CalvinBackup/fuzzforge_ai
1
0
Fork 0
mirror of https://github.com/FuzzingLabs/fuzzforge_ai.git synced 2026-03-21 17:13:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor: Update all modules to use new create_finding signature

Browse Source 
Updated 10 modules to use the new create_finding() signature with required rule_id and found_by parameters:

- llm_analyzer.py: Added FoundBy and LLMContext for AI-detected findings
- bandit_analyzer.py: Added tool attribution and moved CWE/confidence to proper fields
- security_analyzer.py: Updated all three finding types (secrets, SQL injection, dangerous functions)
- mypy_analyzer.py: Added tool attribution and moved column info to column_start
- mobsf_scanner.py: Updated all 6 finding types (permissions, manifest, code analysis, behavior) with proper line number handling
- opengrep_android.py: Added tool attribution, proper CWE/OWASP formatting, and confidence mapping
- dependency_scanner.py: Added pip-audit attribution for CVE findings
- file_scanner.py: Updated both sensitive file and enumeration findings
- cargo_fuzzer.py: Added fuzzer type attribution for crash findings
- atheris_fuzzer.py: Added fuzzer type attribution for Python crash findings

All modules now properly track:
- Finding source (module, tool name, version, type)
- Confidence levels (high/medium/low)
- CWE and OWASP mappings where applicable
- LLM context for AI-detected issues
This commit is contained in:
tduhamel42
2025-11-02 15:36:30 +01:00
parent 99cee284b6
commit fccd8f32ab
10 changed files with 275 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
backend/toolbox/modules/android/opengrep_android.py
View File

@@ -23,12 +23,12 @@ from pathlib import Path
from typing import Dict, Any, List
try:
from toolbox.modules.base import BaseModule, ModuleMetadata, ModuleFinding, ModuleResult
from toolbox.modules.base import BaseModule, ModuleMetadata, ModuleFinding, ModuleResult, FoundBy
except ImportError:
try:
from modules.base import BaseModule, ModuleMetadata, ModuleFinding, ModuleResult
from modules.base import BaseModule, ModuleMetadata, ModuleFinding, ModuleResult, FoundBy
except ImportError:
from src.toolbox.modules.base import BaseModule, ModuleMetadata, ModuleFinding, ModuleResult
from src.toolbox.modules.base import BaseModule, ModuleMetadata, ModuleFinding, ModuleResult, FoundBy
logger = logging.getLogger(__name__)
@@ -302,23 +302,40 @@ class OpenGrepAndroid(BaseModule):
# Map severity to our standard levels
finding_severity = self._map_severity(severity)
# Map confidence
confidence_map = {"HIGH": "high", "MEDIUM": "medium", "LOW": "low"}
finding_confidence = confidence_map.get(confidence, "medium")
# Format CWE and OWASP
cwe_id = f"CWE-{cwe[0]}" if cwe and isinstance(cwe, list) and cwe else None
owasp_str = owasp[0] if owasp and isinstance(owasp, list) and owasp else None
# Create FoundBy attribution
found_by = FoundBy(
module="opengrep_android",
tool_name="OpenGrep",
tool_version="1.45.0",
type="tool"
)
# Create finding
finding = self.create_finding(
rule_id=rule_id,
title=f"Android Security: {rule_id}",
description=message or f"OpenGrep rule {rule_id} triggered",
severity=finding_severity,
category=self._get_category(rule_id, extra),
found_by=found_by,
confidence=finding_confidence,
cwe=cwe_id,
owasp=owasp_str,
file_path=path_info if path_info else None,
line_start=start_line if start_line > 0 else None,
line_end=end_line if end_line > 0 and end_line != start_line else None,
code_snippet=lines.strip() if lines else None,
recommendation=self._get_recommendation(rule_id, extra),
metadata={
"rule_id": rule_id,
"opengrep_severity": severity,
"confidence": confidence,
"cwe": cwe,
"owasp": owasp,
"fix": extra.get("fix", ""),
"impact": extra.get("impact", ""),
"likelihood": extra.get("likelihood", ""),