Fluid Attacks is an extension designed to ease the management of the resources
in our Continuous Hacking service.
It runs automatically on startup and can detect if the current file is
inside the fusion folder in the services repository. If it is in a Services
Fluid Attacks repository it will be activated.
So far, this extension will:
Showcase vulnerability locations and actions
See Finding descriptions and recommended actions
List Fluid Attacks groups the user has access to
List the repositories of each group
Clone repositories
Get ToE lines
Go to file from any ToE lines.
Obtain the ToE lines of each repository, with information on each file
Hide files that have already been attacked
Mark a file as attacked. Right-click in the file path
When opening a file, the vulnerabilities reported for the file will be
consulted and listed as VSCode diagnostics
Add lines to a vulnerability file
Requirements
Git
The Fluid Attacks API token
Installation
Expose the Fluid Attacks API token to the editor, either as an environment
variable named INTEGRATES_API_TOKEN or (recommended) as part of your VSCode
settings (.vscode/settings.json) like this
{
"fluidattacks.apiToken": "your-token-here"
}
You also can use the extension's settings menu or the Set Fluid Attacks Token
command to set it
Open the editor in the base folder of your repository. Make sure the base
folder's name is also the repository nickname or the remote URL for the local
repository is set
Note: Some platform admin roles have access to most or all of the groups,
but these groups are not directly assigned to the user, which may cause
the groups to not appear in the extension's menu. To list additional
groups they must be added to the vscode settings e.g.
