65 行
1.6 KiB
YAML
65 行
1.6 KiB
YAML
profile_id: gitea-file-upload
|
|
system_id: gitea
|
|
match_rules:
|
|
keywords:
|
|
- file upload
|
|
- attachment
|
|
vuln_family: file-upload
|
|
provisioning_mode: real
|
|
verification_mode: real
|
|
artifact_mode: local-fixture
|
|
artifact_source:
|
|
strategy: local-minimal-fixture
|
|
runner_id: gitea.file-upload
|
|
fixture_path: /Users/x/websafe/00-environments/templates/fixtures/gitea/file-upload
|
|
required_services:
|
|
- app
|
|
seed_actions:
|
|
- kind: note
|
|
message: Seed empty attachment list for upload proof.
|
|
baseline_actions:
|
|
- kind: http-get
|
|
path: /
|
|
attack_actions:
|
|
- kind: note
|
|
message: Runner uploads inert text marker only.
|
|
browser_assertions:
|
|
required: true
|
|
success_criteria:
|
|
- Inert upload marker is accepted and listed on the proof page.
|
|
success_assertions:
|
|
- name: baseline-ok
|
|
type: baseline-ok
|
|
- name: runner-success
|
|
type: runner-success
|
|
- name: browser-present
|
|
type: browser-present
|
|
services:
|
|
app:
|
|
image: python:3.12-alpine
|
|
working_dir: /workspace
|
|
command:
|
|
- python
|
|
- /workspace/00-environments/templates/fixtures/shared/python_fixture.py
|
|
environment:
|
|
LAB_FIXTURE_SCENARIO: /workspace/00-environments/templates/fixtures/gitea/file-upload/scenario.json
|
|
PORT: "3000"
|
|
ports:
|
|
- 18104:3000
|
|
volumes:
|
|
- /Users/x/websafe:/workspace:ro
|
|
healthcheck:
|
|
test:
|
|
- CMD-SHELL
|
|
- wget -q -O - http://127.0.0.1:3000/healthz >/dev/null 2>&1 || exit 1
|
|
interval: 2s
|
|
timeout: 2s
|
|
retries: 20
|
|
baseline_urls:
|
|
- http://127.0.0.1:18104/
|
|
ready_timeout_seconds: 45
|
|
cleanup_policy: destroy
|
|
destructive_risk: low
|
|
allowed_target_types:
|
|
- lab-local
|