Exploit for patchbot

Name: Exploit for patchbot
Rating: 5 (69 reviews)
2026-04-12 | CVSS 6.1
## https://sploitus.com/exploit?id=1153CFD2-9DE7-56B3-B522-2CEBEF6D2533
# patchbot

`patchbot` is an AI-assisted security reviewer for pull request diffs. It asks an LLM for likely vulnerabilities, generates a proof-of-concept exploit, and then tries to confirm that exploit inside a locked-down Docker sandbox before reporting the finding.

## Why this project is useful

Most AI reviewers stop at "this looks risky." `patchbot` tries to separate noisy guesses from findings that can be demonstrated:

- analyze a git diff
- apply deterministic heuristics before calling the LLM
- propose an exploit and remediation
- run the exploit in an isolated container
- report confirmed vs potential findings

## Current status

This repository is now set up as a runnable baseline:

- installable CLI entry point
- safer sandbox confirmation logic
- stricter webhook security defaults
- deterministic checks for SQL injection, shell execution, and hardcoded secrets
- chunked large-diff analysis instead of naive truncation
- webhook endpoint tests for signed and invalid GitHub requests
- structured audit logging with secret redaction for the webhook service
- GitHub Actions CI and security workflows
- publishable project metadata and license files

It is still an early-stage project. The highest remaining risk is model reliability: the LLM may miss bugs, hallucinate patches, or produce non-working exploits. Treat the tool as an assistant, not a final authority.

The current analysis flow is now hybrid:

- deterministic heuristics catch a few high-signal issues without needing the model
- large diffs are analyzed in file-aware chunks
- the final report shows whether a finding came from `heuristic` or `llm` analysis

## Quickstart

### 1. Install

```bash
git clone https://github.com/AtharvaG109/patchbot
cd patchbot
python3 -m pip install -e ".[dev]"
cp .env.example .env
```

Add at least `ANTHROPIC_API_KEY` to `.env`.

### 2. Check your setup

```bash
patchbot doctor
```

### 3. Run locally

```bash
# built-in SQL injection demo
patchbot demo

# scan a diff file
patchbot scan changes.diff

# scan piped git diff
git diff HEAD~1 | patchbot scan -

# analyze only, skip Docker confirmation
patchbot scan changes.diff --no-sandbox

# emit GitHub-friendly markdown
patchbot scan changes.diff --format github
```

Exit codes:

- `0`: clean
- `1`: potential findings only
- `2`: one or more findings confirmed in the sandbox

## Run as a GitHub webhook

```bash
uvicorn webhook.app:app --host 0.0.0.0 --port 8080
```

Required environment variables:

- `GITHUB_TOKEN`
- `WEBHOOK_SECRET`

By default, webhook requests are rejected if `WEBHOOK_SECRET` is missing. For local-only testing you can explicitly opt into insecure mode:

```bash
PATCHBOT_ALLOW_INSECURE_WEBHOOKS=true uvicorn webhook.app:app --reload
```

## Security posture

This project is designed around the CIA triad:

- Confidentiality: secrets stay in environment variables, `.env` is ignored, sandbox networking is disabled.
- Integrity: GitHub webhook HMAC verification is enabled by default, the sandbox is read-only, non-root, and drops Linux capabilities.
- Availability: exploit execution is time-boxed and resource-constrained with CPU, memory, and PID limits.

Sandbox controls currently include:

- `--network none`
- `--read-only`
- `--tmpfs /tmp:size=32m,nosuid,nodev,noexec`
- `--cap-drop=ALL`
- `--user 65534:65534`
- `--security-opt no-new-privileges`
- `--memory=64m`
- `--cpus=0.5`
- `--pids-limit=64`
- `--rm`

Repository-level security files included here:

- `.github/workflows/ci.yml`
- `.github/workflows/security.yml`
- `.github/dependabot.yml`
- `SECURITY.md`

## Suggested next improvements

- Expand deterministic rules to cover SSRF, path traversal, unsafe deserialization, and insecure temp-file handling.
- Add GitHub App authentication if you want multi-repo production usage instead of a single token.
- Add persistent audit log sinks or log shipping if you want production-grade observability.

## Publish to GitHub

1. Create a new GitHub repository.
2. Update the placeholder URLs in `pyproject.toml` and this README.
3. Initialize git locally if needed:

```bash
git init
git add .
git commit -m "Initial patchbot release"
```

4. Add your remote and push:

```bash
git remote add origin git@github.com:AtharvaG109/patchbot.git
git branch -M main
git push -u origin main
```

5. In the GitHub repo settings, enable:

- branch protection
- Dependabot alerts and updates
- secret scanning / push protection if available
- CodeQL alerts

## Project structure

```text
agent/      LLM prompts, parsing, report models, and orchestration
cli/        Local command-line interface
sandbox/    Docker exploit runner
webhook/    FastAPI GitHub webhook
tests/      Fixtures and unit tests
```

## License

Apache 2.0