CalvinBackup/fuzzforge_ai
1
0
Fork 0
mirror of https://github.com/FuzzingLabs/fuzzforge_ai.git synced 2026-02-12 20:32:46 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
4d30b0847637bd9531a5edb6fc28f7de4acc5b39
fuzzforge_ai/test_projects
History
tduhamel42 40d48a8045 feat: Complete Temporal migration cleanup and fixes 
- Remove obsolete docker_logs.py module and container diagnostics from SDK
- Fix security_assessment workflow metadata (vertical: rust -> python)
- Remove all Prefect references from documentation
- Add SDK exception handling test suite
- Clean up old test artifacts
2025-10-14 15:02:52 +02:00
..
python_fuzz_waterfall
CI/CD Integration with Ephemeral Deployment Model (#14)
2025-10-14 10:13:45 +02:00
rust_fuzz_test
feat: Complete Temporal migration cleanup and fixes
2025-10-14 15:02:52 +02:00
vulnerable_app
feat: Complete Temporal migration cleanup and fixes
2025-10-14 15:02:52 +02:00
README.md
Initial commit
2025-09-29 21:26:41 +02:00

README.md

FuzzForge Vulnerable Test Project

This directory contains a comprehensive vulnerable test application designed to validate FuzzForge's security workflows. The project contains multiple categories of security vulnerabilities to test both the security_assessment and secret_detection_scan workflows.

Test Project Overview

Vulnerable Application (vulnerable_app/)

Purpose: Comprehensive vulnerable application for testing security workflows

Supported Workflows:

  • security_assessment - General security scanning and analysis
  • secret_detection_scan - Detection of secrets, credentials, and sensitive data

Vulnerabilities Included:

  • SQL injection vulnerabilities
  • Command injection
  • Hardcoded secrets and credentials
  • Path traversal vulnerabilities
  • Weak cryptographic functions
  • Server-side template injection (SSTI)
  • Pickle deserialization attacks
  • CSRF missing protection
  • Information disclosure
  • API keys and tokens
  • Database connection strings
  • Private keys and certificates

Files:

  • Multiple source code files with various vulnerability types
  • Configuration files with embedded secrets
  • Dependencies with known vulnerabilities

Expected Detections: 30+ findings across both security assessment and secret detection workflows

Usage Instructions

Testing with FuzzForge Workflows

The vulnerable application can be tested with both essential workflows:

# Test security assessment workflow
curl -X POST http://localhost:8000/workflows/security_assessment/submit \
  -H "Content-Type: application/json" \
  -d '{
    "target_path": "/path/to/test_projects/vulnerable_app",
    "volume_mode": "ro"
  }'

# Test secret detection workflow
curl -X POST http://localhost:8000/workflows/secret_detection_scan/submit \
  -H "Content-Type: application/json" \
  -d '{
    "target_path": "/path/to/test_projects/vulnerable_app",
    "volume_mode": "ro"
  }'

Expected Results

Each workflow should produce SARIF-formatted results with:

  • High-severity findings for critical vulnerabilities
  • Medium-severity findings for moderate risks
  • Detailed descriptions and remediation guidance
  • Code flow information where applicable

Validation Criteria

A successful test should detect:

  • Security Assessment: At least 20 various security vulnerabilities
  • Secret Detection: At least 10 different types of secrets and credentials

Security Notice

⚠️ WARNING: This project contains intentional security vulnerabilities and should NEVER be deployed in production environments or exposed to public networks. It is designed solely for security testing and validation purposes.

File Structure

test_projects/
├── README.md
└── vulnerable_app/
    ├── [Multiple vulnerable source files]
    ├── [Configuration files with secrets]
    └── [Dependencies with known issues]
Reference in New Issue View Git Blame Copy Permalink