CalvinBackup/fuzzforge_ai
1
0
Fork 0
mirror of https://github.com/FuzzingLabs/fuzzforge_ai.git synced 2026-05-24 11:34:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix: Resolve critical bugs - file handle leaks and IndexError issues

Browse Source 
Fixed multiple critical bugs identified during comprehensive code audit:

**Critical Fixes:**
- Fix file handle leaks in SDK client upload methods (sync and async)
  - Use context managers to ensure file handles are properly closed
  - Affects: sdk/src/fuzzforge_sdk/client.py lines 397, 484

**High Priority Fixes:**
- Fix IndexError in OSS-Fuzz stats parsing when accessing array elements
  - Add bounds checking before accessing parts[i+1]
  - Affects: workers/ossfuzz/activities.py lines 372-376

- Fix IndexError in exception handling URL parsing
  - Add empty string validation before splitting URL segments
  - Prevents crash when parsing malformed URLs
  - Affects: sdk/src/fuzzforge_sdk/exceptions.py lines 419-426

**Medium Priority Fixes:**
- Fix IndexError in Android workflow SARIF report parsing
  - Check if runs list is empty before accessing first element
  - Affects: backend/toolbox/workflows/android_static_analysis/workflow.py line 270

All fixes follow defensive programming practices with proper bounds checking
and resource management using context managers.
This commit is contained in:
tduhamel42
2025-11-12 14:16:02 +01:00
parent 7820d58604
commit a9974bcbf1
4 changed files with 29 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/toolbox/workflows/android_static_analysis/workflow.py
+2 -1
View File
@@ -267,7 +267,8 @@ class AndroidStaticAnalysisWorkflow:
)
# Calculate summary
total_findings = len(sarif_report.get("runs", [{}])[0].get("results", []))
runs = sarif_report.get("runs", [])
total_findings = len(runs[0].get("results", [])) if runs else 0
summary = {
"workflow": "android_static_analysis",