starred/raptor
1
0
Fork 0
mirror of https://github.com/gadievron/raptor.git synced 2026-04-24 21:46:00 +03:00
Code Issues 9 Projects Releases Packages Wiki Activity

[PR #65] [MERGED] Add Exploitability Validation Pipeline #67

New issue
Closed
opened 2026-03-02 04:08:07 +03:00 by kerem · 0 comments
kerem commented 2026-03-02 04:08:07 +03:00
Owner
Copy link

📋 Pull Request Information

Original PR: https://github.com/gadievron/raptor/pull/65
Author: @grokjc
Created: 1/29/2026
Status: Merged
Merged: 1/30/2026
Merged by: @danielcuthbert

Base: mainHead: exploitation-validator

📝 Commits (1)

  • 6398c9d Add Gadi's exploitability validation prompts + integrate

📊 Changes

21 files changed (+5479 additions, -15 deletions)

View changed files

.claude/agents/exploitability-validator-agent.md (+285 -0)
.claude/commands/validate.md (+284 -0)
.claude/skills/exploitability-validation/SKILL.md (+208 -0)
.claude/skills/exploitability-validation/stage-0-inventory.md (+57 -0)
.claude/skills/exploitability-validation/stage-a-oneshot.md (+87 -0)
.claude/skills/exploitability-validation/stage-b-process.md (+105 -0)
.claude/skills/exploitability-validation/stage-c-sanity.md (+110 -0)
.claude/skills/exploitability-validation/stage-d-ruling.md (+124 -0)
.claude/skills/exploitability-validation/stage-e-feasibility.md (+261 -0)
📝 CLAUDE.md (+36 -1)
docs/exploitability-validation-integration.md (+269 -0)
packages/exploitability_validation/__init__.py (+113 -0)
packages/exploitability_validation/agentic.py (+320 -0)
packages/exploitability_validation/checklist_builder.py (+594 -0)
packages/exploitability_validation/orchestrator.py (+950 -0)
packages/exploitability_validation/schemas.py (+513 -0)
packages/exploitability_validation/tests/__init__.py (+1 -0)
packages/exploitability_validation/tests/test_validation.py (+884 -0)
📝 raptor_agentic.py (+71 -13)
📝 tiers/README.md (+25 -1)

...and 1 more files

📄 Description

Add Exploitability Validation Pipeline

Summary

Integrates the exploitability validation pipeline into RAPTOR's agentic workflow. This adds a new Phase 2 between scanning and analysis that validates vulnerability findings are real, reachable, and exploitable before proceeding to analysis and exploit development.

Original prompts: Gadi Evron
Integration: John Cartwright

Motivation

Static analysis tools produce findings that may be:

  • Hallucinated (code doesn't actually exist as described)
  • Unreachable (dead code paths, impossible preconditions)
  • Unexploitable (mitigations block exploitation)

This wastes significant time during manual analysis and exploit development. The validation pipeline filters these out early, focusing effort on genuinely exploitable vulnerabilities.

Changes

New Package: packages/exploitability_validation/

Python implementation of the 6-stage validation pipeline:

Stage Purpose
0: Inventory Build checklist of all functions in codebase
A: One-Shot Quick exploitability check + PoC attempt
B: Process Attack trees and systematic hypothesis testing
C: Sanity Verify findings against actual code
D: Ruling Filter test code, check preconditions
E: Feasibility Binary constraints (memory corruption only)

Key modules:

  • orchestrator.py - Pipeline state machine and stage execution
  • checklist_builder.py - Multi-language function extraction (14 languages)
  • schemas.py - JSON schema validation for all artifacts
  • agentic.py - Integration with /agentic workflow

New Claude Code Skills: .claude/skills/exploitability-validation/

Prompt-based methodology for Claude Code agents:

  • SKILL.md - Shared context, 6 MUST-GATEs, execution rules
  • stage-*.md - Per-stage instructions and output formats

New Command: /validate

Standalone validation command for use outside the agentic workflow.

Modified: raptor_agentic.py

  • Integrated validation as Phase 2 (automatic, use --skip-validation to bypass)
  • Renumbered phases: 1.5→2, 2→3, 3→4

Modified: CLAUDE.md

  • Added /validate command documentation
  • Added exploitability validation section
  • Updated progressive loading rules
  • Updated phase numbering

Modified: tiers/README.md

  • Added guidance files to structure
  • Added note about .claude/skills/ being separate

Testing

62 tests covering:

  • Language detection and function extraction (Python, JS, TS, C, C++, Java, Go)
  • Schema validation for all JSON artifacts
  • Pipeline orchestrator (all stages)
  • SARIF conversion and deduplication
python -m pytest packages/exploitability_validation/tests/test_validation.py -v

Usage

Automatic (via /agentic)

python raptor.py agentic --repo /path/to/code
# Phase 2 validation runs automatically

Standalone

/validate /path/to/target --vuln-type sql_injection

Programmatic

from packages.exploitability_validation import run_validation

result = run_validation(
    target_path="/path/to/code",
    vuln_type="command_injection"
)

Checklist

  • Tests pass (62/62)
  • No syntax errors
  • No debug prints or TODOs
  • Documentation updated
  • Phase numbering consistent
  • Existing functionality preserved

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/gadievron/raptor/pull/65 **Author:** [@grokjc](https://github.com/grokjc) **Created:** 1/29/2026 **Status:** ✅ Merged **Merged:** 1/30/2026 **Merged by:** [@danielcuthbert](https://github.com/danielcuthbert) **Base:** `main` ← **Head:** `exploitation-validator` --- ### 📝 Commits (1) - [`6398c9d`](https://github.com/gadievron/raptor/commit/6398c9d754987741b33048e26d7b95c990b0b098) Add Gadi's exploitability validation prompts + integrate ### 📊 Changes **21 files changed** (+5479 additions, -15 deletions) <details> <summary>View changed files</summary> ➕ `.claude/agents/exploitability-validator-agent.md` (+285 -0) ➕ `.claude/commands/validate.md` (+284 -0) ➕ `.claude/skills/exploitability-validation/SKILL.md` (+208 -0) ➕ `.claude/skills/exploitability-validation/stage-0-inventory.md` (+57 -0) ➕ `.claude/skills/exploitability-validation/stage-a-oneshot.md` (+87 -0) ➕ `.claude/skills/exploitability-validation/stage-b-process.md` (+105 -0) ➕ `.claude/skills/exploitability-validation/stage-c-sanity.md` (+110 -0) ➕ `.claude/skills/exploitability-validation/stage-d-ruling.md` (+124 -0) ➕ `.claude/skills/exploitability-validation/stage-e-feasibility.md` (+261 -0) 📝 `CLAUDE.md` (+36 -1) ➕ `docs/exploitability-validation-integration.md` (+269 -0) ➕ `packages/exploitability_validation/__init__.py` (+113 -0) ➕ `packages/exploitability_validation/agentic.py` (+320 -0) ➕ `packages/exploitability_validation/checklist_builder.py` (+594 -0) ➕ `packages/exploitability_validation/orchestrator.py` (+950 -0) ➕ `packages/exploitability_validation/schemas.py` (+513 -0) ➕ `packages/exploitability_validation/tests/__init__.py` (+1 -0) ➕ `packages/exploitability_validation/tests/test_validation.py` (+884 -0) 📝 `raptor_agentic.py` (+71 -13) 📝 `tiers/README.md` (+25 -1) _...and 1 more files_ </details> ### 📄 Description # Add Exploitability Validation Pipeline ## Summary Integrates the exploitability validation pipeline into RAPTOR's agentic workflow. This adds a new Phase 2 between scanning and analysis that validates vulnerability findings are real, reachable, and exploitable before proceeding to analysis and exploit development. **Original prompts:** Gadi Evron **Integration:** John Cartwright ## Motivation Static analysis tools produce findings that may be: - Hallucinated (code doesn't actually exist as described) - Unreachable (dead code paths, impossible preconditions) - Unexploitable (mitigations block exploitation) This wastes significant time during manual analysis and exploit development. The validation pipeline filters these out early, focusing effort on genuinely exploitable vulnerabilities. ## Changes ### New Package: `packages/exploitability_validation/` Python implementation of the 6-stage validation pipeline: | Stage | Purpose | |-------|---------| | 0: Inventory | Build checklist of all functions in codebase | | A: One-Shot | Quick exploitability check + PoC attempt | | B: Process | Attack trees and systematic hypothesis testing | | C: Sanity | Verify findings against actual code | | D: Ruling | Filter test code, check preconditions | | E: Feasibility | Binary constraints (memory corruption only) | **Key modules:** - `orchestrator.py` - Pipeline state machine and stage execution - `checklist_builder.py` - Multi-language function extraction (14 languages) - `schemas.py` - JSON schema validation for all artifacts - `agentic.py` - Integration with `/agentic` workflow ### New Claude Code Skills: `.claude/skills/exploitability-validation/` Prompt-based methodology for Claude Code agents: - `SKILL.md` - Shared context, 6 MUST-GATEs, execution rules - `stage-*.md` - Per-stage instructions and output formats ### New Command: `/validate` Standalone validation command for use outside the agentic workflow. ### Modified: `raptor_agentic.py` - Integrated validation as Phase 2 (automatic, use `--skip-validation` to bypass) - Renumbered phases: 1.5→2, 2→3, 3→4 ### Modified: `CLAUDE.md` - Added `/validate` command documentation - Added exploitability validation section - Updated progressive loading rules - Updated phase numbering ### Modified: `tiers/README.md` - Added guidance files to structure - Added note about `.claude/skills/` being separate ## Testing 62 tests covering: - Language detection and function extraction (Python, JS, TS, C, C++, Java, Go) - Schema validation for all JSON artifacts - Pipeline orchestrator (all stages) - SARIF conversion and deduplication ```bash python -m pytest packages/exploitability_validation/tests/test_validation.py -v ``` ## Usage ### Automatic (via /agentic) ```bash python raptor.py agentic --repo /path/to/code # Phase 2 validation runs automatically ``` ### Standalone ```bash /validate /path/to/target --vuln-type sql_injection ``` ### Programmatic ```python from packages.exploitability_validation import run_validation result = run_validation( target_path="/path/to/code", vuln_type="command_injection" ) ``` ## Checklist - [x] Tests pass (62/62) - [x] No syntax errors - [x] No debug prints or TODOs - [x] Documentation updated - [x] Phase numbering consistent - [x] Existing functionality preserved --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
kerem 2026-03-02 04:08:07 +03:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
sage_integration
feature/agentic-understand-validate
feature/release-workflow
feature/semgrep-offline-rules
feature/dockerfile-bookworm-fixes
hardware-phun
v3.0.0
Labels
Clear labels   
bug

   
enhancement

   
enhancement

   
good first issue

   
pull-request

Mirrored from GitHub Pull Request

  
question
No labels
bug
enhancement
enhancement
good first issue
pull-request
question
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/raptor#67
No description provided.