CalvinBackup/fuzzforge_ai
1
0
Fork 0
mirror of https://github.com/FuzzingLabs/fuzzforge_ai.git synced 2026-02-13 02:32:47 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
dev
fuzzforge_ai/test_projects/README.md
tduhamel42 87e3262832 docs: Remove obsolete volume_mode references from documentation 
The volume_mode parameter is no longer used since workflows now upload files to MinIO storage instead of mounting volumes directly. This commit removes all references to volume_mode from:

- Backend API documentation (README.md)
- Tutorial getting started guide
- MCP integration guide
- CLI AI reference documentation
- SDK documentation and examples
- Test project documentation

All curl examples and code samples have been updated to reflect the current MinIO-based file upload approach.
2025-10-16 11:36:53 +02:00

98 lines
3.3 KiB
Markdown
Raw Permalink Blame History

# FuzzForge Vulnerable Test Project
This directory contains a comprehensive vulnerable test application designed to validate FuzzForge's security workflows. The project contains multiple categories of security vulnerabilities to test `security_assessment`, `gitleaks_detection`, `trufflehog_detection`, and `llm_secret_detection` workflows.
## Test Project Overview
### Vulnerable Application (`vulnerable_app/`)
**Purpose**: Comprehensive vulnerable application for testing security workflows
**Supported Workflows**:
- `security_assessment` - General security scanning and analysis
- `gitleaks_detection` - Pattern-based secret detection
- `trufflehog_detection` - Entropy-based secret detection with verification
- `llm_secret_detection` - AI-powered semantic secret detection
**Vulnerabilities Included**:
- SQL injection vulnerabilities
- Command injection
- Hardcoded secrets and credentials
- Path traversal vulnerabilities
- Weak cryptographic functions
- Server-side template injection (SSTI)
- Pickle deserialization attacks
- CSRF missing protection
- Information disclosure
- API keys and tokens
- Database connection strings
- Private keys and certificates
**Files**:
- Multiple source code files with various vulnerability types
- Configuration files with embedded secrets
- Dependencies with known vulnerabilities
**Expected Detections**: 30+ findings across both security assessment and secret detection workflows
---
## Usage Instructions
### Testing with FuzzForge Workflows
The vulnerable application can be tested with multiple security workflows:
```bash
# Test security assessment workflow
curl -X POST http://localhost:8000/workflows/security_assessment/submit \
-H "Content-Type: application/json" \
-d '{
"target_path": "/path/to/test_projects/vulnerable_app"
}'
# Test Gitleaks secret detection workflow
curl -X POST http://localhost:8000/workflows/gitleaks_detection/submit \
-H "Content-Type: application/json" \
-d '{
"target_path": "/path/to/test_projects/vulnerable_app"
}'
# Test TruffleHog secret detection workflow
curl -X POST http://localhost:8000/workflows/trufflehog_detection/submit \
-H "Content-Type: application/json" \
-d '{
"target_path": "/path/to/test_projects/vulnerable_app"
}'
```
### Expected Results
Each workflow should produce SARIF-formatted results with:
- High-severity findings for critical vulnerabilities
- Medium-severity findings for moderate risks
- Detailed descriptions and remediation guidance
- Code flow information where applicable
### Validation Criteria
A successful test should detect:
- **Security Assessment**: At least 20 various security vulnerabilities
- **Gitleaks Detection**: At least 10 different types of secrets
- **TruffleHog Detection**: At least 5 high-entropy secrets
- **LLM Secret Detection**: At least 15 secrets with semantic understanding
---
## Security Notice
⚠️ **WARNING**: This project contains intentional security vulnerabilities and should NEVER be deployed in production environments or exposed to public networks. It is designed solely for security testing and validation purposes.
## File Structure
```
test_projects/
├── README.md
└── vulnerable_app/
├── [Multiple vulnerable source files]
├── [Configuration files with secrets]
└── [Dependencies with known issues]
```
Reference in New Issue View Git Blame Copy Permalink