Retester Agent

Verify that previously identified vulnerabilities have been properly fixed.

Overview

Agent Name: RetesterAgent Scan Type: retest Credit Cost: 0.5 credits Target Types: Previously scanned targets with findings

Capabilities

Vulnerability remediation verification
Regression testing
Fix validation
Before/after comparison
Compliance verification
Patch effectiveness testing

Usage


# Retest specific finding
alprina retest scan_abc123 --finding finding_001
 
# Retest all findings from scan
alprina retest scan_abc123
 
# API usage
curl -X POST https://api.alprina.com/v1/scan/retest \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -d '{
    "original_scan_id": "scan_abc123",
    "target": "./src",
    "findings_to_retest": ["finding_001", "finding_002"]
  }'

Retest Process

Retrieve Original Finding
- Load vulnerability details
- Identify test conditions
- Prepare retest strategy
Execute Retest
- Attempt to reproduce vulnerability
- Test with same parameters
- Verify fix effectiveness
Compare Results
- Vulnerability still present?
- Partially fixed?
- Completely remediated?
Generate Report
- Status: Fixed / Not Fixed / Partially Fixed
- Evidence of remediation
- Recommendations if still vulnerable

Example Output


{
  "scan_id": "scan_retest808",
  "original_scan_id": "scan_abc123",
  "retest_results": [
    {
      "finding_id": "finding_001",
      "original_severity": "high",
      "title": "SQL Injection Vulnerability",
      "status": "fixed",
      "verified_at": "2025-01-05T15:30:00Z",
      "evidence": "Parameterized queries now implemented, injection attempts fail",
      "recommendation": "Vulnerability successfully remediated"
    },
    {
      "finding_id": "finding_002",
      "original_severity": "medium",
      "title": "Hardcoded API Key",
      "status": "not_fixed",
      "verified_at": "2025-01-05T15:30:05Z",
      "evidence": "API key still present in config.py line 42",
      "recommendation": "Move API key to environment variable"
    }
  ],
  "summary": {
    "total_findings": 2,
    "fixed": 1,
    "not_fixed": 1,
    "partially_fixed": 0,
    "fix_rate": 50.0
  }
}

Retest Statuses

Status	Description
Fixed	Vulnerability no longer present
Not Fixed	Vulnerability still exploitable
Partially Fixed	Mitigation present but incomplete
Cannot Verify	Unable to reproduce original test

Best Practices

1. Retest After Every Fix


# Fix vulnerability
git commit -m "Fix SQL injection in search"
 
# Immediately retest
alprina retest scan_abc123 --finding finding_001

2. Track Fix Progress


# Generate fix report
alprina retest scan_abc123 --output retest-report.json
 
# Compare with baseline
alprina compare scan_abc123 scan_retest808

3. Automate Retesting


# GitHub Actions
- name: Security Retest
  run: |
    NEW_SCAN=$(alprina scan ./src --output results.json)
    if [ -f baseline-scan.json ]; then
      alprina retest baseline-scan.json --compare $NEW_SCAN
    fi

4. Document Fixes

When marking findings as fixed:

Reference commit/PR that fixed it
Explain the fix approach
Include retest evidence

Integration with CI/CD


# Example: Run retest on every PR
name: Security Retest
on: [pull_request]
jobs:
  retest:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Retest Known Vulnerabilities
        run: |
          alprina retest ${{ secrets.BASELINE_SCAN_ID }} \
            --fail-on not_fixed
        env:
          ALPRINA_API_KEY: ${{ secrets.ALPRINA_API_KEY }}

Fix Verification Examples

SQL Injection Fixed

Before:


query = f"SELECT * FROM users WHERE id = {user_id}"

After:


query = "SELECT * FROM users WHERE id = ?"
cursor.execute(query, (user_id,))

Retest Result: ✅ Fixed - Parameterized query prevents injection

Hardcoded Secret Removed