# ──────────────────────────────────────────────────────────────────────────────
# CVE-2026-42228 / GHSA-f77h-j2v7-g6mw  —  n8n Unauthenticated Chat Hijack PoC
# ──────────────────────────────────────────────────────────────────────────────
# Preferred: use docker-compose.yml to spin up the full lab in one command.
#
# Standalone build & run:
#   docker build -t n8n-chat-hijack-poc .
#
#   # Scan a range
#   docker run --rm --network ghsa-f77h-j2v7-g6mw_lab \
#       n8n-chat-hijack-poc \
#       --target http://n8n-vuln:5678 \
#       --start-id 1 --end-id 200
#
#   # Attack a known execution ID
#   docker run --rm --network ghsa-f77h-j2v7-g6mw_lab \
#       n8n-chat-hijack-poc \
#       --target http://n8n-vuln:5678 \
#       --exec-id 42 --inject "PWNED"
# ──────────────────────────────────────────────────────────────────────────────

FROM python:3.12-slim

LABEL org.opencontainers.image.title="n8n Chat Hijack PoC" \
      org.opencontainers.image.description="CVE-2026-42228 / GHSA-f77h-j2v7-g6mw — for authorised security research only" \
      org.opencontainers.image.version="1.0.0"

RUN pip install --no-cache-dir websocket-client==1.8.0

WORKDIR /poc

COPY poc_GHSA-f77h-j2v7-g6mw.py poc.py

ENTRYPOINT ["python3", "poc.py"]