phi-drift / core /bug_ops.py
crexs's picture
Upload folder using huggingface_hub
914e970 verified
Raw
History Blame Contribute Delete
4.28 kB
import json
import urllib.error
import urllib.request
from datetime import datetime
BUG_SCOPE_TEMPLATE = """Bug bounty scope card
Program:
Authorized assets:
Out-of-scope assets:
Allowed test types:
Disallowed test types:
Rate limits:
Data handling:
Proof standard:
Stop conditions:
Notes:
"""
BUG_CHECKLIST = """Bug bot checklist
1. Confirm the target is in scope and write down the exact asset.
2. Identify the user role, account type, and permission level being tested.
3. Map normal behavior before looking for broken behavior.
4. Capture request, response, timestamp, account, and environment notes.
5. Prefer low-impact proof with synthetic data.
6. Stop if testing risks service disruption, privacy exposure, or out-of-scope access.
7. Convert every finding into: impact, evidence, reproduction, fix, and confidence.
"""
BUG_REPORT_TEMPLATE = """# Title
Clear vulnerability type in one affected asset.
## Summary
What is broken, where it is broken, and why it matters.
## Scope
- Program:
- Asset:
- Account/role:
- Authorization notes:
## Impact
Explain the realistic security consequence without exaggerating.
## Steps To Reproduce
1.
2.
3.
## Evidence
- Request/response IDs:
- Screenshots or Burp items:
- Timestamps:
## Expected Result
What should happen.
## Actual Result
What happened instead.
## Suggested Fix
Practical remediation or hardening idea.
## Notes
Limits, assumptions, and anything intentionally not tested.
"""
def bridge_status(url="http://localhost:11434"):
started = datetime.now().isoformat(timespec="seconds")
try:
with urllib.request.urlopen(url, timeout=2) as response:
body = response.read(160).decode("utf-8", errors="replace").strip()
return (
"Local AI bridge\n"
f"- url: {url}\n"
f"- status: reachable ({response.status})\n"
f"- checked_at: {started}\n"
f"- preview: {body or 'no body'}"
)
except urllib.error.URLError as exc:
return (
"Local AI bridge\n"
f"- url: {url}\n"
"- status: offline or unreachable\n"
f"- checked_at: {started}\n"
f"- detail: {exc.reason}"
)
except Exception as exc:
return (
"Local AI bridge\n"
f"- url: {url}\n"
"- status: check failed\n"
f"- checked_at: {started}\n"
f"- detail: {type(exc).__name__}: {exc}"
)
def format_mission(target, goal, status="active", notes=""):
target = target.strip()
goal = goal.strip()
status = status.strip() or "active"
notes = notes.strip()
return {
"target": target,
"goal": goal,
"status": status,
"notes": notes,
"created_at": datetime.now().isoformat(timespec="seconds"),
}
def render_mission(mission):
return (
"Bug mission\n"
f"- target: {mission.get('target', '')}\n"
f"- goal: {mission.get('goal', '')}\n"
f"- status: {mission.get('status', '')}\n"
f"- created_at: {mission.get('created_at', '')}\n"
f"- notes: {mission.get('notes', '') or 'none'}"
)
def parse_mission_args(args):
target, sep, rest = args.partition("|")
goal, sep2, notes = rest.partition("|")
if not sep or not target.strip() or not goal.strip():
raise ValueError("Use: /bug mission <target> | <goal> | [notes]")
return format_mission(target, goal, notes=notes if sep2 else "")
def parse_note_args(args):
target, sep, note = args.partition("|")
if not sep or not target.strip() or not note.strip():
raise ValueError("Use: /bug note <target> | <note>")
return target.strip(), note.strip()
def mission_to_document(mission):
return (
f"Bug Mission: {mission['target']}\n"
f"Goal: {mission['goal']}\n"
f"Status: {mission['status']}\n"
f"Notes: {mission['notes'] or 'none'}\n"
f"Created: {mission['created_at']}"
)
def note_to_document(target, note):
return (
f"Bug Note: {target}\n"
f"Note: {note}\n"
f"Created: {datetime.now().isoformat(timespec='seconds')}"
)
def metadata_json(payload):
return json.dumps(payload, sort_keys=True)