Fluid Attacks
Fluid Attacks is an extension designed to ease the management of the resources
in our Continuous Hacking service.
It runs automatically on startup and can detect if the current file is
inside the fusion folder in the services repository. If it is in a Services
Fluid Attacks repository it will be activated.
So far, this extension will:
- List ARM groups the user has access to
- List the repositories of each group
- Clone repositories
- Get ToE lines
- Go to file from any ToE lines.
- Obtain the ToE lines of each repository, with information on each file
- Hide files that have already been attacked
- Mark a file as attacked. Right-click in the file path
- When opening a file, the vulnerabilities reported for the file will be
consulted and listed as vscode diagnostics
- Add lines to a vulnerability file
Installation
This extension requires:
- The ARM API token, either as an environment variable named
INTEGRATES_API_TOKEN or as part of your vscode settings
(.vscode/settings.json) e.g.
{
"fluidattacks.apiToken": "your-token-here"
}
- A folder structure like this:
├── my-group
│ ├── my-repository
You must create a parent folder with the same name as the respective ARM group
that has the root(s) you want to analyze. In this directory, the repositories
of that group are cloned. Open the editor in the base root of your repository.
Note: Some ARM admin roles have access to most or all of the groups,
but these groups are not directly assigned to the user, which causes
the groups to not be listed in the Fluid Attacks menu. To list additional
groups they must be added to the vscode settings e.g.
{
"fluidattacks.extraGroups": ["your-group-here", "another-group"]
}
Support
If you have any questions you can check our
documentation or
feel free to Contact Us.
