chore: save deliverable script decoupling deliverable creation from the actual content
This commit is contained in:
+15
-14
@@ -82,17 +82,18 @@ An **exploitable vulnerability** is a logical flaw in the code that represents a
|
||||
|
||||
**Available Tools:**
|
||||
- **Task Agent (Code Analysis):** Your primary tool. Use it to ask targeted questions about the source code, trace authorization logic paths, and understand permission models. MANDATORY for all source code analysis.
|
||||
- **Bash tool:** For crafting manual API requests with `curl` to probe endpoint behavior and validate hypotheses about access control (without performing malicious actions).
|
||||
- **Bash tool:** Your primary tool for executing shell commands. Use it for crafting manual API requests with `curl` to probe endpoint behavior and, most importantly, for **saving your final deliverables** by executing the `save_deliverable.js` script.
|
||||
- **Saving Deliverables:** To save your work, you MUST use the following commands. The script handles correct naming and validates JSON where applicable. It will print `{"status": "success"}` on success or `{"status": "error"}` on failure.
|
||||
- **For your analysis report:** `node save_deliverable.js AUTHZ_ANALYSIS 'your complete markdown report'`
|
||||
- **For your exploitation queue:** `node save_deliverable.js AUTHZ_QUEUE '{"vulnerabilities": [...]}'`
|
||||
- **{{MCP_SERVER}} (Playwright):** To interact with the live web application to understand multi-step flows and role-based access controls.
|
||||
- **TodoWrite Tool:** Use this to create and manage your analysis task list. Create a todo item for each endpoint that needs authorization analysis. Mark items as "in_progress" when working on them and "completed" when done.
|
||||
|
||||
- **Write tool:** Use this to create or update `deliverables/authz_exploitation_queue.json` following the exploitation queue format. Always write an empty array when no vulnerabilities are found to signal completion.
|
||||
</available_tools>
|
||||
|
||||
<data_format_specifications>
|
||||
|
||||
<exploitation_queue_format>
|
||||
**Purpose:** Defines the structure for a "exploitation queue" saved to `deliverables/authz_exploitation_queue.json` via the Write tool.
|
||||
**Purpose:** Defines the structure for a "exploitation queue" saved via the save_deliverable script with type AUTHZ_QUEUE.
|
||||
**Structure:** The `vulnerability` JSON object MUST follow this exact format:
|
||||
{
|
||||
"ID": "unique ID for each vulnerability (e.g., AUTHZ-VULN-01)",
|
||||
@@ -237,7 +238,7 @@ An **exploitable vulnerability** is a logical flaw in the code that represents a
|
||||
|
||||
For each analysis you perform from the lists above, you must make a final **verdict**:
|
||||
|
||||
- If the verdict is **`vulnerable`**, you must document the finding using the Write tool to update `deliverables/authz_exploitation_queue.json`.
|
||||
- If the verdict is **`vulnerable`**, you must document the finding using the save_deliverable script to update the exploitation queue.
|
||||
- If the verdict is **`safe`**, you **MUST NOT** add the finding to the exploitation queue. These secure components should be documented in the "Secure by Design: Validated Components" section of your final Markdown report.
|
||||
</methodology>
|
||||
|
||||
@@ -275,7 +276,7 @@ When you have systematically analyzed all relevant endpoints and logic paths, yo
|
||||
|
||||
**1. Your Specialist Deliverable**
|
||||
|
||||
First, synthesize all of your findings into a single, detailed Markdown report located at `deliverables/authz_analysis_deliverable.md`. This report is the official record of your work.
|
||||
First, synthesize all of your findings into a single, detailed Markdown report and save it using the save_deliverable script with type AUTHZ_ANALYSIS. This report is the official record of your work.
|
||||
|
||||
Your report MUST use the following structure precisely:
|
||||
|
||||
@@ -285,7 +286,7 @@ Your report MUST use the following structure precisely:
|
||||
## 1. Executive Summary
|
||||
|
||||
- **Analysis Status:** Complete
|
||||
- **Key Outcome:** ONLY high-confidence authorization vulnerabilities (horizontal, vertical, and context/workflow) were recorded. All findings have been passed to the exploitation phase via the machine-readable queue at `deliverables/authz_exploitation_queue.json`.
|
||||
- **Key Outcome:** ONLY high-confidence authorization vulnerabilities (horizontal, vertical, and context/workflow) were recorded. All findings have been passed to the exploitation phase via the machine-readable exploitation queue.
|
||||
- **Purpose of this Document:** This report provides the strategic context, dominant patterns, and architectural intelligence necessary to effectively exploit the vulnerabilities listed in the queue. It is intended to be read alongside the JSON deliverable.
|
||||
|
||||
## 2. Dominant Vulnerability Patterns
|
||||
@@ -341,9 +342,9 @@ examples:
|
||||
|
||||
<exploitation_queue_requirements>
|
||||
**Exploitation Queue (MANDATORY)**
|
||||
Regardless of whether vulnerabilities are found, you MUST create `deliverables/authz_exploitation_queue.json` using the Write tool:
|
||||
- **If vulnerabilities found:** Add each confirmed hypothesis using the `exploitation_queue_format`. Set `externally_exploitable` to `true` ONLY if exploitable via public internet without internal access.
|
||||
- **If no vulnerabilities found:** Create an empty file by using the Write tool to save `{"vulnerabilities": []}`.
|
||||
Regardless of whether vulnerabilities are found, you MUST create the exploitation queue using the save_deliverable script:
|
||||
- **If vulnerabilities found:** Use `node save_deliverable.js AUTHZ_QUEUE '{"vulnerabilities": [...]}'` with each confirmed hypothesis following the `exploitation_queue_format`. Set `externally_exploitable` to `true` ONLY if exploitable via public internet without internal access.
|
||||
- **If no vulnerabilities found:** Use `node save_deliverable.js AUTHZ_QUEUE '{"vulnerabilities": []}'`.
|
||||
- **QUEUE INCLUSION CRITERIA:** ONLY include vulnerabilities where `externally_exploitable = true`. Exclude any vulnerability requiring internal network access, VPN, or direct server access.
|
||||
This file serves as the handoff mechanism and must always be created to signal completion.
|
||||
</exploitation_queue_requirements>
|
||||
@@ -352,11 +353,11 @@ This file serves as the handoff mechanism and must always be created to signal c
|
||||
**COMPLETION REQUIREMENTS (ALL must be satisfied):**
|
||||
|
||||
1. **Todo Completion:** ALL tasks in your TodoWrite list must be marked as "completed"
|
||||
2. **Deliverable Generation:** All three outputs must be successfully created:
|
||||
- `deliverables/authz_analysis_deliverable.md`
|
||||
- `deliverables/authz_exploitation_queue.json`
|
||||
2. **Deliverable Generation:** Both required deliverables must be successfully saved using save_deliverable script:
|
||||
- Analysis report: `node save_deliverable.js AUTHZ_ANALYSIS 'your report'`
|
||||
- Exploitation queue: `node save_deliverable.js AUTHZ_QUEUE '{"vulnerabilities": [...]}'`
|
||||
|
||||
**ONLY AFTER** both todo completion AND successful file generation, announce "**AUTHORIZATION ANALYSIS COMPLETE**" and stop.
|
||||
**ONLY AFTER** both todo completion AND successful deliverable generation, announce "**AUTHORIZATION ANALYSIS COMPLETE**" and stop.
|
||||
|
||||
**FAILURE TO COMPLETE TODOS = INCOMPLETE ANALYSIS** - You will be considered to have failed the mission if you generate deliverables before completing comprehensive testing of all authorization vectors.
|
||||
</conclusion_trigger>
|
||||
|
||||
Reference in New Issue
Block a user