README.md
Rendering markdown...
# Makefile — convenience targets for the CVE-2026-24072 testing lab.
# Allow overriding the host port
LAB_PORT ?= 8080
CONTAINER_NAME = cve-2026-24072-lab
.PHONY: all build up down vuln fixed which test verify-sentinel logs shell help
all: help
# Build the Docker image
build:
@./scripts/build.sh
# Start the lab container
up:
@LAB_PORT=$(LAB_PORT) ./scripts/up.sh
# Stop and remove the lab container
down:
@./scripts/down.sh
# Switch to the vulnerable mod_rewrite
vuln:
@./scripts/use-vuln.sh
# Switch to the fixed mod_rewrite
fixed:
@./scripts/use-fixed.sh
# Show which variant is currently active
which:
@./scripts/which.sh
# Run the full test matrix (both variants by default)
test:
@LAB_PORT=$(LAB_PORT) ./scripts/run-tests.sh --variant both
# Verify the sentinel file is unreadable by non-daemon users
verify-sentinel:
@echo "Attempting to read sentinel as 'nobody' inside the container ..."
@docker exec -u nobody $(CONTAINER_NAME) cat /opt/sentinel/secret.txt 2>&1 && echo "ERROR: sentinel was readable!" && exit 1 || echo "PASS: sentinel is NOT readable by non-daemon users."
# Follow container logs
logs:
@docker logs -f $(CONTAINER_NAME)
# Open a shell inside the container
shell:
@docker exec -it $(CONTAINER_NAME) bash
# Display help
help:
@echo "CVE-2026-24072 Testing Lab — Makefile targets"
@echo ""
@echo " make build Build the Docker image"
@echo " make up Start the lab container (port $(LAB_PORT))"
@echo " make down Stop and remove the container"
@echo " make vuln Switch to VULNERABLE mod_rewrite"
@echo " make fixed Switch to FIXED mod_rewrite"
@echo " make which Show active variant"
@echo " make test Run full test matrix (both variants)"
@echo " make verify-sentinel Confirm non-daemon user cannot read sentinel"
@echo " make logs Follow container logs"
@echo " make shell Open a shell inside the container"
@echo ""
@echo "Override port: LAB_PORT=9090 make up"