========================================== GHSA-7ppg-37fh-vcr6 Variant Analysis Script Testing Potential Bypass Vectors ========================================== [1/6] Starting mock server with FIX simulation... (This simulates the FIXED Milvus port 9091 behavior) Mock server started successfully (PID: 25736) [2/6] Testing Variant 1: Direct /log/level endpoint access... (Testing if management endpoints bypass authentication) === Variant 1: Testing /log/level endpoint === [BYPASS POTENTIAL] GET /log/level: 200 Response: {"level": "info"} [BYPASS POTENTIAL] PUT /log/level: 200 Response: {"level": "debug", "message": "Log level changed"} [3/6] Testing Variant 2: URL encoding and path traversal... (Testing if path variations bypass route matching) === Variant 2: Testing path encoding variations === [AUTH REQUIRED] /api/v1/collections: 401 [AUTH REQUIRED] /api/v1//collections: 401 [AUTH REQUIRED] /api/v1/collections/: 401 [AUTH REQUIRED] /api/v1/collections%2f: 401 [BLOCKED 404] /api/v1%2fcollections [AUTH REQUIRED] /api/v1/./collections: 401 [AUTH REQUIRED] /api/v1/collections/.: 401 [BLOCKED 404] /API/v1/collections [BLOCKED 404] /api/V1/collections [4/6] Testing Variant 3: HTTP method variations... (Testing if different methods bypass auth) === Variant 3: Testing HTTP method variations === [AUTH REQUIRED] GET: 401 [AUTH REQUIRED] POST: 401 [BLOCKED 404] PUT [AUTH REQUIRED] DELETE: 401 [AUTH REQUIRED] PATCH: 401 [AUTH REQUIRED] HEAD: 401 [POTENTIAL BYPASS] OPTIONS /api/v1/collection: 204 [BLOCKED 501] TRACE [5/6] Testing Variant 4: Management endpoint access... (Testing /management/ endpoints) === Variant 4: Testing management endpoints === [POTENTIAL BYPASS] /management/stop: 200 Response: {"msg": "Component stop triggered"} [POTENTIAL BYPASS] /management/check/ready: 200 Response: {"msg": "OK", "role": ""} [BLOCKED] /_cluster/configs: 401 Unauthorized [POTENTIAL BYPASS] /eventlog: 200 Response: {"eventlog": "configured"} [6/6] Testing Variant 5: /expr endpoint with new auth... (Testing if weak tokens still work) === Variant 5: Testing /expr endpoint authentication === --- Test 1: Old weak auth token 'by-dev' --- [SECURE] Endpoint disabled or requires new auth: 403 --- Test 2: No authentication --- [SECURE] Forbidden: 403 --- Test 3: Valid HTTP Basic Auth (root:root) --- [DISABLED] Endpoint disabled: 403 ========================================== Analysis Complete ========================================== Summary of tests: - Variant 1: Direct management endpoints - Variant 2: URL encoding and path variations - Variant 3: HTTP method variations - Variant 4: Management endpoints - Variant 5: /expr endpoint authentication Log files saved to: /root/.pruva/runs/ghsa-7ppg-37fh-vcr6_20260219-192900/logs/ [!] WARNING: Potential bypass vectors found! Check log files for details. [!] INFO: Potential bypasses detected - requires manual verification EXIT CODE: 0 (Potential bypasses found)