Examples
Below are illustrative (though simplified) examples demonstrating how to identify each scenario.
A. Complete Match
You have written a small Python script, calculator.py, that contains exactly five functions (add
, subtract
, multiply
, divide
, and modulo
). Inspecting the environment you provided (say, a dedicated microservice container) the following is found:
- Only those five functions exist in the environment.
- There are no additional scripts, libraries, or utilities included.
Since the environment exactly mirrors your code — no more, no less. This is a Complete Match.
B. Fully Contained
Your calculator.py with five functions is deployed on a large ML platform environment that also includes data manipulation libraries, unrelated scripts, and logging frameworks. The following can be said about the environment:
- It does contain your entire calculator.py.
- It also has multiple other scripts and libraries not related to your code.
As the entire code is there, but the environment also has "extras," this is a Fully Contained.
C. Partial Match
In the environment you provided, only the add
and subtract
functions from your calculator.py are present. The other three (multiply
, divide
, and modulo
) are missing. The following can be said about your environment:
- Part of the code is included.
- It does not contain all five functions.
Because only some of the functions appear, this is a Partial Match.
D. Complete Mismatch
The provided environment is purely a text-processing service. It shares no common functions, structure, or code segments with your calculator.py.
Since none of your code's functionality is present, this is a Complete Mismatch.
E. No Environment
You provide only your calculator.py code; there is no container, no platform, no hosted environment — no context in which it is deployed.
Since no environment at all is provided, this is a No Environment.
Health Check
Health Check involves performing SCR, PTaaS, and RE on code written prior to acquiring the Continuous Hacking Advanced plan. Choosing whether or not to conduct a Health Check is a risk-based decision for the organization. The absence of Health Check could leave the organization unaware of existing vulnerabilities. If not performed on all the repositories of the group, the
accuracy SLA does not apply.
Fluid Attacks does not analyze applications without explicit authorization from the application's owner. Accordingly, a vulnerability found in software that Fluid Attacks has no consent to test (e.g., third-party software) does not constitute a false negative.