Commit d6ec05c
refactor: rename to firewall-escape.md, add 80% novelty requirement, and increase timeout (#4789)
* Initial plan
* feat: enhance test-firewall-escape.md with deep AWF implementation knowledge
Apply advanced prompt engineering techniques to guide the security testing agent:
- Provide detailed AWF architecture overview (Squid, iptables, Docker wrapper)
- Document network topology with ASCII diagram
- Explain key implementation details and their attack surfaces
- Include 13+ specific attack vectors with bash commands
- Add Phase 1 reconnaissance, Phase 2 systematic exploitation
- Reference actual code paths and configuration files
- Include creative thinking section for out-of-box approaches
- Extended timeout from 15 to 30 minutes for thorough testing
Co-authored-by: Mossaka <5447827+Mossaka@users.noreply.github.com>
* fix: address code review feedback for test-firewall-escape.md
- Replace hardcoded IP (93.184.216.34) with dynamic resolution using dig
- Use actual allowed domain 'github.com' instead of 'allowed-domain.com'
- Add clarifying comments for URL encoding tests (%2E is URL-encoded ".")
Co-authored-by: Mossaka <5447827+Mossaka@users.noreply.github.com>
* refactor: simplify prompt to direct agent to explore AWF repo
Reverted the detailed architecture documentation and instead instructed the agent to:
1. Explore https://github.com/githubnext/gh-aw-firewall
2. Read key source files to understand the firewall architecture
3. Devise escape strategies based on their understanding
4. Execute attacks methodically and document results
Co-authored-by: Mossaka <5447827+Mossaka@users.noreply.github.com>
* refactor: rename test-firewall-escape to firewall-escape and add 80% novelty requirement
- Renamed workflow from test-firewall-escape.md to firewall-escape.md
- Updated workflow name and description
- Added instruction for agent to prioritize new strategies (80% novel attempts)
- Agent now uses cache-memory to track and avoid repeating previous attempts
Co-authored-by: Mossaka <5447827+Mossaka@users.noreply.github.com>
* chore: increase workflow timeout to 30 minutes
Co-authored-by: Mossaka <5447827+Mossaka@users.noreply.github.com>
* chore: increase workflow timeout to 60 minutes
Co-authored-by: Mossaka <5447827+Mossaka@users.noreply.github.com>
---------
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: Mossaka <5447827+Mossaka@users.noreply.github.com>1 parent 0ae2320 commit d6ec05c
File tree
4 files changed
+161
-89
lines changed- .github/workflows
4 files changed
+161
-89
lines changedSome generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
Lines changed: 106 additions & 58 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
0 commit comments