xss",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Browser proof page renders the stored XSS marker after the controlled payload."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed stored content page before browser proof capture."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner stores inert script payload and captures proof page."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "gitea.xss",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/gitea/xss",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed stored content page before browser proof capture.",
"Runner stores inert script payload and captures proof page.",
"Browser proof page renders the stored XSS marker after the controlled payload."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-1928-20260318035239/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-1928-20260318035239/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-1928-20260318035239/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-1928-20260318035239/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-1928-20260318035239/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-1928-20260318035239/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-1928-20260318035239/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-1928-20260318035239/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2022-1928-20260318035239/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-1928-20260318035239/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-1928-20260318035239/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-1928-20260318035239/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-1928-20260318035239/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2022-1928-20260318035239/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-1928-20260318035239/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-1928-20260318035239/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-1928-20260318035239/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-1928-20260318035239/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-1928-20260318035239/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "gitea-gitea--CVE-2022-1058-20260318035233",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2022-1058",
"repro_profile_id": "gitea-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "gitea.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/logs/proof-page.json"
],
"baseline_title": "Gitea Proxy Boundary Fixture",
"proof_title": "Gitea Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:52:33+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2022-1058"
},
{
"at": "2026-03-18T03:52:33+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-proxy-boundary"
},
{
"at": "2026-03-18T03:52:33+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:52:36+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:52:36+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:52:36+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:52:36+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:52:37+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:52:37+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:52:37+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:52:38+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:52:39+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:52:39+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2022-1058-20260318035233"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:52:33+00:00",
"finished_at": "2026-03-18T03:52:39+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035233/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/gitea-gitea--CVE-2022-1058-20260318035233/report.html",
"report_md": "/runs/gitea-gitea--CVE-2022-1058-20260318035233/report.md",
"timeline": "/runs/gitea-gitea--CVE-2022-1058-20260318035233/timeline.mmd",
"bundle": "/runs/gitea-gitea--CVE-2022-1058-20260318035233/run.json"
},
"browser_links": [
"/runs/gitea-gitea--CVE-2022-1058-20260318035233/assets/baseline.png",
"/runs/gitea-gitea--CVE-2022-1058-20260318035233/assets/baseline-dom.html",
"/runs/gitea-gitea--CVE-2022-1058-20260318035233/logs/baseline-console.json",
"/runs/gitea-gitea--CVE-2022-1058-20260318035233/logs/baseline-network.json",
"/runs/gitea-gitea--CVE-2022-1058-20260318035233/logs/baseline-page.json",
"/runs/gitea-gitea--CVE-2022-1058-20260318035233/assets/proof.png",
"/runs/gitea-gitea--CVE-2022-1058-20260318035233/assets/proof-dom.html",
"/runs/gitea-gitea--CVE-2022-1058-20260318035233/logs/proof-console.json",
"/runs/gitea-gitea--CVE-2022-1058-20260318035233/logs/proof-network.json",
"/runs/gitea-gitea--CVE-2022-1058-20260318035233/logs/proof-page.json"
],
"container_links": [
"/runs/gitea-gitea--CVE-2022-1058-20260318035233/logs/docker/app.log"
],
"request_links": [
"/runs/gitea-gitea--CVE-2022-1058-20260318035233/logs/attack.json",
"/runs/gitea-gitea--CVE-2022-1058-20260318035233/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "gitea-proxy-boundary",
"vuln_family": "proxy-boundary",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed forwarded-header boundary fixture with clean state."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner performs local forwarded-header trust proof only inside the fixture."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "gitea.proxy-boundary",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/gitea/proxy-boundary",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed forwarded-header boundary fixture with clean state.",
"Runner performs local forwarded-header trust proof only inside the fixture.",
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-1058-20260318035233/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-1058-20260318035233/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-1058-20260318035233/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-1058-20260318035233/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-1058-20260318035233/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-1058-20260318035233/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-1058-20260318035233/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-1058-20260318035233/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2022-1058-20260318035233/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-1058-20260318035233/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-1058-20260318035233/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-1058-20260318035233/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-1058-20260318035233/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2022-1058-20260318035233/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-1058-20260318035233/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-1058-20260318035233/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-1058-20260318035233/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-1058-20260318035233/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-1058-20260318035233/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "gitea-gitea--CVE-2022-0905-20260318035226",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2022-0905",
"repro_profile_id": "gitea-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "gitea.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/logs/proof-page.json"
],
"baseline_title": "Gitea Proxy Boundary Fixture",
"proof_title": "Gitea Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:52:26+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2022-0905"
},
{
"at": "2026-03-18T03:52:26+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-proxy-boundary"
},
{
"at": "2026-03-18T03:52:27+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:52:30+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:52:30+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:52:30+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:52:30+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:52:30+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:52:30+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:52:31+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:52:31+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:52:33+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:52:33+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2022-0905-20260318035226"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:52:26+00:00",
"finished_at": "2026-03-18T03:52:33+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035226/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/gitea-gitea--CVE-2022-0905-20260318035226/report.html",
"report_md": "/runs/gitea-gitea--CVE-2022-0905-20260318035226/report.md",
"timeline": "/runs/gitea-gitea--CVE-2022-0905-20260318035226/timeline.mmd",
"bundle": "/runs/gitea-gitea--CVE-2022-0905-20260318035226/run.json"
},
"browser_links": [
"/runs/gitea-gitea--CVE-2022-0905-20260318035226/assets/baseline.png",
"/runs/gitea-gitea--CVE-2022-0905-20260318035226/assets/baseline-dom.html",
"/runs/gitea-gitea--CVE-2022-0905-20260318035226/logs/baseline-console.json",
"/runs/gitea-gitea--CVE-2022-0905-20260318035226/logs/baseline-network.json",
"/runs/gitea-gitea--CVE-2022-0905-20260318035226/logs/baseline-page.json",
"/runs/gitea-gitea--CVE-2022-0905-20260318035226/assets/proof.png",
"/runs/gitea-gitea--CVE-2022-0905-20260318035226/assets/proof-dom.html",
"/runs/gitea-gitea--CVE-2022-0905-20260318035226/logs/proof-console.json",
"/runs/gitea-gitea--CVE-2022-0905-20260318035226/logs/proof-network.json",
"/runs/gitea-gitea--CVE-2022-0905-20260318035226/logs/proof-page.json"
],
"container_links": [
"/runs/gitea-gitea--CVE-2022-0905-20260318035226/logs/docker/app.log"
],
"request_links": [
"/runs/gitea-gitea--CVE-2022-0905-20260318035226/logs/attack.json",
"/runs/gitea-gitea--CVE-2022-0905-20260318035226/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "gitea-proxy-boundary",
"vuln_family": "proxy-boundary",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed forwarded-header boundary fixture with clean state."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner performs local forwarded-header trust proof only inside the fixture."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "gitea.proxy-boundary",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/gitea/proxy-boundary",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed forwarded-header boundary fixture with clean state.",
"Runner performs local forwarded-header trust proof only inside the fixture.",
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-0905-20260318035226/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-0905-20260318035226/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-0905-20260318035226/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-0905-20260318035226/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-0905-20260318035226/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-0905-20260318035226/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-0905-20260318035226/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-0905-20260318035226/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2022-0905-20260318035226/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-0905-20260318035226/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-0905-20260318035226/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-0905-20260318035226/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-0905-20260318035226/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2022-0905-20260318035226/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-0905-20260318035226/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-0905-20260318035226/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-0905-20260318035226/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-0905-20260318035226/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-0905-20260318035226/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "gitea-gitea--CVE-2021-45331-20260318035220",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2021-45331",
"repro_profile_id": "gitea-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "gitea.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/logs/proof-page.json"
],
"baseline_title": "Gitea Proxy Boundary Fixture",
"proof_title": "Gitea Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:52:20+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2021-45331"
},
{
"at": "2026-03-18T03:52:20+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-proxy-boundary"
},
{
"at": "2026-03-18T03:52:20+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:52:23+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:52:23+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:52:23+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:52:23+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:52:24+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:52:24+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:52:25+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:52:25+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:52:26+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:52:26+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2021-45331-20260318035220"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:52:20+00:00",
"finished_at": "2026-03-18T03:52:26+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035220/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/gitea-gitea--CVE-2021-45331-20260318035220/report.html",
"report_md": "/runs/gitea-gitea--CVE-2021-45331-20260318035220/report.md",
"timeline": "/runs/gitea-gitea--CVE-2021-45331-20260318035220/timeline.mmd",
"bundle": "/runs/gitea-gitea--CVE-2021-45331-20260318035220/run.json"
},
"browser_links": [
"/runs/gitea-gitea--CVE-2021-45331-20260318035220/assets/baseline.png",
"/runs/gitea-gitea--CVE-2021-45331-20260318035220/assets/baseline-dom.html",
"/runs/gitea-gitea--CVE-2021-45331-20260318035220/logs/baseline-console.json",
"/runs/gitea-gitea--CVE-2021-45331-20260318035220/logs/baseline-network.json",
"/runs/gitea-gitea--CVE-2021-45331-20260318035220/logs/baseline-page.json",
"/runs/gitea-gitea--CVE-2021-45331-20260318035220/assets/proof.png",
"/runs/gitea-gitea--CVE-2021-45331-20260318035220/assets/proof-dom.html",
"/runs/gitea-gitea--CVE-2021-45331-20260318035220/logs/proof-console.json",
"/runs/gitea-gitea--CVE-2021-45331-20260318035220/logs/proof-network.json",
"/runs/gitea-gitea--CVE-2021-45331-20260318035220/logs/proof-page.json"
],
"container_links": [
"/runs/gitea-gitea--CVE-2021-45331-20260318035220/logs/docker/app.log"
],
"request_links": [
"/runs/gitea-gitea--CVE-2021-45331-20260318035220/logs/attack.json",
"/runs/gitea-gitea--CVE-2021-45331-20260318035220/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "gitea-proxy-boundary",
"vuln_family": "proxy-boundary",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed forwarded-header boundary fixture with clean state."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner performs local forwarded-header trust proof only inside the fixture."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "gitea.proxy-boundary",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/gitea/proxy-boundary",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed forwarded-header boundary fixture with clean state.",
"Runner performs local forwarded-header trust proof only inside the fixture.",
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-45331-20260318035220/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45331-20260318035220/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45331-20260318035220/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45331-20260318035220/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-45331-20260318035220/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-45331-20260318035220/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-45331-20260318035220/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-45331-20260318035220/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45331-20260318035220/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45331-20260318035220/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45331-20260318035220/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45331-20260318035220/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45331-20260318035220/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45331-20260318035220/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45331-20260318035220/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45331-20260318035220/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45331-20260318035220/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-45331-20260318035220/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-45331-20260318035220/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "gitea-gitea--CVE-2021-45330-20260318035214",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2021-45330",
"repro_profile_id": "gitea-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "gitea.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/logs/proof-page.json"
],
"baseline_title": "Gitea Proxy Boundary Fixture",
"proof_title": "Gitea Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:52:14+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2021-45330"
},
{
"at": "2026-03-18T03:52:14+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-proxy-boundary"
},
{
"at": "2026-03-18T03:52:14+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:52:17+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:52:17+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:52:17+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:52:17+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:52:18+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:52:18+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:52:19+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:52:19+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:52:20+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:52:20+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2021-45330-20260318035214"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:52:14+00:00",
"finished_at": "2026-03-18T03:52:20+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035214/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/gitea-gitea--CVE-2021-45330-20260318035214/report.html",
"report_md": "/runs/gitea-gitea--CVE-2021-45330-20260318035214/report.md",
"timeline": "/runs/gitea-gitea--CVE-2021-45330-20260318035214/timeline.mmd",
"bundle": "/runs/gitea-gitea--CVE-2021-45330-20260318035214/run.json"
},
"browser_links": [
"/runs/gitea-gitea--CVE-2021-45330-20260318035214/assets/baseline.png",
"/runs/gitea-gitea--CVE-2021-45330-20260318035214/assets/baseline-dom.html",
"/runs/gitea-gitea--CVE-2021-45330-20260318035214/logs/baseline-console.json",
"/runs/gitea-gitea--CVE-2021-45330-20260318035214/logs/baseline-network.json",
"/runs/gitea-gitea--CVE-2021-45330-20260318035214/logs/baseline-page.json",
"/runs/gitea-gitea--CVE-2021-45330-20260318035214/assets/proof.png",
"/runs/gitea-gitea--CVE-2021-45330-20260318035214/assets/proof-dom.html",
"/runs/gitea-gitea--CVE-2021-45330-20260318035214/logs/proof-console.json",
"/runs/gitea-gitea--CVE-2021-45330-20260318035214/logs/proof-network.json",
"/runs/gitea-gitea--CVE-2021-45330-20260318035214/logs/proof-page.json"
],
"container_links": [
"/runs/gitea-gitea--CVE-2021-45330-20260318035214/logs/docker/app.log"
],
"request_links": [
"/runs/gitea-gitea--CVE-2021-45330-20260318035214/logs/attack.json",
"/runs/gitea-gitea--CVE-2021-45330-20260318035214/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "gitea-proxy-boundary",
"vuln_family": "proxy-boundary",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed forwarded-header boundary fixture with clean state."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner performs local forwarded-header trust proof only inside the fixture."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "gitea.proxy-boundary",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/gitea/proxy-boundary",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed forwarded-header boundary fixture with clean state.",
"Runner performs local forwarded-header trust proof only inside the fixture.",
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-45330-20260318035214/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45330-20260318035214/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45330-20260318035214/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45330-20260318035214/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-45330-20260318035214/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-45330-20260318035214/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-45330-20260318035214/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-45330-20260318035214/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45330-20260318035214/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45330-20260318035214/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45330-20260318035214/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45330-20260318035214/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45330-20260318035214/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45330-20260318035214/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45330-20260318035214/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45330-20260318035214/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45330-20260318035214/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-45330-20260318035214/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-45330-20260318035214/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "gitea-gitea--CVE-2021-45327-20260318035207",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2021-45327",
"repro_profile_id": "gitea-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "gitea.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/logs/proof-page.json"
],
"baseline_title": "Gitea Proxy Boundary Fixture",
"proof_title": "Gitea Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:52:07+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2021-45327"
},
{
"at": "2026-03-18T03:52:07+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-proxy-boundary"
},
{
"at": "2026-03-18T03:52:07+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:52:10+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:52:10+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:52:10+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:52:10+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:52:11+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:52:11+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:52:12+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:52:12+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:52:14+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:52:14+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2021-45327-20260318035207"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:52:07+00:00",
"finished_at": "2026-03-18T03:52:14+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035207/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/gitea-gitea--CVE-2021-45327-20260318035207/report.html",
"report_md": "/runs/gitea-gitea--CVE-2021-45327-20260318035207/report.md",
"timeline": "/runs/gitea-gitea--CVE-2021-45327-20260318035207/timeline.mmd",
"bundle": "/runs/gitea-gitea--CVE-2021-45327-20260318035207/run.json"
},
"browser_links": [
"/runs/gitea-gitea--CVE-2021-45327-20260318035207/assets/baseline.png",
"/runs/gitea-gitea--CVE-2021-45327-20260318035207/assets/baseline-dom.html",
"/runs/gitea-gitea--CVE-2021-45327-20260318035207/logs/baseline-console.json",
"/runs/gitea-gitea--CVE-2021-45327-20260318035207/logs/baseline-network.json",
"/runs/gitea-gitea--CVE-2021-45327-20260318035207/logs/baseline-page.json",
"/runs/gitea-gitea--CVE-2021-45327-20260318035207/assets/proof.png",
"/runs/gitea-gitea--CVE-2021-45327-20260318035207/assets/proof-dom.html",
"/runs/gitea-gitea--CVE-2021-45327-20260318035207/logs/proof-console.json",
"/runs/gitea-gitea--CVE-2021-45327-20260318035207/logs/proof-network.json",
"/runs/gitea-gitea--CVE-2021-45327-20260318035207/logs/proof-page.json"
],
"container_links": [
"/runs/gitea-gitea--CVE-2021-45327-20260318035207/logs/docker/app.log"
],
"request_links": [
"/runs/gitea-gitea--CVE-2021-45327-20260318035207/logs/attack.json",
"/runs/gitea-gitea--CVE-2021-45327-20260318035207/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "gitea-proxy-boundary",
"vuln_family": "proxy-boundary",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed forwarded-header boundary fixture with clean state."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner performs local forwarded-header trust proof only inside the fixture."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "gitea.proxy-boundary",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/gitea/proxy-boundary",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed forwarded-header boundary fixture with clean state.",
"Runner performs local forwarded-header trust proof only inside the fixture.",
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-45327-20260318035207/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45327-20260318035207/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45327-20260318035207/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45327-20260318035207/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-45327-20260318035207/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-45327-20260318035207/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-45327-20260318035207/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-45327-20260318035207/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45327-20260318035207/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45327-20260318035207/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45327-20260318035207/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45327-20260318035207/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45327-20260318035207/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45327-20260318035207/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45327-20260318035207/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45327-20260318035207/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45327-20260318035207/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-45327-20260318035207/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-45327-20260318035207/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "gitea-gitea--CVE-2021-3382-20260318035201",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2021-3382",
"repro_profile_id": "gitea-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "gitea.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/logs/proof-page.json"
],
"baseline_title": "Gitea Proxy Boundary Fixture",
"proof_title": "Gitea Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:52:01+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2021-3382"
},
{
"at": "2026-03-18T03:52:01+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-proxy-boundary"
},
{
"at": "2026-03-18T03:52:01+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:52:04+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:52:04+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:52:04+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:52:04+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:52:05+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:52:05+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:52:06+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:52:06+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:52:07+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:52:07+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2021-3382-20260318035201"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:52:01+00:00",
"finished_at": "2026-03-18T03:52:07+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035201/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/gitea-gitea--CVE-2021-3382-20260318035201/report.html",
"report_md": "/runs/gitea-gitea--CVE-2021-3382-20260318035201/report.md",
"timeline": "/runs/gitea-gitea--CVE-2021-3382-20260318035201/timeline.mmd",
"bundle": "/runs/gitea-gitea--CVE-2021-3382-20260318035201/run.json"
},
"browser_links": [
"/runs/gitea-gitea--CVE-2021-3382-20260318035201/assets/baseline.png",
"/runs/gitea-gitea--CVE-2021-3382-20260318035201/assets/baseline-dom.html",
"/runs/gitea-gitea--CVE-2021-3382-20260318035201/logs/baseline-console.json",
"/runs/gitea-gitea--CVE-2021-3382-20260318035201/logs/baseline-network.json",
"/runs/gitea-gitea--CVE-2021-3382-20260318035201/logs/baseline-page.json",
"/runs/gitea-gitea--CVE-2021-3382-20260318035201/assets/proof.png",
"/runs/gitea-gitea--CVE-2021-3382-20260318035201/assets/proof-dom.html",
"/runs/gitea-gitea--CVE-2021-3382-20260318035201/logs/proof-console.json",
"/runs/gitea-gitea--CVE-2021-3382-20260318035201/logs/proof-network.json",
"/runs/gitea-gitea--CVE-2021-3382-20260318035201/logs/proof-page.json"
],
"container_links": [
"/runs/gitea-gitea--CVE-2021-3382-20260318035201/logs/docker/app.log"
],
"request_links": [
"/runs/gitea-gitea--CVE-2021-3382-20260318035201/logs/attack.json",
"/runs/gitea-gitea--CVE-2021-3382-20260318035201/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "gitea-proxy-boundary",
"vuln_family": "proxy-boundary",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed forwarded-header boundary fixture with clean state."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner performs local forwarded-header trust proof only inside the fixture."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "gitea.proxy-boundary",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/gitea/proxy-boundary",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed forwarded-header boundary fixture with clean state.",
"Runner performs local forwarded-header trust proof only inside the fixture.",
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-3382-20260318035201/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-3382-20260318035201/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-3382-20260318035201/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-3382-20260318035201/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-3382-20260318035201/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-3382-20260318035201/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-3382-20260318035201/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-3382-20260318035201/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2021-3382-20260318035201/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-3382-20260318035201/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-3382-20260318035201/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-3382-20260318035201/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-3382-20260318035201/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2021-3382-20260318035201/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-3382-20260318035201/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-3382-20260318035201/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-3382-20260318035201/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-3382-20260318035201/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-3382-20260318035201/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "gitea-gitea--CVE-2021-29134-20260318035154",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2021-29134",
"repro_profile_id": "gitea-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-29134-20260318035154/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "gitea.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-29134-20260318035154/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-29134-20260318035154/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-29134-20260318035154/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-29134-20260318035154/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-29134-20260318035154/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-29134-20260318035154/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-29134-20260318035154/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-29134-20260318035154/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-29134-20260318035154/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-29134-20260318035154/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-29134-20260318035154/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-29134-20260318035154/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-29134-20260318035154/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-29134-20260318035154/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-29134-20260318035154/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-29134-20260318035154/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-29134-20260318035154/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-29134-20260318035154/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-29134-20260318035154/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-29134-20260318035154/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-29134-20260318035154/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-29134-20260318035154/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-29134-20260318035154/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-29134-20260318035154/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-29134-20260318035154/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-29134-20260318035154/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-29134-20260318035154/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-29134-20260318035154/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-29134-20260318035154/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-29134-20260318035154/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-29134-20260318035154/logs/proof-page.json"
],
"baseline_title": "Gitea Proxy Boundary Fixture",
"proof_title": "Gitea Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-29134-20260318035154/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-29134-20260318035154/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-29134-20260318035154/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-29134-20260318035154/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:51:54+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2021-29134"
},
{
"at": "2026-03-18T03:51:54+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-proxy-boundary"
},
{
"at": "2026-03-18T03:51:55+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:51:57+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:51:57+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:51:57+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:51:57+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:51:58+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:51:58+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:51:59+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:51:59+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:52:01+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:52:01+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2021-29134-20260318035154"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:51:54+00:00",
"finished_at": "2026-03-18T03:52:01+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-29134-20260318035154",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-29134-20260318035154/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-29134-20260318035154/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-29134-20260318035154/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/gitea-gitea--CVE-2021-29134-20260318035154/report.html",
"report_md": "/runs/gitea-gitea--CVE-2021-29134-20260318035154/report.md",
"timeline": "/runs/gitea-gitea--CVE-2021-29134-20260318035154/timeline.mmd",
"bundle": "/runs/gitea-gitea--CVE-2021-29134-20260318035154/run.json"
},
"browser_links": [
"/runs/gitea-gitea--CVE-2021-29134-20260318035154/assets/baseline.png",
"/runs/gitea-gitea--CVE-2021-29134-20260318035154/assets/baseline-dom.html",
"/runs/gitea-gitea--CVE-2021-29134-20260318035154/logs/baseline-console.json",
"/runs/gitea-gitea--CVE-2021-29134-20260318035154/logs/baseline-network.json",
"/runs/gitea-gitea--CVE-2021-29134-20260318035154/logs/baseline-page.json",
"/runs/gitea-gitea--CVE-2021-29134-20260318035154/assets/proof.png",
"/runs/gitea-gitea--CVE-2021-29134-20260318035154/assets/proof-dom.html",
"/runs/gitea-gitea--CVE-2021-29134-20260318035154/logs/proof-console.json",
"/runs/gitea-gitea--CVE-2021-29134-20260318035154/logs/proof-network.json",
"/runs/gitea-gitea--CVE-2021-29134-20260318035154/logs/proof-page.json"
],
"container_links": [
"/runs/gitea-gitea--CVE-2021-29134-20260318035154/logs/docker/app.log"
],
"request_links": [
"/runs/gitea-gitea--CVE-2021-29134-20260318035154/logs/attack.json",
"/runs/gitea-gitea--CVE-2021-29134-20260318035154/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "gitea-proxy-boundary",
"vuln_family": "proxy-boundary",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed forwarded-header boundary fixture with clean state."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner performs local forwarded-header trust proof only inside the fixture."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "gitea.proxy-boundary",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/gitea/proxy-boundary",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed forwarded-header boundary fixture with clean state.",
"Runner performs local forwarded-header trust proof only inside the fixture.",
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-29134-20260318035154/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-29134-20260318035154/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-29134-20260318035154/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-29134-20260318035154/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-29134-20260318035154/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-29134-20260318035154/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-29134-20260318035154/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-29134-20260318035154/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2021-29134-20260318035154/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-29134-20260318035154/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-29134-20260318035154/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-29134-20260318035154/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-29134-20260318035154/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2021-29134-20260318035154/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-29134-20260318035154/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-29134-20260318035154/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-29134-20260318035154/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-29134-20260318035154/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-29134-20260318035154/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "gitea-gitea--CVE-2021-28378-20260318035148",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2021-28378",
"repro_profile_id": "gitea-xss",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318035148/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "gitea.xss",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318035148/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318035148/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318035148/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318035148/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318035148/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318035148/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318035148/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318035148/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318035148/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318035148/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318035148/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318035148/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318035148/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318035148/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318035148/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318035148/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318035148/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318035148/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318035148/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318035148/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318035148/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318035148/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318035148/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318035148/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318035148/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318035148/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318035148/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318035148/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318035148/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318035148/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318035148/logs/proof-page.json"
],
"baseline_title": "Gitea Stored XSS Fixture",
"proof_title": "Gitea Stored XSS Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318035148/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318035148/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318035148/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318035148/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:51:48+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2021-28378"
},
{
"at": "2026-03-18T03:51:48+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-xss"
},
{
"at": "2026-03-18T03:51:48+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:51:51+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:51:51+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:51:51+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:51:51+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:51:52+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:51:52+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:51:53+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:51:53+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:51:54+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:51:54+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2021-28378-20260318035148"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "stored payload rendered inside the browser proof page"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:51:48+00:00",
"finished_at": "2026-03-18T03:51:54+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318035148",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318035148/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318035148/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318035148/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/gitea-gitea--CVE-2021-28378-20260318035148/report.html",
"report_md": "/runs/gitea-gitea--CVE-2021-28378-20260318035148/report.md",
"timeline": "/runs/gitea-gitea--CVE-2021-28378-20260318035148/timeline.mmd",
"bundle": "/runs/gitea-gitea--CVE-2021-28378-20260318035148/run.json"
},
"browser_links": [
"/runs/gitea-gitea--CVE-2021-28378-20260318035148/assets/baseline.png",
"/runs/gitea-gitea--CVE-2021-28378-20260318035148/assets/baseline-dom.html",
"/runs/gitea-gitea--CVE-2021-28378-20260318035148/logs/baseline-console.json",
"/runs/gitea-gitea--CVE-2021-28378-20260318035148/logs/baseline-network.json",
"/runs/gitea-gitea--CVE-2021-28378-20260318035148/logs/baseline-page.json",
"/runs/gitea-gitea--CVE-2021-28378-20260318035148/assets/proof.png",
"/runs/gitea-gitea--CVE-2021-28378-20260318035148/assets/proof-dom.html",
"/runs/gitea-gitea--CVE-2021-28378-20260318035148/logs/proof-console.json",
"/runs/gitea-gitea--CVE-2021-28378-20260318035148/logs/proof-network.json",
"/runs/gitea-gitea--CVE-2021-28378-20260318035148/logs/proof-page.json"
],
"container_links": [
"/runs/gitea-gitea--CVE-2021-28378-20260318035148/logs/docker/app.log"
],
"request_links": [
"/runs/gitea-gitea--CVE-2021-28378-20260318035148/logs/attack.json",
"/runs/gitea-gitea--CVE-2021-28378-20260318035148/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "gitea-xss",
"vuln_family": "xss",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Browser proof page renders the stored XSS marker after the controlled payload."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed stored content page before browser proof capture."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner stores inert script payload and captures proof page."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "gitea.xss",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/gitea/xss",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed stored content page before browser proof capture.",
"Runner stores inert script payload and captures proof page.",
"Browser proof page renders the stored XSS marker after the controlled payload."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-28378-20260318035148/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-28378-20260318035148/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-28378-20260318035148/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-28378-20260318035148/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-28378-20260318035148/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-28378-20260318035148/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-28378-20260318035148/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-28378-20260318035148/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2021-28378-20260318035148/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-28378-20260318035148/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-28378-20260318035148/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-28378-20260318035148/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-28378-20260318035148/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2021-28378-20260318035148/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-28378-20260318035148/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-28378-20260318035148/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-28378-20260318035148/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-28378-20260318035148/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-28378-20260318035148/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "gitea-gitea--CVE-2020-13246-20260318035142",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2020-13246",
"repro_profile_id": "gitea-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318035142/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "gitea.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318035142/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318035142/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318035142/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318035142/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318035142/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318035142/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318035142/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318035142/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318035142/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318035142/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318035142/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318035142/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318035142/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318035142/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318035142/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318035142/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318035142/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318035142/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318035142/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318035142/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318035142/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318035142/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318035142/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318035142/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318035142/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318035142/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318035142/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318035142/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318035142/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318035142/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318035142/logs/proof-page.json"
],
"baseline_title": "Gitea Proxy Boundary Fixture",
"proof_title": "Gitea Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318035142/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318035142/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318035142/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318035142/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:51:42+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2020-13246"
},
{
"at": "2026-03-18T03:51:42+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-proxy-boundary"
},
{
"at": "2026-03-18T03:51:42+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:51:45+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:51:45+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:51:45+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:51:45+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:51:46+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:51:46+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:51:46+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:51:47+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:51:48+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:51:48+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2020-13246-20260318035142"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:51:42+00:00",
"finished_at": "2026-03-18T03:51:48+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318035142",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318035142/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318035142/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318035142/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/gitea-gitea--CVE-2020-13246-20260318035142/report.html",
"report_md": "/runs/gitea-gitea--CVE-2020-13246-20260318035142/report.md",
"timeline": "/runs/gitea-gitea--CVE-2020-13246-20260318035142/timeline.mmd",
"bundle": "/runs/gitea-gitea--CVE-2020-13246-20260318035142/run.json"
},
"browser_links": [
"/runs/gitea-gitea--CVE-2020-13246-20260318035142/assets/baseline.png",
"/runs/gitea-gitea--CVE-2020-13246-20260318035142/assets/baseline-dom.html",
"/runs/gitea-gitea--CVE-2020-13246-20260318035142/logs/baseline-console.json",
"/runs/gitea-gitea--CVE-2020-13246-20260318035142/logs/baseline-network.json",
"/runs/gitea-gitea--CVE-2020-13246-20260318035142/logs/baseline-page.json",
"/runs/gitea-gitea--CVE-2020-13246-20260318035142/assets/proof.png",
"/runs/gitea-gitea--CVE-2020-13246-20260318035142/assets/proof-dom.html",
"/runs/gitea-gitea--CVE-2020-13246-20260318035142/logs/proof-console.json",
"/runs/gitea-gitea--CVE-2020-13246-20260318035142/logs/proof-network.json",
"/runs/gitea-gitea--CVE-2020-13246-20260318035142/logs/proof-page.json"
],
"container_links": [
"/runs/gitea-gitea--CVE-2020-13246-20260318035142/logs/docker/app.log"
],
"request_links": [
"/runs/gitea-gitea--CVE-2020-13246-20260318035142/logs/attack.json",
"/runs/gitea-gitea--CVE-2020-13246-20260318035142/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "gitea-proxy-boundary",
"vuln_family": "proxy-boundary",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed forwarded-header boundary fixture with clean state."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner performs local forwarded-header trust proof only inside the fixture."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "gitea.proxy-boundary",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/gitea/proxy-boundary",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed forwarded-header boundary fixture with clean state.",
"Runner performs local forwarded-header trust proof only inside the fixture.",
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2020-13246-20260318035142/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2020-13246-20260318035142/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2020-13246-20260318035142/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2020-13246-20260318035142/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2020-13246-20260318035142/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2020-13246-20260318035142/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2020-13246-20260318035142/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2020-13246-20260318035142/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2020-13246-20260318035142/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2020-13246-20260318035142/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2020-13246-20260318035142/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2020-13246-20260318035142/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2020-13246-20260318035142/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2020-13246-20260318035142/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2020-13246-20260318035142/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2020-13246-20260318035142/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2020-13246-20260318035142/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2020-13246-20260318035142/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2020-13246-20260318035142/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "gitea-gitea--CVE-2019-1010261-20260318035135",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2019-1010261",
"repro_profile_id": "gitea-xss",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "gitea.xss",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/proof-page.json"
],
"baseline_title": "Gitea Stored XSS Fixture",
"proof_title": "Gitea Stored XSS Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:51:35+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2019-1010261"
},
{
"at": "2026-03-18T03:51:35+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-xss"
},
{
"at": "2026-03-18T03:51:36+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:51:38+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:51:38+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:51:38+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:51:38+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:51:39+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:51:39+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:51:40+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:51:40+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:51:42+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:51:42+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2019-1010261-20260318035135"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "stored payload rendered inside the browser proof page"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:51:35+00:00",
"finished_at": "2026-03-18T03:51:42+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318035135/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/gitea-gitea--CVE-2019-1010261-20260318035135/report.html",
"report_md": "/runs/gitea-gitea--CVE-2019-1010261-20260318035135/report.md",
"timeline": "/runs/gitea-gitea--CVE-2019-1010261-20260318035135/timeline.mmd",
"bundle": "/runs/gitea-gitea--CVE-2019-1010261-20260318035135/run.json"
},
"browser_links": [
"/runs/gitea-gitea--CVE-2019-1010261-20260318035135/assets/baseline.png",
"/runs/gitea-gitea--CVE-2019-1010261-20260318035135/assets/baseline-dom.html",
"/runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/baseline-console.json",
"/runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/baseline-network.json",
"/runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/baseline-page.json",
"/runs/gitea-gitea--CVE-2019-1010261-20260318035135/assets/proof.png",
"/runs/gitea-gitea--CVE-2019-1010261-20260318035135/assets/proof-dom.html",
"/runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/proof-console.json",
"/runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/proof-network.json",
"/runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/proof-page.json"
],
"container_links": [
"/runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/docker/app.log"
],
"request_links": [
"/runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/attack.json",
"/runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "gitea-xss",
"vuln_family": "xss",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Browser proof page renders the stored XSS marker after the controlled payload."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed stored content page before browser proof capture."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner stores inert script payload and captures proof page."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "gitea.xss",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/gitea/xss",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed stored content page before browser proof capture.",
"Runner stores inert script payload and captures proof page.",
"Browser proof page renders the stored XSS marker after the controlled payload."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2019-1010261-20260318035135/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2019-1010261-20260318035135/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2019-1010261-20260318035135/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2019-1010261-20260318035135/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2019-1010261-20260318035135/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2019-1010261-20260318035135/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2019-1010261-20260318035135/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2019-1010261-20260318035135/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2019-1010261-20260318035135/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2019-1010261-20260318035135/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "gitea-gitea--CVE-2018-18926-20260318035129",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2018-18926",
"repro_profile_id": "gitea-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "gitea.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/proof-page.json"
],
"baseline_title": "Gitea Proxy Boundary Fixture",
"proof_title": "Gitea Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:51:29+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2018-18926"
},
{
"at": "2026-03-18T03:51:29+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-proxy-boundary"
},
{
"at": "2026-03-18T03:51:29+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:51:32+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:51:32+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:51:32+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:51:32+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:51:33+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:51:33+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:51:34+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:51:34+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:51:35+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:51:35+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2018-18926-20260318035129"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:51:29+00:00",
"finished_at": "2026-03-18T03:51:35+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318035129/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/gitea-gitea--CVE-2018-18926-20260318035129/report.html",
"report_md": "/runs/gitea-gitea--CVE-2018-18926-20260318035129/report.md",
"timeline": "/runs/gitea-gitea--CVE-2018-18926-20260318035129/timeline.mmd",
"bundle": "/runs/gitea-gitea--CVE-2018-18926-20260318035129/run.json"
},
"browser_links": [
"/runs/gitea-gitea--CVE-2018-18926-20260318035129/assets/baseline.png",
"/runs/gitea-gitea--CVE-2018-18926-20260318035129/assets/baseline-dom.html",
"/runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/baseline-console.json",
"/runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/baseline-network.json",
"/runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/baseline-page.json",
"/runs/gitea-gitea--CVE-2018-18926-20260318035129/assets/proof.png",
"/runs/gitea-gitea--CVE-2018-18926-20260318035129/assets/proof-dom.html",
"/runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/proof-console.json",
"/runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/proof-network.json",
"/runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/proof-page.json"
],
"container_links": [
"/runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/docker/app.log"
],
"request_links": [
"/runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/attack.json",
"/runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "gitea-proxy-boundary",
"vuln_family": "proxy-boundary",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed forwarded-header boundary fixture with clean state."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner performs local forwarded-header trust proof only inside the fixture."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "gitea.proxy-boundary",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/gitea/proxy-boundary",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed forwarded-header boundary fixture with clean state.",
"Runner performs local forwarded-header trust proof only inside the fixture.",
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2018-18926-20260318035129/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2018-18926-20260318035129/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2018-18926-20260318035129/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2018-18926-20260318035129/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2018-18926-20260318035129/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2018-18926-20260318035129/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2018-18926-20260318035129/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2018-18926-20260318035129/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2018-18926-20260318035129/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2018-18926-20260318035129/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "gitea-gitea--CVE-2018-15192-20260318035123",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2018-15192",
"repro_profile_id": "gitea-ssrf",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318035123/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "gitea.ssrf",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318035123/logs/attack.json"
}
],
"browser_refs": [],
"browser_evidence": {
"required": false,
"present": false,
"refs": [],
"baseline_refs": [],
"proof_refs": [],
"baseline_title": null,
"proof_title": null,
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318035123/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318035123/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318035123/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318035123/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:51:23+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2018-15192"
},
{
"at": "2026-03-18T03:51:23+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-ssrf"
},
{
"at": "2026-03-18T03:51:23+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:51:27+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:51:27+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:51:27+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:51:27+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:51:27+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:51:28+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:51:29+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:51:29+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2018-15192-20260318035123"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "server-side callback reached the local sink"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:51:23+00:00",
"finished_at": "2026-03-18T03:51:29+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318035123",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318035123/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318035123/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318035123/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/gitea-gitea--CVE-2018-15192-20260318035123/report.html",
"report_md": "/runs/gitea-gitea--CVE-2018-15192-20260318035123/report.md",
"timeline": "/runs/gitea-gitea--CVE-2018-15192-20260318035123/timeline.mmd",
"bundle": "/runs/gitea-gitea--CVE-2018-15192-20260318035123/run.json"
},
"browser_links": [],
"container_links": [
"/runs/gitea-gitea--CVE-2018-15192-20260318035123/logs/docker/app.log"
],
"request_links": [
"/runs/gitea-gitea--CVE-2018-15192-20260318035123/logs/attack.json",
"/runs/gitea-gitea--CVE-2018-15192-20260318035123/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "gitea-ssrf",
"vuln_family": "ssrf",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Server-side callback reaches the local sink and is recorded in proof output."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed local sink counters only."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner triggers callback strictly to local sink endpoint."
}
],
"browser_assertions": {
"required": false
},
"runner_id": "gitea.ssrf",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/gitea/ssrf",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed local sink counters only.",
"Runner triggers callback strictly to local sink endpoint.",
"Server-side callback reaches the local sink and is recorded in proof output."
],
"progress": {
"completed": 10,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2018-15192-20260318035123/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2018-15192-20260318035123/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2018-15192-20260318035123/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2018-15192-20260318035123/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2018-15192-20260318035123/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2018-15192-20260318035123/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2018-15192-20260318035123/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2018-15192-20260318035123/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2018-15192-20260318035123/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "gitea-gitea--CVE-2022-38795-20260318035115",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2022-38795",
"repro_profile_id": "gitea-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035115/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "gitea.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035115/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035115/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035115/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035115/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035115/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035115/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035115/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035115/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035115/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035115/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035115/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035115/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035115/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035115/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035115/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035115/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035115/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035115/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035115/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035115/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035115/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035115/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035115/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035115/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035115/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035115/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035115/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035115/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035115/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035115/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035115/logs/proof-page.json"
],
"baseline_title": "Gitea Proxy Boundary Fixture",
"proof_title": "Gitea Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035115/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035115/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035115/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035115/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:51:15+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2022-38795"
},
{
"at": "2026-03-18T03:51:15+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-proxy-boundary"
},
{
"at": "2026-03-18T03:51:15+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:51:18+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:51:18+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:51:18+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:51:18+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:51:18+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:51:18+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:51:19+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:51:19+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:51:21+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:51:21+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2022-38795-20260318035115"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:51:15+00:00",
"finished_at": "2026-03-18T03:51:21+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035115",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035115/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035115/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38795-20260318035115/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/gitea-gitea--CVE-2022-38795-20260318035115/report.html",
"report_md": "/runs/gitea-gitea--CVE-2022-38795-20260318035115/report.md",
"timeline": "/runs/gitea-gitea--CVE-2022-38795-20260318035115/timeline.mmd",
"bundle": "/runs/gitea-gitea--CVE-2022-38795-20260318035115/run.json"
},
"browser_links": [
"/runs/gitea-gitea--CVE-2022-38795-20260318035115/assets/baseline.png",
"/runs/gitea-gitea--CVE-2022-38795-20260318035115/assets/baseline-dom.html",
"/runs/gitea-gitea--CVE-2022-38795-20260318035115/logs/baseline-console.json",
"/runs/gitea-gitea--CVE-2022-38795-20260318035115/logs/baseline-network.json",
"/runs/gitea-gitea--CVE-2022-38795-20260318035115/logs/baseline-page.json",
"/runs/gitea-gitea--CVE-2022-38795-20260318035115/assets/proof.png",
"/runs/gitea-gitea--CVE-2022-38795-20260318035115/assets/proof-dom.html",
"/runs/gitea-gitea--CVE-2022-38795-20260318035115/logs/proof-console.json",
"/runs/gitea-gitea--CVE-2022-38795-20260318035115/logs/proof-network.json",
"/runs/gitea-gitea--CVE-2022-38795-20260318035115/logs/proof-page.json"
],
"container_links": [
"/runs/gitea-gitea--CVE-2022-38795-20260318035115/logs/docker/app.log"
],
"request_links": [
"/runs/gitea-gitea--CVE-2022-38795-20260318035115/logs/attack.json",
"/runs/gitea-gitea--CVE-2022-38795-20260318035115/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "gitea-proxy-boundary",
"vuln_family": "proxy-boundary",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed forwarded-header boundary fixture with clean state."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner performs local forwarded-header trust proof only inside the fixture."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "gitea.proxy-boundary",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/gitea/proxy-boundary",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed forwarded-header boundary fixture with clean state.",
"Runner performs local forwarded-header trust proof only inside the fixture.",
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-38795-20260318035115/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-38795-20260318035115/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-38795-20260318035115/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-38795-20260318035115/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-38795-20260318035115/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-38795-20260318035115/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-38795-20260318035115/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-38795-20260318035115/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2022-38795-20260318035115/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-38795-20260318035115/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-38795-20260318035115/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-38795-20260318035115/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-38795-20260318035115/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2022-38795-20260318035115/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-38795-20260318035115/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-38795-20260318035115/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-38795-20260318035115/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-38795-20260318035115/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-38795-20260318035115/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "gitea-gitea--CVE-2022-38183-20260318035108",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2022-38183",
"repro_profile_id": "gitea-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035108/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "gitea.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035108/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035108/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035108/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035108/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035108/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035108/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035108/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035108/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035108/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035108/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035108/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035108/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035108/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035108/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035108/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035108/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035108/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035108/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035108/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035108/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035108/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035108/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035108/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035108/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035108/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035108/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035108/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035108/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035108/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035108/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035108/logs/proof-page.json"
],
"baseline_title": "Gitea Proxy Boundary Fixture",
"proof_title": "Gitea Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035108/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035108/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035108/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035108/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:51:08+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2022-38183"
},
{
"at": "2026-03-18T03:51:08+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-proxy-boundary"
},
{
"at": "2026-03-18T03:51:08+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:51:11+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:51:11+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:51:11+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:51:11+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:51:12+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:51:12+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:51:13+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:51:13+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:51:14+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:51:14+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2022-38183-20260318035108"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:51:08+00:00",
"finished_at": "2026-03-18T03:51:14+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035108",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035108/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035108/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-38183-20260318035108/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/gitea-gitea--CVE-2022-38183-20260318035108/report.html",
"report_md": "/runs/gitea-gitea--CVE-2022-38183-20260318035108/report.md",
"timeline": "/runs/gitea-gitea--CVE-2022-38183-20260318035108/timeline.mmd",
"bundle": "/runs/gitea-gitea--CVE-2022-38183-20260318035108/run.json"
},
"browser_links": [
"/runs/gitea-gitea--CVE-2022-38183-20260318035108/assets/baseline.png",
"/runs/gitea-gitea--CVE-2022-38183-20260318035108/assets/baseline-dom.html",
"/runs/gitea-gitea--CVE-2022-38183-20260318035108/logs/baseline-console.json",
"/runs/gitea-gitea--CVE-2022-38183-20260318035108/logs/baseline-network.json",
"/runs/gitea-gitea--CVE-2022-38183-20260318035108/logs/baseline-page.json",
"/runs/gitea-gitea--CVE-2022-38183-20260318035108/assets/proof.png",
"/runs/gitea-gitea--CVE-2022-38183-20260318035108/assets/proof-dom.html",
"/runs/gitea-gitea--CVE-2022-38183-20260318035108/logs/proof-console.json",
"/runs/gitea-gitea--CVE-2022-38183-20260318035108/logs/proof-network.json",
"/runs/gitea-gitea--CVE-2022-38183-20260318035108/logs/proof-page.json"
],
"container_links": [
"/runs/gitea-gitea--CVE-2022-38183-20260318035108/logs/docker/app.log"
],
"request_links": [
"/runs/gitea-gitea--CVE-2022-38183-20260318035108/logs/attack.json",
"/runs/gitea-gitea--CVE-2022-38183-20260318035108/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "gitea-proxy-boundary",
"vuln_family": "proxy-boundary",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed forwarded-header boundary fixture with clean state."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner performs local forwarded-header trust proof only inside the fixture."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "gitea.proxy-boundary",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/gitea/proxy-boundary",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed forwarded-header boundary fixture with clean state.",
"Runner performs local forwarded-header trust proof only inside the fixture.",
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-38183-20260318035108/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-38183-20260318035108/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-38183-20260318035108/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-38183-20260318035108/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-38183-20260318035108/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-38183-20260318035108/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-38183-20260318035108/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-38183-20260318035108/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2022-38183-20260318035108/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-38183-20260318035108/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-38183-20260318035108/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-38183-20260318035108/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-38183-20260318035108/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2022-38183-20260318035108/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-38183-20260318035108/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-38183-20260318035108/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-38183-20260318035108/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-38183-20260318035108/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-38183-20260318035108/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "gitea-gitea--CVE-2022-30781-20260318035102",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2022-30781",
"repro_profile_id": "gitea-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035102/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "gitea.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035102/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035102/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035102/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035102/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035102/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035102/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035102/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035102/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035102/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035102/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035102/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035102/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035102/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035102/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035102/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035102/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035102/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035102/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035102/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035102/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035102/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035102/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035102/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035102/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035102/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035102/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035102/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035102/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035102/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035102/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035102/logs/proof-page.json"
],
"baseline_title": "Gitea Proxy Boundary Fixture",
"proof_title": "Gitea Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035102/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035102/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035102/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035102/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:51:02+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2022-30781"
},
{
"at": "2026-03-18T03:51:02+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-proxy-boundary"
},
{
"at": "2026-03-18T03:51:02+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:51:05+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:51:05+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:51:05+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:51:05+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:51:06+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:51:06+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:51:07+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:51:07+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:51:08+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:51:08+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2022-30781-20260318035102"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:51:02+00:00",
"finished_at": "2026-03-18T03:51:08+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035102",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035102/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035102/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-30781-20260318035102/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/gitea-gitea--CVE-2022-30781-20260318035102/report.html",
"report_md": "/runs/gitea-gitea--CVE-2022-30781-20260318035102/report.md",
"timeline": "/runs/gitea-gitea--CVE-2022-30781-20260318035102/timeline.mmd",
"bundle": "/runs/gitea-gitea--CVE-2022-30781-20260318035102/run.json"
},
"browser_links": [
"/runs/gitea-gitea--CVE-2022-30781-20260318035102/assets/baseline.png",
"/runs/gitea-gitea--CVE-2022-30781-20260318035102/assets/baseline-dom.html",
"/runs/gitea-gitea--CVE-2022-30781-20260318035102/logs/baseline-console.json",
"/runs/gitea-gitea--CVE-2022-30781-20260318035102/logs/baseline-network.json",
"/runs/gitea-gitea--CVE-2022-30781-20260318035102/logs/baseline-page.json",
"/runs/gitea-gitea--CVE-2022-30781-20260318035102/assets/proof.png",
"/runs/gitea-gitea--CVE-2022-30781-20260318035102/assets/proof-dom.html",
"/runs/gitea-gitea--CVE-2022-30781-20260318035102/logs/proof-console.json",
"/runs/gitea-gitea--CVE-2022-30781-20260318035102/logs/proof-network.json",
"/runs/gitea-gitea--CVE-2022-30781-20260318035102/logs/proof-page.json"
],
"container_links": [
"/runs/gitea-gitea--CVE-2022-30781-20260318035102/logs/docker/app.log"
],
"request_links": [
"/runs/gitea-gitea--CVE-2022-30781-20260318035102/logs/attack.json",
"/runs/gitea-gitea--CVE-2022-30781-20260318035102/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "gitea-proxy-boundary",
"vuln_family": "proxy-boundary",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed forwarded-header boundary fixture with clean state."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner performs local forwarded-header trust proof only inside the fixture."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "gitea.proxy-boundary",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/gitea/proxy-boundary",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed forwarded-header boundary fixture with clean state.",
"Runner performs local forwarded-header trust proof only inside the fixture.",
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-30781-20260318035102/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-30781-20260318035102/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-30781-20260318035102/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-30781-20260318035102/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-30781-20260318035102/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-30781-20260318035102/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-30781-20260318035102/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-30781-20260318035102/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2022-30781-20260318035102/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-30781-20260318035102/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-30781-20260318035102/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-30781-20260318035102/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-30781-20260318035102/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2022-30781-20260318035102/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-30781-20260318035102/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-30781-20260318035102/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-30781-20260318035102/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-30781-20260318035102/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-30781-20260318035102/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "gitea-gitea--CVE-2022-27313-20260318035055",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2022-27313",
"repro_profile_id": "gitea-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035055/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "gitea.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035055/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035055/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035055/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035055/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035055/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035055/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035055/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035055/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035055/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035055/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035055/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035055/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035055/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035055/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035055/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035055/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035055/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035055/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035055/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035055/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035055/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035055/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035055/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035055/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035055/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035055/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035055/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035055/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035055/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035055/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035055/logs/proof-page.json"
],
"baseline_title": "Gitea Proxy Boundary Fixture",
"proof_title": "Gitea Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035055/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035055/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035055/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035055/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:50:55+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2022-27313"
},
{
"at": "2026-03-18T03:50:55+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-proxy-boundary"
},
{
"at": "2026-03-18T03:50:56+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:50:59+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:50:59+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:50:59+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:50:59+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:50:59+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:50:59+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:51:00+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:51:00+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:51:02+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:51:02+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2022-27313-20260318035055"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:50:55+00:00",
"finished_at": "2026-03-18T03:51:02+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035055",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035055/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035055/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-27313-20260318035055/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/gitea-gitea--CVE-2022-27313-20260318035055/report.html",
"report_md": "/runs/gitea-gitea--CVE-2022-27313-20260318035055/report.md",
"timeline": "/runs/gitea-gitea--CVE-2022-27313-20260318035055/timeline.mmd",
"bundle": "/runs/gitea-gitea--CVE-2022-27313-20260318035055/run.json"
},
"browser_links": [
"/runs/gitea-gitea--CVE-2022-27313-20260318035055/assets/baseline.png",
"/runs/gitea-gitea--CVE-2022-27313-20260318035055/assets/baseline-dom.html",
"/runs/gitea-gitea--CVE-2022-27313-20260318035055/logs/baseline-console.json",
"/runs/gitea-gitea--CVE-2022-27313-20260318035055/logs/baseline-network.json",
"/runs/gitea-gitea--CVE-2022-27313-20260318035055/logs/baseline-page.json",
"/runs/gitea-gitea--CVE-2022-27313-20260318035055/assets/proof.png",
"/runs/gitea-gitea--CVE-2022-27313-20260318035055/assets/proof-dom.html",
"/runs/gitea-gitea--CVE-2022-27313-20260318035055/logs/proof-console.json",
"/runs/gitea-gitea--CVE-2022-27313-20260318035055/logs/proof-network.json",
"/runs/gitea-gitea--CVE-2022-27313-20260318035055/logs/proof-page.json"
],
"container_links": [
"/runs/gitea-gitea--CVE-2022-27313-20260318035055/logs/docker/app.log"
],
"request_links": [
"/runs/gitea-gitea--CVE-2022-27313-20260318035055/logs/attack.json",
"/runs/gitea-gitea--CVE-2022-27313-20260318035055/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "gitea-proxy-boundary",
"vuln_family": "proxy-boundary",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed forwarded-header boundary fixture with clean state."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner performs local forwarded-header trust proof only inside the fixture."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "gitea.proxy-boundary",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/gitea/proxy-boundary",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed forwarded-header boundary fixture with clean state.",
"Runner performs local forwarded-header trust proof only inside the fixture.",
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-27313-20260318035055/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-27313-20260318035055/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-27313-20260318035055/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-27313-20260318035055/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-27313-20260318035055/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-27313-20260318035055/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-27313-20260318035055/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-27313-20260318035055/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2022-27313-20260318035055/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-27313-20260318035055/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-27313-20260318035055/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-27313-20260318035055/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-27313-20260318035055/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2022-27313-20260318035055/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-27313-20260318035055/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-27313-20260318035055/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-27313-20260318035055/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-27313-20260318035055/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-27313-20260318035055/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "gitea-gitea--CVE-2022-1928-20260318035049",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2022-1928",
"repro_profile_id": "gitea-xss",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035049/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "gitea.xss",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035049/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035049/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035049/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035049/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035049/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035049/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035049/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035049/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035049/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035049/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035049/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035049/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035049/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035049/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035049/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035049/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035049/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035049/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035049/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035049/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035049/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035049/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035049/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035049/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035049/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035049/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035049/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035049/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035049/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035049/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035049/logs/proof-page.json"
],
"baseline_title": "Gitea Stored XSS Fixture",
"proof_title": "Gitea Stored XSS Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035049/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035049/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035049/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035049/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:50:49+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2022-1928"
},
{
"at": "2026-03-18T03:50:49+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-xss"
},
{
"at": "2026-03-18T03:50:49+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:50:52+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:50:52+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:50:52+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:50:52+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:50:53+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:50:53+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:50:54+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:50:54+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:50:55+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:50:55+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2022-1928-20260318035049"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "stored payload rendered inside the browser proof page"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:50:49+00:00",
"finished_at": "2026-03-18T03:50:55+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035049",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035049/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035049/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1928-20260318035049/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/gitea-gitea--CVE-2022-1928-20260318035049/report.html",
"report_md": "/runs/gitea-gitea--CVE-2022-1928-20260318035049/report.md",
"timeline": "/runs/gitea-gitea--CVE-2022-1928-20260318035049/timeline.mmd",
"bundle": "/runs/gitea-gitea--CVE-2022-1928-20260318035049/run.json"
},
"browser_links": [
"/runs/gitea-gitea--CVE-2022-1928-20260318035049/assets/baseline.png",
"/runs/gitea-gitea--CVE-2022-1928-20260318035049/assets/baseline-dom.html",
"/runs/gitea-gitea--CVE-2022-1928-20260318035049/logs/baseline-console.json",
"/runs/gitea-gitea--CVE-2022-1928-20260318035049/logs/baseline-network.json",
"/runs/gitea-gitea--CVE-2022-1928-20260318035049/logs/baseline-page.json",
"/runs/gitea-gitea--CVE-2022-1928-20260318035049/assets/proof.png",
"/runs/gitea-gitea--CVE-2022-1928-20260318035049/assets/proof-dom.html",
"/runs/gitea-gitea--CVE-2022-1928-20260318035049/logs/proof-console.json",
"/runs/gitea-gitea--CVE-2022-1928-20260318035049/logs/proof-network.json",
"/runs/gitea-gitea--CVE-2022-1928-20260318035049/logs/proof-page.json"
],
"container_links": [
"/runs/gitea-gitea--CVE-2022-1928-20260318035049/logs/docker/app.log"
],
"request_links": [
"/runs/gitea-gitea--CVE-2022-1928-20260318035049/logs/attack.json",
"/runs/gitea-gitea--CVE-2022-1928-20260318035049/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "gitea-xss",
"vuln_family": "xss",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Browser proof page renders the stored XSS marker after the controlled payload."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed stored content page before browser proof capture."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner stores inert script payload and captures proof page."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "gitea.xss",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/gitea/xss",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed stored content page before browser proof capture.",
"Runner stores inert script payload and captures proof page.",
"Browser proof page renders the stored XSS marker after the controlled payload."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-1928-20260318035049/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-1928-20260318035049/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-1928-20260318035049/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-1928-20260318035049/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-1928-20260318035049/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-1928-20260318035049/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-1928-20260318035049/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-1928-20260318035049/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2022-1928-20260318035049/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-1928-20260318035049/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-1928-20260318035049/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-1928-20260318035049/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-1928-20260318035049/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2022-1928-20260318035049/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-1928-20260318035049/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-1928-20260318035049/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-1928-20260318035049/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-1928-20260318035049/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-1928-20260318035049/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "gitea-gitea--CVE-2022-1058-20260318035042",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2022-1058",
"repro_profile_id": "gitea-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035042/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "gitea.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035042/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035042/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035042/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035042/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035042/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035042/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035042/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035042/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035042/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035042/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035042/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035042/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035042/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035042/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035042/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035042/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035042/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035042/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035042/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035042/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035042/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035042/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035042/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035042/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035042/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035042/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035042/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035042/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035042/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035042/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035042/logs/proof-page.json"
],
"baseline_title": "Gitea Proxy Boundary Fixture",
"proof_title": "Gitea Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035042/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035042/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035042/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035042/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:50:42+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2022-1058"
},
{
"at": "2026-03-18T03:50:42+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-proxy-boundary"
},
{
"at": "2026-03-18T03:50:43+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:50:46+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:50:46+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:50:46+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:50:46+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:50:47+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:50:47+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:50:48+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:50:48+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:50:49+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:50:49+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2022-1058-20260318035042"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:50:42+00:00",
"finished_at": "2026-03-18T03:50:49+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035042",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035042/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035042/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-1058-20260318035042/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/gitea-gitea--CVE-2022-1058-20260318035042/report.html",
"report_md": "/runs/gitea-gitea--CVE-2022-1058-20260318035042/report.md",
"timeline": "/runs/gitea-gitea--CVE-2022-1058-20260318035042/timeline.mmd",
"bundle": "/runs/gitea-gitea--CVE-2022-1058-20260318035042/run.json"
},
"browser_links": [
"/runs/gitea-gitea--CVE-2022-1058-20260318035042/assets/baseline.png",
"/runs/gitea-gitea--CVE-2022-1058-20260318035042/assets/baseline-dom.html",
"/runs/gitea-gitea--CVE-2022-1058-20260318035042/logs/baseline-console.json",
"/runs/gitea-gitea--CVE-2022-1058-20260318035042/logs/baseline-network.json",
"/runs/gitea-gitea--CVE-2022-1058-20260318035042/logs/baseline-page.json",
"/runs/gitea-gitea--CVE-2022-1058-20260318035042/assets/proof.png",
"/runs/gitea-gitea--CVE-2022-1058-20260318035042/assets/proof-dom.html",
"/runs/gitea-gitea--CVE-2022-1058-20260318035042/logs/proof-console.json",
"/runs/gitea-gitea--CVE-2022-1058-20260318035042/logs/proof-network.json",
"/runs/gitea-gitea--CVE-2022-1058-20260318035042/logs/proof-page.json"
],
"container_links": [
"/runs/gitea-gitea--CVE-2022-1058-20260318035042/logs/docker/app.log"
],
"request_links": [
"/runs/gitea-gitea--CVE-2022-1058-20260318035042/logs/attack.json",
"/runs/gitea-gitea--CVE-2022-1058-20260318035042/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "gitea-proxy-boundary",
"vuln_family": "proxy-boundary",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed forwarded-header boundary fixture with clean state."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner performs local forwarded-header trust proof only inside the fixture."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "gitea.proxy-boundary",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/gitea/proxy-boundary",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed forwarded-header boundary fixture with clean state.",
"Runner performs local forwarded-header trust proof only inside the fixture.",
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-1058-20260318035042/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-1058-20260318035042/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-1058-20260318035042/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-1058-20260318035042/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-1058-20260318035042/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-1058-20260318035042/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-1058-20260318035042/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-1058-20260318035042/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2022-1058-20260318035042/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-1058-20260318035042/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-1058-20260318035042/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-1058-20260318035042/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-1058-20260318035042/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2022-1058-20260318035042/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-1058-20260318035042/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-1058-20260318035042/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-1058-20260318035042/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-1058-20260318035042/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-1058-20260318035042/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "gitea-gitea--CVE-2022-0905-20260318035035",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2022-0905",
"repro_profile_id": "gitea-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035035/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "gitea.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035035/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035035/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035035/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035035/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035035/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035035/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035035/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035035/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035035/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035035/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035035/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035035/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035035/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035035/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035035/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035035/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035035/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035035/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035035/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035035/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035035/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035035/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035035/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035035/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035035/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035035/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035035/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035035/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035035/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035035/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035035/logs/proof-page.json"
],
"baseline_title": "Gitea Proxy Boundary Fixture",
"proof_title": "Gitea Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035035/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035035/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035035/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035035/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:50:35+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2022-0905"
},
{
"at": "2026-03-18T03:50:35+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-proxy-boundary"
},
{
"at": "2026-03-18T03:50:36+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:50:39+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:50:39+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:50:39+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:50:39+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:50:39+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:50:39+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:50:40+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:50:40+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:50:42+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:50:42+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2022-0905-20260318035035"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:50:35+00:00",
"finished_at": "2026-03-18T03:50:42+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035035",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035035/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035035/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2022-0905-20260318035035/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/gitea-gitea--CVE-2022-0905-20260318035035/report.html",
"report_md": "/runs/gitea-gitea--CVE-2022-0905-20260318035035/report.md",
"timeline": "/runs/gitea-gitea--CVE-2022-0905-20260318035035/timeline.mmd",
"bundle": "/runs/gitea-gitea--CVE-2022-0905-20260318035035/run.json"
},
"browser_links": [
"/runs/gitea-gitea--CVE-2022-0905-20260318035035/assets/baseline.png",
"/runs/gitea-gitea--CVE-2022-0905-20260318035035/assets/baseline-dom.html",
"/runs/gitea-gitea--CVE-2022-0905-20260318035035/logs/baseline-console.json",
"/runs/gitea-gitea--CVE-2022-0905-20260318035035/logs/baseline-network.json",
"/runs/gitea-gitea--CVE-2022-0905-20260318035035/logs/baseline-page.json",
"/runs/gitea-gitea--CVE-2022-0905-20260318035035/assets/proof.png",
"/runs/gitea-gitea--CVE-2022-0905-20260318035035/assets/proof-dom.html",
"/runs/gitea-gitea--CVE-2022-0905-20260318035035/logs/proof-console.json",
"/runs/gitea-gitea--CVE-2022-0905-20260318035035/logs/proof-network.json",
"/runs/gitea-gitea--CVE-2022-0905-20260318035035/logs/proof-page.json"
],
"container_links": [
"/runs/gitea-gitea--CVE-2022-0905-20260318035035/logs/docker/app.log"
],
"request_links": [
"/runs/gitea-gitea--CVE-2022-0905-20260318035035/logs/attack.json",
"/runs/gitea-gitea--CVE-2022-0905-20260318035035/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "gitea-proxy-boundary",
"vuln_family": "proxy-boundary",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed forwarded-header boundary fixture with clean state."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner performs local forwarded-header trust proof only inside the fixture."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "gitea.proxy-boundary",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/gitea/proxy-boundary",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed forwarded-header boundary fixture with clean state.",
"Runner performs local forwarded-header trust proof only inside the fixture.",
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-0905-20260318035035/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-0905-20260318035035/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-0905-20260318035035/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-0905-20260318035035/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-0905-20260318035035/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-0905-20260318035035/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-0905-20260318035035/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-0905-20260318035035/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2022-0905-20260318035035/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-0905-20260318035035/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-0905-20260318035035/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-0905-20260318035035/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-0905-20260318035035/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2022-0905-20260318035035/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-0905-20260318035035/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-0905-20260318035035/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2022-0905-20260318035035/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-0905-20260318035035/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2022-0905-20260318035035/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "gitea-gitea--CVE-2021-45331-20260318035029",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2021-45331",
"repro_profile_id": "gitea-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035029/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "gitea.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035029/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035029/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035029/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035029/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035029/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035029/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035029/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035029/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035029/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035029/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035029/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035029/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035029/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035029/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035029/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035029/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035029/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035029/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035029/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035029/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035029/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035029/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035029/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035029/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035029/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035029/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035029/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035029/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035029/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035029/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035029/logs/proof-page.json"
],
"baseline_title": "Gitea Proxy Boundary Fixture",
"proof_title": "Gitea Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035029/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035029/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035029/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035029/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:50:29+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2021-45331"
},
{
"at": "2026-03-18T03:50:29+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-proxy-boundary"
},
{
"at": "2026-03-18T03:50:29+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:50:32+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:50:32+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:50:32+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:50:32+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:50:33+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:50:33+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:50:34+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:50:34+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:50:35+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:50:35+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2021-45331-20260318035029"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:50:29+00:00",
"finished_at": "2026-03-18T03:50:35+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035029",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035029/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035029/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45331-20260318035029/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/gitea-gitea--CVE-2021-45331-20260318035029/report.html",
"report_md": "/runs/gitea-gitea--CVE-2021-45331-20260318035029/report.md",
"timeline": "/runs/gitea-gitea--CVE-2021-45331-20260318035029/timeline.mmd",
"bundle": "/runs/gitea-gitea--CVE-2021-45331-20260318035029/run.json"
},
"browser_links": [
"/runs/gitea-gitea--CVE-2021-45331-20260318035029/assets/baseline.png",
"/runs/gitea-gitea--CVE-2021-45331-20260318035029/assets/baseline-dom.html",
"/runs/gitea-gitea--CVE-2021-45331-20260318035029/logs/baseline-console.json",
"/runs/gitea-gitea--CVE-2021-45331-20260318035029/logs/baseline-network.json",
"/runs/gitea-gitea--CVE-2021-45331-20260318035029/logs/baseline-page.json",
"/runs/gitea-gitea--CVE-2021-45331-20260318035029/assets/proof.png",
"/runs/gitea-gitea--CVE-2021-45331-20260318035029/assets/proof-dom.html",
"/runs/gitea-gitea--CVE-2021-45331-20260318035029/logs/proof-console.json",
"/runs/gitea-gitea--CVE-2021-45331-20260318035029/logs/proof-network.json",
"/runs/gitea-gitea--CVE-2021-45331-20260318035029/logs/proof-page.json"
],
"container_links": [
"/runs/gitea-gitea--CVE-2021-45331-20260318035029/logs/docker/app.log"
],
"request_links": [
"/runs/gitea-gitea--CVE-2021-45331-20260318035029/logs/attack.json",
"/runs/gitea-gitea--CVE-2021-45331-20260318035029/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "gitea-proxy-boundary",
"vuln_family": "proxy-boundary",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed forwarded-header boundary fixture with clean state."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner performs local forwarded-header trust proof only inside the fixture."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "gitea.proxy-boundary",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/gitea/proxy-boundary",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed forwarded-header boundary fixture with clean state.",
"Runner performs local forwarded-header trust proof only inside the fixture.",
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-45331-20260318035029/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45331-20260318035029/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45331-20260318035029/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45331-20260318035029/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-45331-20260318035029/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-45331-20260318035029/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-45331-20260318035029/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-45331-20260318035029/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45331-20260318035029/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45331-20260318035029/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45331-20260318035029/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45331-20260318035029/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45331-20260318035029/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45331-20260318035029/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45331-20260318035029/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45331-20260318035029/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45331-20260318035029/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-45331-20260318035029/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-45331-20260318035029/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "gitea-gitea--CVE-2021-45330-20260318035023",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2021-45330",
"repro_profile_id": "gitea-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035023/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "gitea.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035023/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035023/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035023/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035023/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035023/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035023/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035023/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035023/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035023/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035023/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035023/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035023/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035023/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035023/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035023/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035023/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035023/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035023/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035023/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035023/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035023/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035023/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035023/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035023/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035023/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035023/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035023/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035023/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035023/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035023/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035023/logs/proof-page.json"
],
"baseline_title": "Gitea Proxy Boundary Fixture",
"proof_title": "Gitea Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035023/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035023/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035023/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035023/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:50:23+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2021-45330"
},
{
"at": "2026-03-18T03:50:23+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-proxy-boundary"
},
{
"at": "2026-03-18T03:50:23+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:50:26+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:50:26+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:50:26+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:50:26+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:50:27+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:50:27+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:50:28+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:50:28+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:50:29+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:50:29+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2021-45330-20260318035023"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:50:23+00:00",
"finished_at": "2026-03-18T03:50:29+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035023",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035023/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035023/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45330-20260318035023/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/gitea-gitea--CVE-2021-45330-20260318035023/report.html",
"report_md": "/runs/gitea-gitea--CVE-2021-45330-20260318035023/report.md",
"timeline": "/runs/gitea-gitea--CVE-2021-45330-20260318035023/timeline.mmd",
"bundle": "/runs/gitea-gitea--CVE-2021-45330-20260318035023/run.json"
},
"browser_links": [
"/runs/gitea-gitea--CVE-2021-45330-20260318035023/assets/baseline.png",
"/runs/gitea-gitea--CVE-2021-45330-20260318035023/assets/baseline-dom.html",
"/runs/gitea-gitea--CVE-2021-45330-20260318035023/logs/baseline-console.json",
"/runs/gitea-gitea--CVE-2021-45330-20260318035023/logs/baseline-network.json",
"/runs/gitea-gitea--CVE-2021-45330-20260318035023/logs/baseline-page.json",
"/runs/gitea-gitea--CVE-2021-45330-20260318035023/assets/proof.png",
"/runs/gitea-gitea--CVE-2021-45330-20260318035023/assets/proof-dom.html",
"/runs/gitea-gitea--CVE-2021-45330-20260318035023/logs/proof-console.json",
"/runs/gitea-gitea--CVE-2021-45330-20260318035023/logs/proof-network.json",
"/runs/gitea-gitea--CVE-2021-45330-20260318035023/logs/proof-page.json"
],
"container_links": [
"/runs/gitea-gitea--CVE-2021-45330-20260318035023/logs/docker/app.log"
],
"request_links": [
"/runs/gitea-gitea--CVE-2021-45330-20260318035023/logs/attack.json",
"/runs/gitea-gitea--CVE-2021-45330-20260318035023/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "gitea-proxy-boundary",
"vuln_family": "proxy-boundary",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed forwarded-header boundary fixture with clean state."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner performs local forwarded-header trust proof only inside the fixture."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "gitea.proxy-boundary",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/gitea/proxy-boundary",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed forwarded-header boundary fixture with clean state.",
"Runner performs local forwarded-header trust proof only inside the fixture.",
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-45330-20260318035023/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45330-20260318035023/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45330-20260318035023/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45330-20260318035023/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-45330-20260318035023/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-45330-20260318035023/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-45330-20260318035023/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-45330-20260318035023/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45330-20260318035023/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45330-20260318035023/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45330-20260318035023/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45330-20260318035023/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45330-20260318035023/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45330-20260318035023/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45330-20260318035023/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45330-20260318035023/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45330-20260318035023/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-45330-20260318035023/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-45330-20260318035023/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "gitea-gitea--CVE-2021-45327-20260318035016",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2021-45327",
"repro_profile_id": "gitea-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035016/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "gitea.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035016/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035016/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035016/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035016/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035016/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035016/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035016/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035016/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035016/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035016/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035016/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035016/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035016/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035016/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035016/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035016/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035016/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035016/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035016/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035016/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035016/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035016/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035016/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035016/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035016/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035016/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035016/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035016/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035016/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035016/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035016/logs/proof-page.json"
],
"baseline_title": "Gitea Proxy Boundary Fixture",
"proof_title": "Gitea Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035016/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035016/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035016/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035016/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:50:16+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2021-45327"
},
{
"at": "2026-03-18T03:50:16+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-proxy-boundary"
},
{
"at": "2026-03-18T03:50:17+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:50:20+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:50:20+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:50:20+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:50:20+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:50:20+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:50:20+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:50:21+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:50:21+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:50:23+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:50:23+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2021-45327-20260318035016"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:50:16+00:00",
"finished_at": "2026-03-18T03:50:23+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035016",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035016/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035016/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-45327-20260318035016/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/gitea-gitea--CVE-2021-45327-20260318035016/report.html",
"report_md": "/runs/gitea-gitea--CVE-2021-45327-20260318035016/report.md",
"timeline": "/runs/gitea-gitea--CVE-2021-45327-20260318035016/timeline.mmd",
"bundle": "/runs/gitea-gitea--CVE-2021-45327-20260318035016/run.json"
},
"browser_links": [
"/runs/gitea-gitea--CVE-2021-45327-20260318035016/assets/baseline.png",
"/runs/gitea-gitea--CVE-2021-45327-20260318035016/assets/baseline-dom.html",
"/runs/gitea-gitea--CVE-2021-45327-20260318035016/logs/baseline-console.json",
"/runs/gitea-gitea--CVE-2021-45327-20260318035016/logs/baseline-network.json",
"/runs/gitea-gitea--CVE-2021-45327-20260318035016/logs/baseline-page.json",
"/runs/gitea-gitea--CVE-2021-45327-20260318035016/assets/proof.png",
"/runs/gitea-gitea--CVE-2021-45327-20260318035016/assets/proof-dom.html",
"/runs/gitea-gitea--CVE-2021-45327-20260318035016/logs/proof-console.json",
"/runs/gitea-gitea--CVE-2021-45327-20260318035016/logs/proof-network.json",
"/runs/gitea-gitea--CVE-2021-45327-20260318035016/logs/proof-page.json"
],
"container_links": [
"/runs/gitea-gitea--CVE-2021-45327-20260318035016/logs/docker/app.log"
],
"request_links": [
"/runs/gitea-gitea--CVE-2021-45327-20260318035016/logs/attack.json",
"/runs/gitea-gitea--CVE-2021-45327-20260318035016/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "gitea-proxy-boundary",
"vuln_family": "proxy-boundary",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed forwarded-header boundary fixture with clean state."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner performs local forwarded-header trust proof only inside the fixture."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "gitea.proxy-boundary",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/gitea/proxy-boundary",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed forwarded-header boundary fixture with clean state.",
"Runner performs local forwarded-header trust proof only inside the fixture.",
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-45327-20260318035016/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45327-20260318035016/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45327-20260318035016/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45327-20260318035016/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-45327-20260318035016/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-45327-20260318035016/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-45327-20260318035016/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-45327-20260318035016/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45327-20260318035016/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45327-20260318035016/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45327-20260318035016/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45327-20260318035016/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45327-20260318035016/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45327-20260318035016/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45327-20260318035016/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45327-20260318035016/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-45327-20260318035016/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-45327-20260318035016/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-45327-20260318035016/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
},
{
"run_id": "gitea-gitea--CVE-2021-3382-20260318035010",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2021-3382",
"repro_profile_id": "gitea-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035010/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "gitea.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035010/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035010/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035010/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035010/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035010/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035010/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035010/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035010/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035010/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035010/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035010/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035010/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035010/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035010/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035010/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035010/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035010/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035010/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035010/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035010/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035010/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035010/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035010/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035010/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035010/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035010/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035010/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035010/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035010/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035010/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035010/logs/proof-page.json"
],
"baseline_title": "Gitea Proxy Boundary Fixture",
"proof_title": "Gitea Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035010/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035010/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035010/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035010/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T03:50:10+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2021-3382"
},
{
"at": "2026-03-18T03:50:10+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-proxy-boundary"
},
{
"at": "2026-03-18T03:50:10+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T03:50:13+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T03:50:13+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T03:50:13+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:50:13+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T03:50:14+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:50:14+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T03:50:15+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T03:50:15+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T03:50:16+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T03:50:16+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2021-3382-20260318035010"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T03:50:10+00:00",
"finished_at": "2026-03-18T03:50:16+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035010",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035010/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035010/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-3382-20260318035010/timeline.mmd"
},
"dashboard_refs": {
"report_html": "/runs/gitea-gitea--CVE-2021-3382-20260318035010/report.html",
"report_md": "/runs/gitea-gitea--CVE-2021-3382-20260318035010/report.md",
"timeline": "/runs/gitea-gitea--CVE-2021-3382-20260318035010/timeline.mmd",
"bundle": "/runs/gitea-gitea--CVE-2021-3382-20260318035010/run.json"
},
"browser_links": [
"/runs/gitea-gitea--CVE-2021-3382-20260318035010/assets/baseline.png",
"/runs/gitea-gitea--CVE-2021-3382-20260318035010/assets/baseline-dom.html",
"/runs/gitea-gitea--CVE-2021-3382-20260318035010/logs/baseline-console.json",
"/runs/gitea-gitea--CVE-2021-3382-20260318035010/logs/baseline-network.json",
"/runs/gitea-gitea--CVE-2021-3382-20260318035010/logs/baseline-page.json",
"/runs/gitea-gitea--CVE-2021-3382-20260318035010/assets/proof.png",
"/runs/gitea-gitea--CVE-2021-3382-20260318035010/assets/proof-dom.html",
"/runs/gitea-gitea--CVE-2021-3382-20260318035010/logs/proof-console.json",
"/runs/gitea-gitea--CVE-2021-3382-20260318035010/logs/proof-network.json",
"/runs/gitea-gitea--CVE-2021-3382-20260318035010/logs/proof-page.json"
],
"container_links": [
"/runs/gitea-gitea--CVE-2021-3382-20260318035010/logs/docker/app.log"
],
"request_links": [
"/runs/gitea-gitea--CVE-2021-3382-20260318035010/logs/attack.json",
"/runs/gitea-gitea--CVE-2021-3382-20260318035010/logs/baseline.json"
],
"advisory_meta": {},
"profile_meta": {
"profile_id": "gitea-proxy-boundary",
"vuln_family": "proxy-boundary",
"provisioning_mode": "real",
"destructive_risk": "low",
"cleanup_policy": "destroy",
"artifact_source": {
"strategy": "local-minimal-fixture"
},
"success_criteria": [
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"success_assertions": [
{
"name": "baseline-ok",
"type": "baseline-ok"
},
{
"name": "runner-success",
"type": "runner-success"
},
{
"name": "browser-present",
"type": "browser-present"
}
],
"seed_actions": [
{
"kind": "note",
"message": "Seed forwarded-header boundary fixture with clean state."
}
],
"attack_actions": [
{
"kind": "note",
"message": "Runner performs local forwarded-header trust proof only inside the fixture."
}
],
"browser_assertions": {
"required": true
},
"runner_id": "gitea.proxy-boundary",
"fixture_path": "/Users/x/websafe/00-environments/templates/fixtures/gitea/proxy-boundary",
"allowed_target_types": [
"lab-local"
],
"required_services": [
"app"
]
},
"reasoning_lines": [
"Seed forwarded-header boundary fixture with clean state.",
"Runner performs local forwarded-header trust proof only inside the fixture.",
"Local fixture proves trusted proxy headers cross the admin boundary."
],
"progress": {
"completed": 12,
"skipped": 0,
"failed": 0,
"blocked": 0,
"planned": 0,
"other": 1
},
"artifact_groups": [
{
"key": "reports",
"label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269",
"count": 4,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-3382-20260318035010/report.html",
"label": "report.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-3382-20260318035010/report.md",
"label": "report.md",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-3382-20260318035010/timeline.mmd",
"label": "timeline.mmd",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-3382-20260318035010/run.json",
"label": "run.json",
"kind": "text"
}
]
},
{
"key": "compose",
"label": "Compose \u7f16\u6392",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-3382-20260318035010/compose/compose.yaml",
"label": "compose.yaml",
"kind": "text"
}
]
},
{
"key": "baseline",
"label": "\u57fa\u7ebf\u5feb\u7167",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-3382-20260318035010/logs/baseline.json",
"label": "baseline.json",
"kind": "text"
}
]
},
{
"key": "attack",
"label": "\u653b\u51fb\u8f93\u51fa",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-3382-20260318035010/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
},
{
"key": "browser",
"label": "\u6d4f\u89c8\u5668\u8bc1\u636e",
"count": 10,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-3382-20260318035010/assets/baseline.png",
"label": "baseline.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2021-3382-20260318035010/assets/baseline-dom.html",
"label": "baseline-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-3382-20260318035010/logs/baseline-console.json",
"label": "baseline-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-3382-20260318035010/logs/baseline-network.json",
"label": "baseline-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-3382-20260318035010/logs/baseline-page.json",
"label": "baseline-page.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-3382-20260318035010/assets/proof.png",
"label": "proof.png",
"kind": "image"
},
{
"href": "/runs/gitea-gitea--CVE-2021-3382-20260318035010/assets/proof-dom.html",
"label": "proof-dom.html",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-3382-20260318035010/logs/proof-console.json",
"label": "proof-console.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-3382-20260318035010/logs/proof-network.json",
"label": "proof-network.json",
"kind": "text"
},
{
"href": "/runs/gitea-gitea--CVE-2021-3382-20260318035010/logs/proof-page.json",
"label": "proof-page.json",
"kind": "text"
}
]
},
{
"key": "container",
"label": "\u5bb9\u5668\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-3382-20260318035010/logs/docker/app.log",
"label": "app.log",
"kind": "text"
}
]
},
{
"key": "requests",
"label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7",
"count": 1,
"items": [
{
"href": "/runs/gitea-gitea--CVE-2021-3382-20260318035010/logs/attack.json",
"label": "attack.json",
"kind": "text"
}
]
}
]
}
]
在新工单中引用 查看 Git Blame 复制永久链接