Identify and address vulnerabilities from Cursor | Fluid Attacks Help

Identify and address vulnerabilities from Cursor

Fluid Attacks' Cursor extension offers the following functions:

To access the above functions, either click on the Fluid Attacks extension in Cursor's activity bar or click on repository files marked with a red dot in Cursor's explorer. This page guides you through using these functions except for the last two, for which there are dedicated, more detailed, pages.

Advice on installing the Cursor extension
Haven't got the extension yet? Install it.

See vulnerable file and code line

You can view vulnerabilities reported in the Fluid Attacks platform from the AI-powered IDE.

If starting from the Fluid Attacks extension icon, follow these steps:
  1. Click on the Fluid Attacks icon in Cursor's activity bar. You are then presented with a comprehensive list of vulnerability types detected in your code.

    See reported vulnerability types in the Fluid Attacks Cursor extension

  2. Advice on vulnerability severity
    Notice that the letters next to the names of vulnerability types inform you of their severity following the CVSS.
  3. Click on the vulnerability type of your interest to view all affected files.

  4. View affected files on the Fluid Attacks Cursor extension

  5. Select a file of your interest to identify the line of code where the vulnerability is present, which is underlined with red.

    See vulnerable line of code with the Fluid Attacks Cursor extension

If starting from Cursor's explorer, follow these steps:

  1. Open the project corresponding to the Git root that is tested by Fluid Attacks. Files with vulnerabilities are marked with red dots.

  2. Click on the files to open them.

  3. Open vulnerable files on the Fluid Attacks Cursor extension

  4. Identify the vulnerable lines of code, which have a red underline.

Assign Temporarily accepted treatment

Fluid Attacks allows you to accept vulnerabilities up to a defined date.

To assign the 'Temporarily accepted' treatment starting from the Fluid Attacks extension icon, follow these steps:
  1. Click on the Fluid Attacks icon in Cursor's activity bar.

  2. Expand the type of vulnerability you wish to explore by clicking on its name.

  3. Click on a vulnerable file to see some icons appear. Click on the calendar icon to apply the 'Temporarily accepted' treatment to that vulnerability.

    Accept vulnerability in the Fluid Attacks Cursor extension

  4. Write a justification for the acceptance, enter the date when it finalizes, and select your team member who is assigned this vulnerability. To confirm that the treatment was applied, wait until you receive a notification.

  5. You may optionally refresh the view (Ctrl/Cmd + R) and observe whether the vulnerability's underline changes from red to yellow, indicating that the temporary treatment has been applied.

If starting from Cursor's explorer, follow these steps:

  1. Click on the file to open it.

  2. Right-click on the underlined code and locate the Accept Vulnerability Temporarily option.

  3. Write the justification for the acceptance, enter the date when it finalizes, and select the member of your team who is assigned this vulnerability. To confirm that the treatment was applied, wait until you receive a notification.

Request reattacks

Reattacks are the retests where Fluid Attacks verifies the effectiveness of fixes you apply to your code.

To request reattacks starting from the Fluid Attacks extension icon, follow these steps:
  1. Click on the Fluid Attacks extension in Cursor's activity bar.

  2. Expand the type of vulnerability you wish to explore by clicking on its name.

  3. Click on a vulnerable file to see some icons appear.

  4. Click on the shield icon to request a reattack.

    Find reattack option in the Fluid Attacks Cursor extension

  5. Type in a description of the fix you applied and press Enter/Return. A notification is shown shortly confirming the successful delivery of the request.

  6. You can refresh the view (Ctrl/Cmd + R) and observe whether the vulnerability's underline changes from red to blue, indicating that the reattack was successfully requested.

If starting from Cursor's explorer, follow these steps:

  1. Click on the file to open it.

  2. Right-click on the underlined code and locate the Request reattack option.

  3. Type in a description of the fix you applied and press Enter/Return. A notification is shown shortly confirming the successful delivery of the request.

  4. Note on pushing codeNote: Remember to push your code to the tests/security/integration branch.

Go to Criteria and vulnerability on the platform

The Fluid Attacks Cursor extension offers you external links to Criteria at Fluid Attacks' Knowledge Base and, separately, to the report of the vulnerability on the platform. Fluid Attacks' Criteria is documentation that mainly presents the standards, requirements and vulnerability types that determine the results of security testing.

If starting from the Fluid Attacks extension icon to access those external links:
  1. Click on the extension in Cursor's activity bar.

  2. Right-click on the type of vulnerability of your interest

  3. Select between the options Go to Criteria and Go to Finding.

If starting from Cursor's explorer, follow these steps to access the link to Criteria:

  1. Click on the file to open it.

  2. Right-click on the vulnerable line and select Go to criteria.

To access the link to the vulnerability on the platform, starting from Cursor's explorer, do the following:

  1. Click on the file to open it.

  2. Locate the vulnerable line and hover your mouse cursor over it. A pop-up window appears, showing the definition and the external link.

  3. Open link to the platform from the Fluid Attacks Cursor extension
  4. Click on the link to the vulnerability on the platform.

View vulnerability description

Fluid Attacks offers comprehensive documentation on its own classification of vulnerabilities.

To read Fluid Attacks' description of a vulnerability type, starting from the Fluid Attacks extension icon:
  1. Click on the Fluid Attacks extension in Cursor's activity bar.

  2. Right-click on the type of vulnerability of your interest.

  3. Select See Finding description. The current editor view splits to show you the corresponding information from Fluid Attacks' documentation without leaving Cursor. This includes the information on attack vector, threat, severity score and average remediation time.

If starting from Cursor's explorer, follow these steps to view the vulnerability description:

  1. Click on the file to open it.

  2. Right-click on the vulnerable line and select See Finding description. The vulnerability description and other details are displayed at the right side of the editor.

Use fix options

Warning on AI generated fixes
Always review the accuracy of remediation suggestions generated with AI.
Fluid Attacks' Cursor extension uses AI to generate fix suggestions. You have two features at your disposal:
  • Custom fix: Generates a step-by-step guide telling you how to fix your code. Access it by clicking on a file and then on the wrench icon.

  • Use Custom fix on the Fluid Attacks Cursor extension

  • Autofix: Automatically generates a suggested pull request fixing the code (special caution is advised when using this function, as it intends to make changes directly to your codebase). Access it by clicking on a file and then on the hammer and wrench icon.

  • Use Custom fix on the Fluid Attacks Cursor extension

Advice on gen AI features
For more information on these features, refer to Fix code with gen AI.

Refresh button

Click the refresh button to ensure that actions such as reattack requests and treatment assignment are reflected in the extension.

Refresh the Fluid Attacks Cursor extension

Upon refreshing, vulnerability underlines update to reflect their status:

  • Blue: Reattack requested

  • Yellow: 'Temporarily accepted' treatment applied