II.
LibraryProcess overview
Reference · livelib-process:security-research--variant-analysis
variant-analysis overview
Systematic search for similar vulnerabilities across a codebase or related projects after discovering an initial vulnerability. Uses pattern matching, CodeQL, Semgrep, and code similarity analysis to find variants and incomplete fixes.
Attributes
displayName
variant-analysis
description
Systematic search for similar vulnerabilities across a codebase or related projects after
discovering an initial vulnerability. Uses pattern matching, CodeQL, Semgrep, and code similarity analysis
to find variants and incomplete fixes.
libraryPath
library/specializations/security-research/variant-analysis.js
specialization
security-research
references
- - CodeQL: https://codeql.github.com/ - Semgrep: https://semgrep.dev/ - Project Zero Blog: https://googleprojectzero.blogspot.com/
example
const result = await orchestrate('specializations/security-research/variant-analysis', {
projectName: 'XSS Variant Analysis',
initialVulnerability: {
type: 'xss',
pattern: 'innerHTML assignment without sanitization',
cweId: 'CWE-79'
},
codebasePath: '/path/to/codebase',
tools: ['codeql', 'semgrep']
});
usesAgents
- vuln-researcher
- security-report-writer
Outgoing edges
lib_applies_to_domain1
- domain:cybersecurity·DomainCybersecurity
lib_belongs_to_specialization1
- specialization:security-research·Specialization
lib_implements_workflow1
- workflow:vulnerability-management·Workflow
uses_agent2
- lib-agent:security-research--vuln-researcher·LibraryAgentVulnerability Researcher Agent
- lib-agent:security-research--security-report-writer·LibraryAgentSecurity Report Writer Agent
Incoming edges
None.