pinata-security-cli 0.5.3 → 0.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +39 -2
- package/dist/cli/index.js +902 -1546
- package/dist/cli/index.js.map +1 -1
- package/package.json +4 -1
- package/src/categories/definitions/concurrency/idempotency-missing.yml +5 -5
- package/src/categories/definitions/concurrency/race-condition.yml +2 -2
- package/src/categories/definitions/data/data-race.yml +9 -16
- package/src/categories/definitions/data/encoding-mismatch.yml +4 -4
- package/src/categories/definitions/data/null-handling.yml +8 -23
- package/src/categories/definitions/input/boundary-testing.yml +8 -43
- package/src/categories/definitions/input/null-undefined.yml +1 -43
- package/src/categories/definitions/network/connection-failure.yml +1 -1
- package/src/categories/definitions/resource/memory-leak.yml +8 -15
package/README.md
CHANGED
|
@@ -50,8 +50,9 @@ pinata analyze .
|
|
|
50
50
|
```bash
|
|
51
51
|
pinata analyze . # Fast scan
|
|
52
52
|
pinata analyze . --verify # AI-verified scan
|
|
53
|
+
pinata generate --gaps --write # Generate adversarial tests for findings
|
|
54
|
+
pinata generate --gaps --property # Also generate property-based invariants
|
|
53
55
|
pinata analyze . --execute # Dynamic execution (requires Docker)
|
|
54
|
-
pinata analyze . --execute --dry-run # Preview tests without running
|
|
55
56
|
pinata analyze . --confidence low # Include all matches
|
|
56
57
|
pinata analyze . --output json # JSON output
|
|
57
58
|
pinata analyze . --output sarif # SARIF for GitHub
|
|
@@ -146,7 +147,43 @@ Pinata auto-detects your project type and adjusts scanning rules accordingly:
|
|
|
146
147
|
|
|
147
148
|
This reduces false positives by ~60% for specialized project types.
|
|
148
149
|
|
|
149
|
-
##
|
|
150
|
+
## Adversarial Test Generation
|
|
151
|
+
|
|
152
|
+
The `generate` command creates complete, runnable security tests from vulnerability findings. Not templates. Real test files with real imports targeting your specific code.
|
|
153
|
+
|
|
154
|
+
```bash
|
|
155
|
+
# Generate tests for all findings (dry run)
|
|
156
|
+
pinata generate --gaps
|
|
157
|
+
|
|
158
|
+
# Write test files to disk
|
|
159
|
+
pinata generate --gaps --write
|
|
160
|
+
|
|
161
|
+
# Include property-based invariant tests (fast-check/hypothesis)
|
|
162
|
+
pinata generate --gaps --write --property
|
|
163
|
+
```
|
|
164
|
+
|
|
165
|
+
**How it works:**
|
|
166
|
+
1. Extracts the full function, imports, framework, and database type from each finding
|
|
167
|
+
2. AI generates a complete test file targeting the specific vulnerable code path
|
|
168
|
+
3. Generated test is validated: it must **fail** against current code (if it passes, it's useless)
|
|
169
|
+
4. Mutation testing (Stryker) verifies the test actually catches bugs
|
|
170
|
+
|
|
171
|
+
**Output:**
|
|
172
|
+
```
|
|
173
|
+
$ pinata generate --gaps --write
|
|
174
|
+
|
|
175
|
+
+ tests/security/sqli-users.test.ts
|
|
176
|
+
SQL injection test for getUserById at api/users.ts:47
|
|
177
|
+
+ tests/security/xss-comments.test.ts
|
|
178
|
+
XSS test for renderComment at views/comments.tsx:23
|
|
179
|
+
|
|
180
|
+
Wrote 2 test files. Tests fail against current code.
|
|
181
|
+
Fix the code, tests will pass. Add to CI to prevent regressions.
|
|
182
|
+
```
|
|
183
|
+
|
|
184
|
+
**Mutation testing:** Pinata's own test suite achieves **100% mutation kill rate** on covered code (350 tests, verified by Stryker). This is the only honest metric for test quality.
|
|
185
|
+
|
|
186
|
+
## Dynamic Execution (Layer 6)
|
|
150
187
|
|
|
151
188
|
The `--execute` flag runs generated exploit tests in a Docker sandbox to **prove** vulnerabilities exist:
|
|
152
189
|
|