Skip to content

feat(remediation): validate upgrade suggestions against transitive dependency graph (#708) #790

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
dinesh9997 wants to merge 19 commits into from
Closed

feat(remediation): validate upgrade suggestions against transitive dependency graph (#708) #790

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
19 commits
Select commit Hold shift + click to select a range
441f6ff
feat: implement Redis scan result caching layer with bypass param and…
dinesh9997 Jun 11, 2026
93c92ff
style: remove trailing whitespace in test_scan_cache.py
dinesh9997 Jun 11, 2026
11bf6b4
style: remove trailing whitespace in executor.py
dinesh9997 Jun 11, 2026
e2c7199
style: remove trailing blank line at EOF of cache.py
dinesh9997 Jun 11, 2026
55e399f
test: reset global cache singleton in setup_test_environment to preve…
dinesh9997 Jun 11, 2026
62505e0
feat: enhance scan caching safety, tenant isolation, and unify result…
dinesh9997 Jun 12, 2026
2656c26
Merge branch 'utksh1:main' into main
dinesh9997 Jun 12, 2026
5e30d40
feat(remediation): validate upgrade suggestions against transitive de…
dinesh9997 Jun 12, 2026
7f464c2
style: remove trailing whitespaces to pass formatting-hygiene check
dinesh9997 Jun 12, 2026
57f7a66
Merge branch 'utksh1:main' into main
dinesh9997 Jun 13, 2026
22468c1
test(cache): add regression test asserting _execute_command is not ca…
dinesh9997 Jun 13, 2026
b96a417
chore: add npm audit exception for esbuild GHSA-gv7w-rqvm-qjhr
dinesh9997 Jun 13, 2026
0562302
Merge branch 'main' into bug/remediation-safety
dinesh9997 Jun 13, 2026
b8944fa
merge main into bug/remediation-safety
dinesh9997 Jun 13, 2026
e9e05e0
feat(remediation): improve safety validation logic, remove fallbacks,…
dinesh9997 Jun 13, 2026
8a7d89b
merge remote branch into bug/remediation-safety
dinesh9997 Jun 13, 2026
78e6346
style: remove trailing whitespaces in test files to pass formatting h…
dinesh9997 Jun 13, 2026
8aa1e83
chore: remove unrelated cache and audit config changes from remediati…
dinesh9997 Jun 14, 2026
f7b96ae
Merge branch 'main' into bug/remediation-safety
dinesh9997 Jun 14, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 27 additions & 0 deletions backend/secuscan/executor.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1191,6 +1191,33 @@ async def _build_result_contract(
target=target,
findings=[item for item in result.get("findings", []) if isinstance(item, dict)],
)

try:
from .remediation import build_dependency_graph, validate_remediation
graph = build_dependency_graph(target)
validations = {}
for f in normalized_findings:
remediation_str = f.get("remediation", "")
if remediation_str:
val_res = validate_remediation(remediation_str, graph)
validations[id(f)] = val_res

for f in normalized_findings:
if id(f) in validations:
val_res = validations[id(f)]
f_metadata = f.setdefault("metadata", {})
f_metadata["safe_to_apply"] = val_res["safe_to_apply"]
f_metadata["compatible_range"] = val_res["compatible_range"]
f_metadata["alternatives"] = val_res["alternatives"]
except Exception as e:
logger.warning(
"Remediation safety validation failed for task %s (plugin %s): %s. Skipping safety metadata enrichment.",
task_id,
plugin_id,
str(e),
exc_info=True,
)

previous_findings = await self._load_previous_task_findings(
db,
owner_id=owner_id,
Expand Down
3 changes: 3 additions & 0 deletions backend/secuscan/models.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -235,6 +235,9 @@ class Finding(BaseModel):
evidence_count: int = 0
analyst_status: AnalystStatus = AnalystStatus.NEW
retest_status: RetestStatus = RetestStatus.NOT_REQUESTED
safe_to_apply: Optional[bool] = None
compatible_range: Optional[str] = None
alternatives: Optional[List[str]] = None


class TaskResult(BaseModel):
Expand Down
Loading
Loading