{ "metadata": { "analysis_date": "2026-02-01T01:14:45.477456", "visible_pixel_hash": "c9364f592d6f257543e49772492ce4b48170fdc84198035b95061b1b942c37d5", "analyst": "SandboxMapper v1.0" }, "endpoints": [ { "path": "/sandbox/wish-c9364f592d6f257543e49772492ce4b48170fdc84198035b95061b1b942c37d5/handler", "methods": [ "GET", "POST" ], "parameters": { "request": "FastAPI Request object" }, "response_codes": [ 200, 400, 500 ], "auth_required": false, "description": "Main sandbox handler endpoint", "technology": "FastAPI" }, { "path": "/sandbox/wish-c9364f592d6f257543e49772492ce4b48170fdc84198035b95061b1b942c37d5/api/[hash]/handler", "methods": [ "GET", "POST" ], "parameters": { "hash": "visible_pixel_hash" }, "response_codes": [ 200, 404, 500 ], "auth_required": false, "description": "Dynamic API endpoint for frontend-backend communication", "technology": "FastAPI Dynamic Routing" }, { "path": "/sandbox/wish-c9364f592d6f257543e49772492ce4b48170fdc84198035b95061b1b942c37d5/", "methods": [ "GET" ], "parameters": {}, "response_codes": [ 200, 404 ], "auth_required": false, "description": "Static file serving directory", "technology": "Static File Server" } ], "endpoint_mapping": "Path,HTTP Methods,Parameters,Response Codes,Auth Required,Description,Technology\n\"/sandbox/wish-c9364f592d6f257543e49772492ce4b48170fdc84198035b95061b1b942c37d5/handler\",\"GET,POST\",\"request:FastAPI Request object\",\"200,400,500\",\"False\",\"Main sandbox handler endpoint\",\"FastAPI\"\n\"/sandbox/wish-c9364f592d6f257543e49772492ce4b48170fdc84198035b95061b1b942c37d5/api/[hash]/handler\",\"GET,POST\",\"hash:visible_pixel_hash\",\"200,404,500\",\"False\",\"Dynamic API endpoint for frontend-backend communication\",\"FastAPI Dynamic Routing\"\n\"/sandbox/wish-c9364f592d6f257543e49772492ce4b48170fdc84198035b95061b1b942c37d5/\",\"GET\",\"\",\"200,404\",\"False\",\"Static file serving directory\",\"Static File Server\"\n", "url_structure": { "base_url": "/sandbox/wish-c9364f592d6f257543e49772492ce4b48170fdc84198035b95061b1b942c37d5", "endpoints": [ { "path": "/sandbox/wish-c9364f592d6f257543e49772492ce4b48170fdc84198035b95061b1b942c37d5/handler", "methods": [ "GET", "POST" ], "parameters": { "request": "FastAPI Request object" }, "response_codes": [ 200, 400, 500 ], "auth_required": false, "description": "Main sandbox handler endpoint", "technology": "FastAPI" }, { "path": "/sandbox/wish-c9364f592d6f257543e49772492ce4b48170fdc84198035b95061b1b942c37d5/api/[hash]/handler", "methods": [ "GET", "POST" ], "parameters": { "hash": "visible_pixel_hash" }, "response_codes": [ 200, 404, 500 ], "auth_required": false, "description": "Dynamic API endpoint for frontend-backend communication", "technology": "FastAPI Dynamic Routing" }, { "path": "/sandbox/wish-c9364f592d6f257543e49772492ce4b48170fdc84198035b95061b1b942c37d5/", "methods": [ "GET" ], "parameters": {}, "response_codes": [ 200, 404 ], "auth_required": false, "description": "Static file serving directory", "technology": "Static File Server" } ], "static_routes": [ "/sandbox/wish-c9364f592d6f257543e49772492ce4b48170fdc84198035b95061b1b942c37d5/index.html", "/sandbox/wish-c9364f592d6f257543e49772492ce4b48170fdc84198035b95061b1b942c37d5/style.css", "/sandbox/wish-c9364f592d6f257543e49772492ce4b48170fdc84198035b95061b1b942c37d5/script.js", "/sandbox/wish-c9364f592d6f257543e49772492ce4b48170fdc84198035b95061b1b942c37d5/demo.html" ], "api_routes": [ "/sandbox/wish-c9364f592d6f257543e49772492ce4b48170fdc84198035b95061b1b942c37d5/api/[hash]/handler" ], "dynamic_routes": [ "/sandbox/wish-c9364f592d6f257543e49772492ce4b48170fdc84198035b95061b1b942c37d5/[filename]", "/sandbox/wish-c9364f592d6f257543e49772492ce4b48170fdc84198035b95061b1b942c37d5/api/[hash]/[endpoint]" ] }, "request_patterns": { "request_formats": [ { "type": "HTTP GET", "headers": { "Content-Type": "application/json" }, "body": null, "example": "GET /sandbox/wish-c9364f592d6f257543e49772492ce4b48170fdc84198035b95061b1b942c37d5/handler" }, { "type": "HTTP POST", "headers": { "Content-Type": "application/json" }, "body": { "data": "sample payload" }, "example": "POST /sandbox/wish-c9364f592d6f257543e49772492ce4b48170fdc84198035b95061b1b942c37d5/api/[hash]/handler" } ], "response_formats": [ { "status_code": 200, "content_type": "application/json", "structure": { "success": true, "result": "data", "error": null, "metadata": {} } }, { "status_code": 400, "content_type": "application/json", "structure": { "success": false, "result": null, "error": "error message", "metadata": {} } } ] }, "authentication": { "authentication_type": "None", "session_management": "Stateless", "token_validation": "Not implemented", "security_headers": { "X-Content-Type-Options": "nosniff", "X-Frame-Options": "DENY", "Content-Security-Policy": "default-src 'self'" }, "access_control": "Public sandbox environment", "vulnerabilities": [ "No authentication mechanism", "Public endpoint access", "No rate limiting" ] }, "technology_stack": { "backend": { "framework": "FastAPI/Python", "language": "Python 3.x", "runtime": "Sandboxed Python environment", "routing": "Dynamic URL routing" }, "frontend": { "framework": "HTML5/JavaScript", "libraries": [ "Chart.js", "Plotly.js", "D3.js" ], "styling": "CSS3 with responsive design" }, "security": { "isolation": "Sandbox environment", "restrictions": [ "No file system access", "No network access", "Limited imports" ], "monitoring": "Automated security validation" }, "dependencies": [ "math", "json", "hashlib", "datetime" ], "attack_surface": { "high_risk_areas": [ "Dynamic endpoint routing without validation", "Public file serving", "No authentication mechanism" ], "medium_risk_areas": [ "Input validation gaps", "Potential XSS in dynamic content", "CSRF vulnerability" ], "low_risk_areas": [ "Static file exposure", "Information disclosure in error messages" ], "security_score": 3.5, "recommendations": [ "Implement input validation", "Add authentication middleware", "Configure security headers", "Add rate limiting" ] } }, "network_topology": { "nodes": [ { "id": "client", "type": "browser", "label": "Client Browser", "position": { "x": 100, "y": 200 } }, { "id": "sandbox", "type": "server", "label": "Sandbox\nwish-c9364f59...", "position": { "x": 400, "y": 200 } }, { "id": "handler", "type": "endpoint", "label": "/handler", "position": { "x": 600, "y": 150 } }, { "id": "api", "type": "endpoint", "label": "/api/[hash]/handler", "position": { "x": 600, "y": 250 } } ], "connections": [ { "from": "client", "to": "sandbox", "protocol": "HTTP/HTTPS", "ports": [ 80, 443 ] }, { "from": "sandbox", "to": "handler", "protocol": "Internal routing", "method": "GET/POST" }, { "from": "sandbox", "to": "api", "protocol": "Internal routing", "method": "GET/POST" } ], "security_zones": { "untrusted": [ "client" ], "sandbox": [ "sandbox" ], "controlled": [ "handler", "api" ] } } }