mirror of
https://github.com/FuzzingLabs/fuzzforge_ai.git
synced 2026-07-11 09:03:42 +02:00
refactor: Update all modules to use new create_finding signature
Updated 10 modules to use the new create_finding() signature with required rule_id and found_by parameters: - llm_analyzer.py: Added FoundBy and LLMContext for AI-detected findings - bandit_analyzer.py: Added tool attribution and moved CWE/confidence to proper fields - security_analyzer.py: Updated all three finding types (secrets, SQL injection, dangerous functions) - mypy_analyzer.py: Added tool attribution and moved column info to column_start - mobsf_scanner.py: Updated all 6 finding types (permissions, manifest, code analysis, behavior) with proper line number handling - opengrep_android.py: Added tool attribution, proper CWE/OWASP formatting, and confidence mapping - dependency_scanner.py: Added pip-audit attribution for CVE findings - file_scanner.py: Updated both sensitive file and enumeration findings - cargo_fuzzer.py: Added fuzzer type attribution for crash findings - atheris_fuzzer.py: Added fuzzer type attribution for Python crash findings All modules now properly track: - Finding source (module, tool name, version, type) - Confidence levels (high/medium/low) - CWE and OWASP mappings where applicable - LLM context for AI-detected issues
This commit is contained in:
@@ -19,7 +19,7 @@ from typing import Dict, Any, List, Optional, Callable
|
||||
import uuid
|
||||
|
||||
import httpx
|
||||
from modules.base import BaseModule, ModuleMetadata, ModuleResult, ModuleFinding
|
||||
from modules.base import BaseModule, ModuleMetadata, ModuleResult, ModuleFinding, FoundBy
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
@@ -556,7 +556,16 @@ class AtherisFuzzer(BaseModule):
|
||||
# Encode crash input for storage
|
||||
crash_input_b64 = base64.b64encode(crash["input"]).decode()
|
||||
|
||||
# Create FoundBy attribution
|
||||
found_by = FoundBy(
|
||||
module="atheris_fuzzer",
|
||||
tool_name="Atheris",
|
||||
tool_version="unknown",
|
||||
type="fuzzer"
|
||||
)
|
||||
|
||||
finding = self.create_finding(
|
||||
rule_id=f"fuzzer_crash_{crash['exception_type'].lower().replace(' ', '_')}",
|
||||
title=f"Crash: {crash['exception_type']}",
|
||||
description=(
|
||||
f"Atheris found crash during fuzzing:\n"
|
||||
@@ -566,6 +575,8 @@ class AtherisFuzzer(BaseModule):
|
||||
),
|
||||
severity="critical",
|
||||
category="crash",
|
||||
found_by=found_by,
|
||||
confidence="high", # Fuzzer-found crashes are highly reliable
|
||||
file_path=str(target_path),
|
||||
metadata={
|
||||
"crash_input_base64": crash_input_b64,
|
||||
|
||||
@@ -13,7 +13,7 @@ import time
|
||||
from pathlib import Path
|
||||
from typing import Dict, Any, List, Optional, Callable
|
||||
|
||||
from modules.base import BaseModule, ModuleMetadata, ModuleResult, ModuleFinding
|
||||
from modules.base import BaseModule, ModuleMetadata, ModuleResult, ModuleFinding, FoundBy
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
@@ -426,14 +426,25 @@ class CargoFuzzer(BaseModule):
|
||||
else:
|
||||
severity = "high"
|
||||
|
||||
# Create FoundBy attribution
|
||||
found_by = FoundBy(
|
||||
module="cargo_fuzz",
|
||||
tool_name="cargo-fuzz",
|
||||
tool_version="0.11.2",
|
||||
type="fuzzer"
|
||||
)
|
||||
|
||||
# Create finding
|
||||
finding = self.create_finding(
|
||||
rule_id=f"fuzzer_crash_{error_type.lower().replace(' ', '_')}",
|
||||
title=f"Crash: {error_type} in {target_name}",
|
||||
description=f"Cargo-fuzz discovered a crash in target '{target_name}'. "
|
||||
f"Error type: {error_type}. "
|
||||
f"Input size: {len(crash_input)} bytes.",
|
||||
severity=severity,
|
||||
category="crash",
|
||||
found_by=found_by,
|
||||
confidence="high", # Fuzzer-found crashes are highly reliable
|
||||
file_path=f"fuzz/fuzz_targets/{target_name}.rs",
|
||||
code_snippet=stack_trace[:500],
|
||||
recommendation="Review the crash details and fix the underlying bug. "
|
||||
|
||||
Reference in New Issue
Block a user