{
  "rule_ids": [
    "curl_pipe_shell"
  ],
  "severity": "HIGH",
  "command_redacted": "sleep 3 && \\\ncurl -s -X POST \"http://localhost:8000/api/v1/upload-layout\" \\\n  -F...",
  "findings": [
    {
      "rule_id": "curl_pipe_shell",
      "severity": "HIGH",
      "title": "Pipe to interpreter: \\\ncurl | python3",
      "description": "Command pipes output from 'curl' directly to interpreter 'python3'. Downloaded content will be executed without inspection.\n  Safer: tirith run http://localhost:8000/api/v1/upload-layout  — or: vet http://localhost:8000/api/v1/upload-layout  (https://getvet.sh)",
      "evidence": [
        {
          "type": "command_pattern",
          "pattern": "pipe to interpreter",
          "matched": "\\\ncurl -s -X POST \"http://localhost:8000/api/v1/upload-layout\" \\\n  -F \"file=@/tmp/test_layout.png\" | python3 -c \"\nimport sys, json\nd = json.load(sys.stdin)\nprint('✅ 上传成功!')\nprint(f'   layout_id: {d.get(\\\"layout_id\\\")}')\nprint(f'   文件: {d.get(\\\"filename\\\")}')\n\""
        },
        {
          "type": "url",
          "raw": "http://localhost:8000/api/v1/upload-layout"
        }
      ],
      "mitre_id": "T1059.004"
    }
  ],
  "timestamp": "2026-05-05T01:51:17.883815468+00:00"
}