CalvinBackup/shannon
1
0
Fork 0
mirror of https://github.com/KeygraphHQ/shannon.git synced 2026-06-08 16:33:58 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
shannon/apps/worker/prompts/pipeline-testing/exploit-authz.txt
T
ezl-keygraph 77e300d52a feat: mount user repo as read-only with writable shannon overlay (#273) 
* feat: mount user repo as read-only with deliverables bind-mount overlay

* feat: add playground and .playwright-cli overlay mounts

* feat: add filesystem context to pipeline-testing prompts

* fix: use explicit REPO_PATH in filesystem prompt for clarity

* fix: update filesystem prompts with playground notes and absolute screenshot paths

* feat: namespace writable overlays under .shannon/ to avoid polluting host repo

* refactor: rename playground to scratchpad

* fix: redirect playwright-cli output to writable .shannon/ overlay

* fix: pre-create .shannon/ overlay mount points for Linux compatibility

* fix: exclude nested node_modules and dist from Docker build context

* fix: enforce LF line endings for shell scripts on Windows
2026-04-03 23:46:28 +05:30

32 lines
2.0 KiB
Plaintext
Raw Permalink Blame History

@include(shared/_filesystem.txt)
## 🧪 Pipeline Testing: Session Isolation Test for Authorization Exploitation Agent
**Playwright Session:** Using session `{{PLAYWRIGHT_SESSION}}` for browser automation testing.
### Step 1: Test Browser Isolation
1. Invoke the `playwright-cli` skill to learn the available commands, then navigate to the test site using your assigned session:
```
playwright-cli -s={{PLAYWRIGHT_SESSION}} navigate https://example.com
```
2. Take a screenshot to prove isolation:
```
playwright-cli -s={{PLAYWRIGHT_SESSION}} screenshot --filename "{{REPO_PATH}}/.shannon/scratchpad/authz-exploit-test.png"
```
3. Log the test results:
```
console.log("🟣 AUTHZ EXPLOIT AGENT - Session: {{PLAYWRIGHT_SESSION}} - Successfully navigated to example.com")
```
### Step 2: Create Required Deliverable
Run the save-deliverable CLI:
```
save-deliverable --type AUTHZ_EVIDENCE --content '# Authorization Exploitation Evidence (Pipeline Test)\n\n**Playwright Session:** {{PLAYWRIGHT_SESSION}}\n**Test Site:** https://example.com\n**Screenshot:** authz-exploit-test.png\n**Status:** Browser isolation test successful\n\n## Exploitation Results\n- **Target:** Test authorization vulnerability\n- **Method:** Privilege escalation via direct object reference\n- **Evidence:** Successfully accessed admin panel with user-level privileges\n- **Impact:** Demonstrated unauthorized access to privileged functionality\n- **Proof:** Pipeline testing mode - simulated successful exploitation\n\n## Technical Details\n- **Vulnerability ID:** AUTHZ-VULN-01\n- **Exploitation Status:** Simulated Success (Pipeline Test)\n- **Session:** {{PLAYWRIGHT_SESSION}}\n- **Attack Vector:** Insecure Direct Object Reference (IDOR)\n- **Escalation Method:** User ID manipulation in API calls'
```
This will automatically create `.shannon/deliverables/authz_exploitation_evidence.md`.
### Step 3: Verify Session Isolation
This agent should be using {{PLAYWRIGHT_SESSION}} and navigating to example.com independently of other parallel exploitation agents.
Reference in New Issue View Git Blame Copy Permalink