mirror of
https://github.com/lunchcat/sif.git
synced 2026-07-05 12:17:03 -07:00
1b41b5ed65
modules/recon/laravel-ignition-exposure.yaml probes the live /_ignition/health-check endpoint and extracts can_execute_commands, the flag that marks the CVE-2021-3129 remote code execution surface. this is an active probe, complementary to the version based ignition entry in the framework cve map. modules/recon/symfony-profiler-exposure.yaml flags an exposed web profiler on its structural markers and extracts a request token to pivot to a captured request. modules/recon/spring-heapdump-exposure.yaml flags an exposed actuator heap dump on the hprof magic anchored at the start of the body, which a json marker module cannot see because the dump is binary, and extracts the hprof version. the anchor keeps a page that merely quotes the magic from matching. internal/modules/debug_exposure_test.go drives the three modules end to end through ExecuteHTTPModule and asserts the leak alongside the near misses a strict review wants pinned: a prose mention of ignition, the hprof magic away from the start, a plain 200 body and a 404, none of which may match, plus an exposed ignition with command execution disabled that still flags and reports the false flag. verify: go test ./internal/modules, each matcher, anchor and extractor proven to bite (break -> red, restore -> green).