Remediation Generator¶
Produces framework-specific code snippets that fix a finding. Given a vulnerability and the target's tech stack, it generates a ready-to-use code fix with an explanation and references.
How it works¶
- The generator reads the finding from the engagement directory
- It detects the target's tech stack from
context.json(or uses the manually specified language/framework) - It looks up a remediation template for the
(vuln_type, framework)pair - It produces a code snippet, an explanation of why the fix works, and links to relevant documentation
Supported vulnerability types and frameworks¶
The /api/v1/remediation/templates endpoint returns the current mapping. Example:
| Vulnerability type | Available frameworks |
|---|---|
| SQL Injection | Java/JDBC, Python/SQLAlchemy, PHP/PDO, Node/Sequelize, C#/EF Core |
| XSS | React, Angular, Vue, Django Templates, Jinja2 |
| SSRF | Spring Boot, Express.js, Django, Flask |
| CSRF | Spring Security, Django, Express, Laravel |
| Insecure Deserialization | Java, Python, PHP, .NET |
| Broken Authentication | Spring Security, Passport.js, Django Auth |
The template library is extensible. Each template contains a parameterized code snippet and a set of references (OWASP, CWE, framework docs).
API endpoints¶
Generate remediation code¶
| Field | Type | Default | Description |
|---|---|---|---|
finding_id |
string | required | Finding ID (e.g. FINDING-003) |
language |
string | auto-detect | Target language (e.g. python, java). Empty = auto-detect from context.json |
framework |
string | auto-detect | Target framework (e.g. django, spring-boot). Empty = auto-detect |
Response (RemediationCodeResponse):
{
"finding_id": "FINDING-003",
"language": "python",
"framework": "django",
"code_snippet": "from django.db import connection\n\ndef get_user(user_id):\n with connection.cursor() as cursor:\n cursor.execute(\n \"SELECT * FROM users WHERE id = %s\",\n [user_id]\n )\n return cursor.fetchone()",
"explanation": "Use parameterized queries instead of string concatenation. Django's cursor.execute() accepts parameters as a separate list, which are properly escaped by the database driver.",
"references": [
"https://docs.djangoproject.com/en/5.0/topics/db/sql/#passing-parameters-into-raw",
"https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html",
"CWE-89"
]
}
List available templates¶
Returns a map of vulnerability types to their available frameworks:
{
"SQL Injection": ["java-jdbc", "python-sqlalchemy", "php-pdo", "node-sequelize", "csharp-efcore"],
"XSS": ["react", "angular", "vue", "django-templates", "jinja2"],
"SSRF": ["spring-boot", "express", "django", "flask"]
}
Auto-detection¶
When language and framework are left empty, the generator reads the engagement's context.json to determine the tech stack. The tech_stack.backend and tech_stack.framework fields drive the selection. If detection fails, the endpoint returns a 404 asking you to specify the framework explicitly.
Connections to other features¶
- Compliance Mapping: when a compliance gap is identified, the remediation generator can produce the fix for the underlying finding, closing the compliance loop
- Learning Loop: the Learning Loop records which techniques exploited the vulnerability. This context helps the generator produce more specific fixes (e.g., if the attack used chunked encoding to bypass a WAF, the fix should address that specific vector)