You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

6.4 KiB

🔒 Security Audit Report - fastapi

Audited by: 天工 AGI Security Auditor v4.0
Date: 2026-05-25
Method: Dual-LLM Cross-Validation (iamhc + longcat)
Files Scanned: 9


📊 Summary

Severity Confirmed Total
Critical 12 12
Medium 0 3

🔧 Detailed Findings & Fixes

🔴 Finding #1: hardcoded_password

File: test_response_model_data_filter_no_inheritance.py:41
Severity: Critical
CWE: CWE-798

📊 Formula Metrics:

  • 🔥 Risk Score: 68.5/100
  • 📈 Priority: 100.0/100
  • 🎯 Fused Confidence: 93.9% (iamhc: 60% / longcat: 95%)

Current Code:

hashed_password="secrethashed",

Why This Is a Problem: LLM output parsing failed

Fix:


Explanation:

Test Suggestion:


🔴 Finding #2: hardcoded_password

File: test_response_model_data_filter_no_inheritance.py:51
Severity: Critical
CWE: CWE-798

📊 Formula Metrics:

  • 🔥 Risk Score: 68.5/100
  • 📈 Priority: 100.0/100
  • 🎯 Fused Confidence: 93.9% (iamhc: 60% / longcat: 95%)

Current Code:

hashed_password="secrethashed",

Why This Is a Problem: LLM output parsing failed

Fix:


Explanation:

Test Suggestion:


🔴 Finding #3: hardcoded_password

File: test_response_model_data_filter.py:39
Severity: Critical
CWE: CWE-798

📊 Formula Metrics:

  • 🔥 Risk Score: 68.5/100
  • 📈 Priority: 100.0/100
  • 🎯 Fused Confidence: 93.9% (iamhc: 60% / longcat: 95%)

Current Code:

hashed_password="secrethashed",

Why This Is a Problem: LLM output parsing failed

Fix:


Explanation:

Test Suggestion:


🔴 Finding #4: hardcoded_password

File: test_response_model_data_filter.py:49
Severity: Critical
CWE: CWE-798

📊 Formula Metrics:

  • 🔥 Risk Score: 68.5/100
  • 📈 Priority: 100.0/100
  • 🎯 Fused Confidence: 93.9% (iamhc: 60% / longcat: 95%)

Current Code:

hashed_password="secrethashed",

Why This Is a Problem: LLM output parsing failed

Fix:


Explanation:

Test Suggestion:


🔴 Finding #5: hardcoded_password

File: test_filter_pydantic_sub_model_pv2.py:34
Severity: Critical
CWE: CWE-798

📊 Formula Metrics:

  • 🔥 Risk Score: 68.5/100
  • 📈 Priority: 100.0/100
  • 🎯 Fused Confidence: 93.9% (iamhc: 60% / longcat: 95%)

Current Code:

return ModelC(username="test-user", password="test-password")

Why This Is a Problem: LLM output parsing failed

Fix:


Explanation:

Test Suggestion:


🔴 Finding #6: hardcoded_password

File: test_webhooks_security.py:36
Severity: Critical
CWE: CWE-798

📊 Formula Metrics:

  • 🔥 Risk Score: 70.4/100
  • 📈 Priority: 100.0/100
  • 🎯 Fused Confidence: 93.9% (iamhc: 60% / longcat: 95%)

Current Code:

new_subscription(body={}, token="Bearer 123")

Why This Is a Problem: LLM output parsing failed

Fix:


Explanation:

Test Suggestion:


🔴 Finding #7: hardcoded_password

File: test_tutorial004.py:25
Severity: Critical
CWE: CWE-798

📊 Formula Metrics:

  • 🔥 Risk Score: 70.4/100
  • 📈 Priority: 100.0/100
  • 🎯 Fused Confidence: 93.9% (iamhc: 60% / longcat: 95%)

Current Code:

def get_access_token(*, username="johndoe", password="secret", client: TestClient):

Why This Is a Problem: LLM output parsing failed

Fix:


Explanation:

Test Suggestion:


🔴 Finding #8: hardcoded_password

File: test_tutorial004.py:167
Severity: Critical
CWE: CWE-798

📊 Formula Metrics:

  • 🔥 Risk Score: 70.4/100
  • 📈 Priority: 100.0/100
  • 🎯 Fused Confidence: 93.9% (iamhc: 60% / longcat: 95%)

Current Code:

username="alice", password="secretalice", client=client

Why This Is a Problem: LLM output parsing failed

Fix:


Explanation:

Test Suggestion:


🔴 Finding #9: hardcoded_password

File: test_tutorial005.py:41
Severity: Critical
CWE: CWE-798

📊 Formula Metrics:

  • 🔥 Risk Score: 70.4/100
  • 📈 Priority: 100.0/100
  • 🎯 Fused Confidence: 93.9% (iamhc: 60% / longcat: 95%)

Current Code:

*, username="johndoe", password="secret", scope=None, client: TestClient

Why This Is a Problem: LLM output parsing failed

Fix:


Explanation:

Test Suggestion:


🔴 Finding #10: hardcoded_password

File: test_tutorial005.py:191
Severity: Critical
CWE: CWE-798

📊 Formula Metrics:

  • 🔥 Risk Score: 70.4/100
  • 📈 Priority: 100.0/100
  • 🎯 Fused Confidence: 90.8% (iamhc: 60% / longcat: 90%)

Current Code:

username="alice", password="secretalice", scope="me", client=client

Why This Is a Problem: LLM output parsing failed

Fix:


Explanation:

Test Suggestion:


🔴 Finding #11: hardcoded_password

File: main.py:4
Severity: Critical
CWE: CWE-798

📊 Formula Metrics:

  • 🔥 Risk Score: 68.5/100
  • 📈 Priority: 100.0/100
  • 🎯 Fused Confidence: 93.9% (iamhc: 60% / longcat: 95%)

Current Code:

fake_secret_token = "coneofsilence"

Why This Is a Problem: LLM output parsing failed

Fix:


Explanation:

Test Suggestion:


🔴 Finding #12: hardcoded_password

File: main.py:6
Severity: Critical
CWE: CWE-798

📊 Formula Metrics:

  • 🔥 Risk Score: 68.5/100
  • 📈 Priority: 100.0/100
  • 🎯 Fused Confidence: 93.9% (iamhc: 60% / longcat: 95%)

Current Code:

fake_secret_token = "coneofsilence"

Why This Is a Problem: LLM output parsing failed

Fix:


Explanation:

Test Suggestion:


🏗️ CI/CD & Architecture Improvements

Additional recommendations:

  • Review CI/CD pipeline configurations for security best practices
  • Consider implementing SAST in pre-commit hooks
  • Add dependency scanning to CI pipeline

This PR was auto-generated by 天工 AGI Security Auditor v4.0 with dual-LLM cross-validation.