#!/bin/bash

touch $(ls -d ./fess-*/logs)/fess-crawler.log
tail -f ./fess-*/logs/*.log &

mvn test -P integrationTests -Dtest.fess.url="http://localhost:8080" -Dtest.search_engine.url="http://localhost:9201"
ret=$?

if [ $ret != 0 ] ; then
  for f in `find ./target -type f | grep surefire-reports | grep -v /TEST-` ; do
    cat $f
  done
fi

	export AWS_ACCESS_KEY_ID=minio
	export AWS_SECRET_ACCESS_KEY=minio123
	aws --endpoint-url http://localhost:"$start_port" s3api create-multipart-upload --bucket bucket --key obj-1 >upload-id.json
	uploadId=$(jq -r '.UploadId' upload-id.json)

	truncate -s 5MiB file-5mib
	for i in {1..2}; do
		aws --endpoint-url http://localhost:"$start_port" s3api upload-part \
			--upload-id "$uploadId" --bucket bucket --key obj-1 \

export MINIO_KMS_KES_API_KEY="${API_KEY}"
export MINIO_KMS_KES_KEY_NAME=minio-default-key
export MINIO_KMS_KES_CAPATH=public.crt
export MC_HOST_myminio="http://minioadmin:minioadmin@localhost:9000/"

(minio server http://localhost:9000/tmp/xl/{1...10}/disk{0...1} 2>&1 >/dev/null) &
pid=$!

mc ready myminio

mc admin user add myminio/ minio123 minio123

Then load the policy via OPA's REST API.

```
curl -X PUT --data-binary @example.rego \
  localhost:8181/v1/policies/putobject
```

### 4. Setup MinIO with OPA

Set the `MINIO_POLICY_PLUGIN_URL` as the endpoint that MinIO should send authorization requests to. Then start the server.

```sh
export MINIO_POLICY_PLUGIN_URL=http://localhost:8181/v1/data/httpapi/authz/allow
export MINIO_CI_CD=1
export MINIO_ROOT_USER=minio

- 且沒有送出任何身分驗證憑證

這種攻擊主要與以下情境相關：

- 應用在本機（例如 `localhost`）或內部網路中執行
- 並且應用沒有任何身分驗證，假設同一個網路中的任何請求都可被信任

## 攻擊範例 { #example-attack }

假設你打造了一個在本機執行 AI 代理（AI agent）的方法。

它提供一個 API：

```
http://localhost:8000/v1/agents/multivac
```

同時也有一個前端：

```
http://localhost:8000
```

/// tip | 提示

請注意兩者的主機（host）相同。

///

接著你可以透過前端讓 AI 代理代你執行動作。

cd fess-testdata
git checkout f19176ab1b7ddc0a40393a8cbbb8d1c17b27c3ce
cd ..
popd >/dev/null

cat ${temp_log_file} ./fess-*/logs/*.log
curl -s "http://localhost:9201/_cat/indices?v"

    val requestWithoutCache = Request.Builder().url("http://localhost/api").build()
    val builtRequestWithoutCache = requestWithoutCache.newBuilder().url("http://localhost/api/foo").build()
    assertThat(builtRequestWithoutCache.url).isEqualTo(
      "http://localhost/api/foo".toHttpUrl(),
    )
    val requestWithCache =
      Request
        .Builder()
        .url("http://localhost/api")
        .build()
    // cache url object

    browser = playwright.chromium.launch(headless=False)
    # Update the viewport manually
    context = browser.new_context(viewport={"width": 960, "height": 1080})
    page = context.new_page()
    page.goto("http://localhost:8000/docs")
    page.get_by_label("post /heroes/").click()
    # Manually add the screenshot
    page.screenshot(path="docs/en/docs/img/tutorial/sql-databases/image02.png")

    # ---------------------

        server1.start();
        final CrawlerWebServer server2 = new CrawlerWebServer(0);
        server2.start();

        final String url1 = "http://localhost:" + server1.getPort() + "/";
        final String url2 = "http://localhost:" + server2.getPort() + "/";
        try {
            final int maxCount = 10;
            final int numOfThread = 10;

オリジンはプロトコル (`http`、`https`) とドメイン (`myapp.com`、`localhost`、`localhost.tiangolo.com`) とポート (`80`、`443`、`8080`) の組み合わせです。

したがって、以下はすべて異なるオリジンです:

* `http://localhost`
* `https://localhost`
* `http://localhost:8080`

すべて `localhost` であっても、異なるプロトコルやポートを使用するので、異なる「オリジン」です。

## ステップ { #steps }