feat: mount user repo as read-only with writable shannon overlay (#273)
* feat: mount user repo as read-only with deliverables bind-mount overlay * feat: add playground and .playwright-cli overlay mounts * feat: add filesystem context to pipeline-testing prompts * fix: use explicit REPO_PATH in filesystem prompt for clarity * fix: update filesystem prompts with playground notes and absolute screenshot paths * feat: namespace writable overlays under .shannon/ to avoid polluting host repo * refactor: rename playground to scratchpad * fix: redirect playwright-cli output to writable .shannon/ overlay * fix: pre-create .shannon/ overlay mount points for Linux compatibility * fix: exclude nested node_modules and dist from Docker build context * fix: enforce LF line endings for shell scripts on Windows
This commit is contained in:
@@ -1,3 +1,5 @@
|
||||
@include(shared/_filesystem.txt)
|
||||
|
||||
## 🧪 Pipeline Testing: Session Isolation Test for Authentication Exploitation Agent
|
||||
|
||||
**Playwright Session:** Using session `{{PLAYWRIGHT_SESSION}}` for browser automation testing.
|
||||
@@ -10,7 +12,7 @@
|
||||
|
||||
2. Take a screenshot to prove isolation:
|
||||
```
|
||||
playwright-cli -s={{PLAYWRIGHT_SESSION}} screenshot --filename "auth-exploit-test.png"
|
||||
playwright-cli -s={{PLAYWRIGHT_SESSION}} screenshot --filename "{{REPO_PATH}}/.shannon/scratchpad/auth-exploit-test.png"
|
||||
```
|
||||
|
||||
3. Log the test results:
|
||||
@@ -24,7 +26,7 @@ Run the save-deliverable CLI:
|
||||
save-deliverable --type AUTH_EVIDENCE --content '# Authentication Exploitation Evidence (Pipeline Test)\n\n**Playwright Session:** {{PLAYWRIGHT_SESSION}}\n**Test Site:** https://example.com\n**Screenshot:** auth-exploit-test.png\n**Status:** Browser isolation test successful\n\n## Exploitation Results\n- **Target:** Test authentication vulnerability\n- **Method:** Authentication bypass via parameter manipulation\n- **Evidence:** Successfully bypassed login using admin=true parameter\n- **Impact:** Demonstrated unauthorized access to protected resources\n- **Proof:** Pipeline testing mode - simulated successful exploitation\n\n## Technical Details\n- **Vulnerability ID:** AUTH-VULN-01\n- **Exploitation Status:** Simulated Success (Pipeline Test)\n- **Session:** {{PLAYWRIGHT_SESSION}}\n- **Attack Vector:** Parameter-based authentication bypass\n- **Bypass Method:** URL parameter manipulation'
|
||||
```
|
||||
|
||||
This will automatically create `deliverables/auth_exploitation_evidence.md`.
|
||||
This will automatically create `.shannon/deliverables/auth_exploitation_evidence.md`.
|
||||
|
||||
### Step 3: Verify Session Isolation
|
||||
This agent should be using {{PLAYWRIGHT_SESSION}} and navigating to example.com independently of other parallel exploitation agents.
|
||||
@@ -1,3 +1,5 @@
|
||||
@include(shared/_filesystem.txt)
|
||||
|
||||
## 🧪 Pipeline Testing: Session Isolation Test for Authorization Exploitation Agent
|
||||
|
||||
**Playwright Session:** Using session `{{PLAYWRIGHT_SESSION}}` for browser automation testing.
|
||||
@@ -10,7 +12,7 @@
|
||||
|
||||
2. Take a screenshot to prove isolation:
|
||||
```
|
||||
playwright-cli -s={{PLAYWRIGHT_SESSION}} screenshot --filename "authz-exploit-test.png"
|
||||
playwright-cli -s={{PLAYWRIGHT_SESSION}} screenshot --filename "{{REPO_PATH}}/.shannon/scratchpad/authz-exploit-test.png"
|
||||
```
|
||||
|
||||
3. Log the test results:
|
||||
@@ -24,7 +26,7 @@ Run the save-deliverable CLI:
|
||||
save-deliverable --type AUTHZ_EVIDENCE --content '# Authorization Exploitation Evidence (Pipeline Test)\n\n**Playwright Session:** {{PLAYWRIGHT_SESSION}}\n**Test Site:** https://example.com\n**Screenshot:** authz-exploit-test.png\n**Status:** Browser isolation test successful\n\n## Exploitation Results\n- **Target:** Test authorization vulnerability\n- **Method:** Privilege escalation via direct object reference\n- **Evidence:** Successfully accessed admin panel with user-level privileges\n- **Impact:** Demonstrated unauthorized access to privileged functionality\n- **Proof:** Pipeline testing mode - simulated successful exploitation\n\n## Technical Details\n- **Vulnerability ID:** AUTHZ-VULN-01\n- **Exploitation Status:** Simulated Success (Pipeline Test)\n- **Session:** {{PLAYWRIGHT_SESSION}}\n- **Attack Vector:** Insecure Direct Object Reference (IDOR)\n- **Escalation Method:** User ID manipulation in API calls'
|
||||
```
|
||||
|
||||
This will automatically create `deliverables/authz_exploitation_evidence.md`.
|
||||
This will automatically create `.shannon/deliverables/authz_exploitation_evidence.md`.
|
||||
|
||||
### Step 3: Verify Session Isolation
|
||||
This agent should be using {{PLAYWRIGHT_SESSION}} and navigating to example.com independently of other parallel exploitation agents.
|
||||
@@ -1,3 +1,5 @@
|
||||
@include(shared/_filesystem.txt)
|
||||
|
||||
## 🧪 Pipeline Testing: Session Isolation Test for Injection Exploitation Agent
|
||||
|
||||
**Playwright Session:** Using session `{{PLAYWRIGHT_SESSION}}` for browser automation testing.
|
||||
@@ -10,7 +12,7 @@
|
||||
|
||||
2. Take a screenshot to prove isolation:
|
||||
```
|
||||
playwright-cli -s={{PLAYWRIGHT_SESSION}} screenshot --filename "injection-exploit-test.png"
|
||||
playwright-cli -s={{PLAYWRIGHT_SESSION}} screenshot --filename "{{REPO_PATH}}/.shannon/scratchpad/injection-exploit-test.png"
|
||||
```
|
||||
|
||||
3. Log the test results:
|
||||
@@ -24,7 +26,7 @@ Run the save-deliverable CLI:
|
||||
save-deliverable --type INJECTION_EVIDENCE --content '# Injection Exploitation Evidence (Pipeline Test)\n\n**Playwright Session:** {{PLAYWRIGHT_SESSION}}\n**Test Site:** https://example.com\n**Screenshot:** injection-exploit-test.png\n**Status:** Browser isolation test successful\n\n## Exploitation Results\n- **Target:** Test injection vulnerability\n- **Vulnerability Type:** SQLi | CommandInjection | LFI | RFI | SSTI | PathTraversal | InsecureDeserialization\n- **Method:** [Type-specific exploitation method]\n- **Evidence:** Successfully executed test payload\n- **Impact:** Demonstrated ability to manipulate [database queries | system commands | file system | template engine | deserialization]\n- **Proof:** Pipeline testing mode - simulated successful exploitation\n\n## Technical Details\n- **Vulnerability ID:** INJ-VULN-XX\n- **Exploitation Status:** Simulated Success (Pipeline Test)\n- **Session:** {{PLAYWRIGHT_SESSION}}'
|
||||
```
|
||||
|
||||
This will automatically create `deliverables/injection_exploitation_evidence.md`.
|
||||
This will automatically create `.shannon/deliverables/injection_exploitation_evidence.md`.
|
||||
|
||||
### Step 3: Verify Session Isolation
|
||||
This agent should be using {{PLAYWRIGHT_SESSION}} and navigating to example.com independently of other parallel exploitation agents.
|
||||
@@ -1,3 +1,5 @@
|
||||
@include(shared/_filesystem.txt)
|
||||
|
||||
## 🧪 Pipeline Testing: Session Isolation Test for SSRF Exploitation Agent
|
||||
|
||||
**Playwright Session:** Using session `{{PLAYWRIGHT_SESSION}}` for browser automation testing.
|
||||
@@ -10,7 +12,7 @@
|
||||
|
||||
2. Take a screenshot to prove isolation:
|
||||
```
|
||||
playwright-cli -s={{PLAYWRIGHT_SESSION}} screenshot --filename "ssrf-exploit-test.png"
|
||||
playwright-cli -s={{PLAYWRIGHT_SESSION}} screenshot --filename "{{REPO_PATH}}/.shannon/scratchpad/ssrf-exploit-test.png"
|
||||
```
|
||||
|
||||
3. Log the test results:
|
||||
@@ -24,7 +26,7 @@ Run the save-deliverable CLI:
|
||||
save-deliverable --type SSRF_EVIDENCE --content '# SSRF Exploitation Evidence (Pipeline Test)\n\n**Playwright Session:** {{PLAYWRIGHT_SESSION}}\n**Test Site:** https://example.com\n**Screenshot:** ssrf-exploit-test.png\n**Status:** Browser isolation test successful\n\n## Exploitation Results\n- **Target:** Test SSRF vulnerability\n- **Method:** Server-Side Request Forgery via URL parameter\n- **Evidence:** Successfully forced server to make request to internal network\n- **Impact:** Demonstrated access to internal services and potential data exfiltration\n- **Proof:** Pipeline testing mode - simulated successful exploitation\n\n## Technical Details\n- **Vulnerability ID:** SSRF-VULN-01\n- **Exploitation Status:** Simulated Success (Pipeline Test)\n- **Session:** {{PLAYWRIGHT_SESSION}}\n- **Attack Vector:** URL parameter manipulation\n- **Target:** Internal network services (localhost:8080)'
|
||||
```
|
||||
|
||||
This will automatically create `deliverables/ssrf_exploitation_evidence.md`.
|
||||
This will automatically create `.shannon/deliverables/ssrf_exploitation_evidence.md`.
|
||||
|
||||
### Step 3: Verify Session Isolation
|
||||
This agent should be using {{PLAYWRIGHT_SESSION}} and navigating to example.com independently of other parallel exploitation agents.
|
||||
@@ -1,3 +1,5 @@
|
||||
@include(shared/_filesystem.txt)
|
||||
|
||||
## 🧪 Pipeline Testing: Session Isolation Test for XSS Exploitation Agent
|
||||
|
||||
**Playwright Session:** Using session `{{PLAYWRIGHT_SESSION}}` for browser automation testing.
|
||||
@@ -10,7 +12,7 @@
|
||||
|
||||
2. Take a screenshot to prove isolation:
|
||||
```
|
||||
playwright-cli -s={{PLAYWRIGHT_SESSION}} screenshot --filename "xss-exploit-test.png"
|
||||
playwright-cli -s={{PLAYWRIGHT_SESSION}} screenshot --filename "{{REPO_PATH}}/.shannon/scratchpad/xss-exploit-test.png"
|
||||
```
|
||||
|
||||
3. Log the test results:
|
||||
@@ -24,7 +26,7 @@ Run the save-deliverable CLI:
|
||||
save-deliverable --type XSS_EVIDENCE --content '# XSS Exploitation Evidence (Pipeline Test)\n\n**Playwright Session:** {{PLAYWRIGHT_SESSION}}\n**Test Site:** https://example.com\n**Screenshot:** xss-exploit-test.png\n**Status:** Browser isolation test successful\n\n## Exploitation Results\n- **Target:** Test XSS vulnerability\n- **Method:** Reflected XSS via search parameter\n- **Evidence:** Successfully executed payload `<script>alert('\''XSS'\'')</script>`\n- **Impact:** Demonstrated JavaScript code execution in user context\n- **Proof:** Pipeline testing mode - simulated successful exploitation\n\n## Technical Details\n- **Vulnerability ID:** XSS-VULN-01\n- **Exploitation Status:** Simulated Success (Pipeline Test)\n- **Session:** {{PLAYWRIGHT_SESSION}}\n- **Attack Vector:** Reflected XSS in search functionality'
|
||||
```
|
||||
|
||||
This will automatically create `deliverables/xss_exploitation_evidence.md`.
|
||||
This will automatically create `.shannon/deliverables/xss_exploitation_evidence.md`.
|
||||
|
||||
### Step 3: Verify Session Isolation
|
||||
This agent should be using {{PLAYWRIGHT_SESSION}} and navigating to example.com independently of other parallel exploitation agents.
|
||||
@@ -1 +1,3 @@
|
||||
@include(shared/_filesystem.txt)
|
||||
|
||||
Run: `save-deliverable --type CODE_ANALYSIS --content 'Pre-recon analysis complete'`. Then say "Done".
|
||||
@@ -1 +1,3 @@
|
||||
@include(shared/_filesystem.txt)
|
||||
|
||||
Run: `save-deliverable --type RECON --content 'Reconnaissance analysis complete'`. Then say "Done".
|
||||
@@ -1 +1,3 @@
|
||||
Read `deliverables/comprehensive_security_assessment_report.md`, prepend "# Security Assessment Report\n\n**Target:** {{WEB_URL}}\n\n" to the content, and save it back. Say "Done".
|
||||
@include(shared/_filesystem.txt)
|
||||
|
||||
Read `.shannon/deliverables/comprehensive_security_assessment_report.md`, prepend "# Security Assessment Report\n\n**Target:** {{WEB_URL}}\n\n" to the content, and save it back. Say "Done".
|
||||
|
||||
@@ -0,0 +1,4 @@
|
||||
Filesystem:
|
||||
- {{REPO_PATH}}/ (read only)
|
||||
- {{REPO_PATH}}/.shannon/deliverables/ (read-write)
|
||||
- {{REPO_PATH}}/.shannon/scratchpad/ (read-write) - screenshots, scripts, scratch work, etc.
|
||||
@@ -1,3 +1,5 @@
|
||||
@include(shared/_filesystem.txt)
|
||||
|
||||
Please complete these tasks using your CLI tools:
|
||||
|
||||
1. Navigate to https://example.net and take a screenshot:
|
||||
|
||||
@@ -1,3 +1,5 @@
|
||||
@include(shared/_filesystem.txt)
|
||||
|
||||
Please complete these tasks using your CLI tools:
|
||||
|
||||
1. Navigate to https://jsonplaceholder.typicode.com and take a screenshot:
|
||||
|
||||
@@ -1,3 +1,5 @@
|
||||
@include(shared/_filesystem.txt)
|
||||
|
||||
Please complete these tasks using your CLI tools:
|
||||
|
||||
1. Navigate to https://example.com and take a screenshot:
|
||||
|
||||
@@ -1,3 +1,5 @@
|
||||
@include(shared/_filesystem.txt)
|
||||
|
||||
Please complete these tasks using your CLI tools:
|
||||
|
||||
1. Navigate to https://httpbin.org and take a screenshot:
|
||||
|
||||
@@ -1,3 +1,5 @@
|
||||
@include(shared/_filesystem.txt)
|
||||
|
||||
Please complete these tasks using your CLI tools:
|
||||
|
||||
1. Navigate to https://example.org and take a screenshot:
|
||||
|
||||
Reference in New Issue
Block a user