6.4 KiB
🔒 Security Audit Report - fastapi
Audited by: 天工 AGI Security Auditor v4.0
Date: 2026-05-25
Method: Dual-LLM Cross-Validation (iamhc + longcat)
Files Scanned: 9
📊 Summary
| Severity | Confirmed | Total |
|---|---|---|
| Critical | 12 | 12 |
| Medium | 0 | 3 |
🔧 Detailed Findings & Fixes
🔴 Finding #1: hardcoded_password
File: test_response_model_data_filter_no_inheritance.py:41
Severity: Critical
CWE: CWE-798
📊 Formula Metrics:
- 🔥 Risk Score:
68.5/100 - 📈 Priority:
100.0/100 - 🎯 Fused Confidence:
93.9%(iamhc: 60% / longcat: 95%)
Current Code:
hashed_password="secrethashed",
Why This Is a Problem: LLM output parsing failed
Fix:
Explanation:
Test Suggestion:
🔴 Finding #2: hardcoded_password
File: test_response_model_data_filter_no_inheritance.py:51
Severity: Critical
CWE: CWE-798
📊 Formula Metrics:
- 🔥 Risk Score:
68.5/100 - 📈 Priority:
100.0/100 - 🎯 Fused Confidence:
93.9%(iamhc: 60% / longcat: 95%)
Current Code:
hashed_password="secrethashed",
Why This Is a Problem: LLM output parsing failed
Fix:
Explanation:
Test Suggestion:
🔴 Finding #3: hardcoded_password
File: test_response_model_data_filter.py:39
Severity: Critical
CWE: CWE-798
📊 Formula Metrics:
- 🔥 Risk Score:
68.5/100 - 📈 Priority:
100.0/100 - 🎯 Fused Confidence:
93.9%(iamhc: 60% / longcat: 95%)
Current Code:
hashed_password="secrethashed",
Why This Is a Problem: LLM output parsing failed
Fix:
Explanation:
Test Suggestion:
🔴 Finding #4: hardcoded_password
File: test_response_model_data_filter.py:49
Severity: Critical
CWE: CWE-798
📊 Formula Metrics:
- 🔥 Risk Score:
68.5/100 - 📈 Priority:
100.0/100 - 🎯 Fused Confidence:
93.9%(iamhc: 60% / longcat: 95%)
Current Code:
hashed_password="secrethashed",
Why This Is a Problem: LLM output parsing failed
Fix:
Explanation:
Test Suggestion:
🔴 Finding #5: hardcoded_password
File: test_filter_pydantic_sub_model_pv2.py:34
Severity: Critical
CWE: CWE-798
📊 Formula Metrics:
- 🔥 Risk Score:
68.5/100 - 📈 Priority:
100.0/100 - 🎯 Fused Confidence:
93.9%(iamhc: 60% / longcat: 95%)
Current Code:
return ModelC(username="test-user", password="test-password")
Why This Is a Problem: LLM output parsing failed
Fix:
Explanation:
Test Suggestion:
🔴 Finding #6: hardcoded_password
File: test_webhooks_security.py:36
Severity: Critical
CWE: CWE-798
📊 Formula Metrics:
- 🔥 Risk Score:
70.4/100 - 📈 Priority:
100.0/100 - 🎯 Fused Confidence:
93.9%(iamhc: 60% / longcat: 95%)
Current Code:
new_subscription(body={}, token="Bearer 123")
Why This Is a Problem: LLM output parsing failed
Fix:
Explanation:
Test Suggestion:
🔴 Finding #7: hardcoded_password
File: test_tutorial004.py:25
Severity: Critical
CWE: CWE-798
📊 Formula Metrics:
- 🔥 Risk Score:
70.4/100 - 📈 Priority:
100.0/100 - 🎯 Fused Confidence:
93.9%(iamhc: 60% / longcat: 95%)
Current Code:
def get_access_token(*, username="johndoe", password="secret", client: TestClient):
Why This Is a Problem: LLM output parsing failed
Fix:
Explanation:
Test Suggestion:
🔴 Finding #8: hardcoded_password
File: test_tutorial004.py:167
Severity: Critical
CWE: CWE-798
📊 Formula Metrics:
- 🔥 Risk Score:
70.4/100 - 📈 Priority:
100.0/100 - 🎯 Fused Confidence:
93.9%(iamhc: 60% / longcat: 95%)
Current Code:
username="alice", password="secretalice", client=client
Why This Is a Problem: LLM output parsing failed
Fix:
Explanation:
Test Suggestion:
🔴 Finding #9: hardcoded_password
File: test_tutorial005.py:41
Severity: Critical
CWE: CWE-798
📊 Formula Metrics:
- 🔥 Risk Score:
70.4/100 - 📈 Priority:
100.0/100 - 🎯 Fused Confidence:
93.9%(iamhc: 60% / longcat: 95%)
Current Code:
*, username="johndoe", password="secret", scope=None, client: TestClient
Why This Is a Problem: LLM output parsing failed
Fix:
Explanation:
Test Suggestion:
🔴 Finding #10: hardcoded_password
File: test_tutorial005.py:191
Severity: Critical
CWE: CWE-798
📊 Formula Metrics:
- 🔥 Risk Score:
70.4/100 - 📈 Priority:
100.0/100 - 🎯 Fused Confidence:
90.8%(iamhc: 60% / longcat: 90%)
Current Code:
username="alice", password="secretalice", scope="me", client=client
Why This Is a Problem: LLM output parsing failed
Fix:
Explanation:
Test Suggestion:
🔴 Finding #11: hardcoded_password
File: main.py:4
Severity: Critical
CWE: CWE-798
📊 Formula Metrics:
- 🔥 Risk Score:
68.5/100 - 📈 Priority:
100.0/100 - 🎯 Fused Confidence:
93.9%(iamhc: 60% / longcat: 95%)
Current Code:
fake_secret_token = "coneofsilence"
Why This Is a Problem: LLM output parsing failed
Fix:
Explanation:
Test Suggestion:
🔴 Finding #12: hardcoded_password
File: main.py:6
Severity: Critical
CWE: CWE-798
📊 Formula Metrics:
- 🔥 Risk Score:
68.5/100 - 📈 Priority:
100.0/100 - 🎯 Fused Confidence:
93.9%(iamhc: 60% / longcat: 95%)
Current Code:
fake_secret_token = "coneofsilence"
Why This Is a Problem: LLM output parsing failed
Fix:
Explanation:
Test Suggestion:
🏗️ CI/CD & Architecture Improvements
Additional recommendations:
- Review CI/CD pipeline configurations for security best practices
- Consider implementing SAST in pre-commit hooks
- Add dependency scanning to CI pipeline
This PR was auto-generated by 天工 AGI Security Auditor v4.0 with dual-LLM cross-validation.