--- description: "Use the Fluid Attacks Cursor extension to view vulnerable code, apply treatments, request reattacks, accept vulnerabilities and fix code directly in your IDE." keywords: "Fluid Attacks platform, Fluid Attacks automatic fix, Fluid Attacks IDE extension, Fluid Attacks Cursor extension, Fluid Attacks Cursor integration, Fluid Attacks plugins, Fluid Attacks documentation" other: private: false title: Identify and address vulnerabilities from Cursor --- # Identify and address vulnerabilities from Cursor import { Image } from "@/components/image"; [Fluid Attacks](https://fluidattacks.com/)' Cursor extension offers the following functions: - [See vulnerable file and code line](https://help.fluidattacks.com/portal/en/kb/articles/identify-and-address-vulnerabilities-from-cursor#See_vulnerable_file_and_code_line) - [Assign Temporarily accepted treatment](https://help.fluidattacks.com/portal/en/kb/articles/identify-and-address-vulnerabilities-from-cursor#Assign_Temporarily_accepted_treatment) - [Request reattacks](https://help.fluidattacks.com/portal/en/kb/articles/identify-and-address-vulnerabilities-from-cursor#Request_reattacks) - [Go to DB](https://help.fluidattacks.com/portal/en/kb/articles/identify-and-address-vulnerabilities-from-cursor#Go_to_Criteria_and_vulnerability_on_the_platform) (links to Fluid Attacks' documentation on vulnerabilities) - [Go to vulnerability on the platform](https://help.fluidattacks.com/portal/en/kb/articles/identify-and-address-vulnerabilities-from-cursor#Go_to_Criteria_and_vulnerability_on_the_platform) - [View vulnerability description](https://help.fluidattacks.com/portal/en/kb/articles/identify-and-address-vulnerabilities-from-cursor#View_vulnerability_description) - [Get step-by-step remediation guides with Custom fix](https://help.fluidattacks.com/portal/en/kb/articles/get-ai-generated-guides-for-remediation) - [Get automatic fixing suggestions with Autofix](https://help.fluidattacks.com/portal/en/kb/articles/fix-code-automatically-with-gen-ai) To access the above functions, either click on the Fluid Attacks extension in Cursor's activity bar or click on repository files marked with a red dot in Cursor's explorer. This page guides you through using these functions except for the last two, for which there are dedicated, more detailed pages. > [!TIP] > > Haven't got the extension yet? [Install it](https://help.fluidattacks.com/portal/en/kb/articles/install-the-cursor-extension). ## See vulnerable file and code line You can view vulnerabilities reported in the Fluid Attacks platform from the AI-powered IDE. If starting from the Fluid Attacks extension icon, follow these steps: 1. Click on the Fluid Attacks icon in Cursor's activity bar. You are then presented with a comprehensive list of vulnerability types detected in your code. See reported vulnerability types in the Fluid Attacks Cursor extension

See reported vulnerability types in the Fluid Attacks Cursor extension

> [!TIP] > > Notice that the letters next to the names of vulnerability types inform you of their **severity** following the CVSS. 1. Click on the vulnerability type of your interest to view all affected files. View affected files on the Fluid Attacks Cursor extension

View affected files on the Fluid Attacks Cursor extension

1. Select a file of your interest to identify the line of code where the vulnerability is present, which is underlined with red. See vulnerable line of code with the Fluid Attacks Cursor extension

See vulnerable line of code with the Fluid Attacks Cursor extension

If starting from Cursor's explorer, follow these steps: 1. Open the project corresponding to the [Git repository](https://help.fluidattacks.com/portal/en/kb/articles/manage-repositories#Manage_Git_repositories) that is tested by Fluid Attacks. Files with vulnerabilities are marked with red dots. 1. Click on the files to open them. Open vulnerable files on the Fluid Attacks Cursor extension

Open vulnerable files on the Fluid Attacks Cursor extension

1. Identify the vulnerable lines of code, which have a red underline. ## Assign Temporarily accepted treatment Fluid Attacks allows you to [accept vulnerabilities](https://help.fluidattacks.com/portal/en/kb/articles/assign-treatments#Define_a_treatment_for_a_vulnerability) up to a defined date. To assign the 'Temporarily accepted' treatment starting from the Fluid Attacks extension icon, follow these steps: 1. Click on the Fluid Attacks icon in Cursor's activity bar. 1. Expand the type of vulnerability you wish to explore by clicking on its name. 1. Click on a vulnerable file to see some icons appear. Click on the calendar icon to apply the 'Temporarily accepted' treatment to that vulnerability. Accept vulnerability in the Fluid Attacks Cursor extension

Accept vulnerability in the Fluid Attacks Cursor extension

1. Write a justification for the acceptance, enter the date when it finalizes, and select your team member who is assigned this vulnerability. To confirm that the treatment was applied, wait until you receive a notification. 1. You may optionally refresh the view (**Ctrl/Cmd + R**) and observe whether the vulnerability's underline changes from red to yellow, indicating that the temporary treatment has been applied. If starting from Cursor's explorer, follow these steps: 1. Click on the file to open it. 1. Right-click on the underlined code and locate the **Accept Vulnerability Temporarily** option. 1. Write the justification for the acceptance, enter the date when it finalizes, and select the member of your team who is assigned this vulnerability. To confirm that the treatment was applied, wait until you receive a notification. ## Request reattacks [Reattacks](https://help.fluidattacks.com/portal/en/kb/articles/verify-fixes-with-reattacks) are the retests where Fluid Attacks verifies the effectiveness of the fixes you apply to your code. To request reattacks starting from the Fluid Attacks extension icon, follow these steps: 1. Click on the Fluid Attacks extension in Cursor's activity bar. 1. Expand the type of vulnerability you wish to explore by clicking on its name. 1. Click on a vulnerable file to see some icons appear. 1. Click on the shield icon to request a reattack. Find reattack option in the Fluid Attacks Cursor extension

Find reattack option in the Fluid Attacks Cursor extension

1. Type in a description of the fix you applied and press Enter/Return. A notification is shown shortly confirming the successful delivery of the request. 1. You can refresh the view (**Ctrl/Cmd + R**) and observe whether the vulnerability's underline changes from red to blue, indicating that the reattack was successfully requested. If starting from Cursor's explorer, follow these steps: 1. Click on the file to open it. 1. Right-click on the underlined code and locate the **Request reattack** option. 1. Type in a description of the fix you applied and press Enter/Return. A notification is shown shortly confirming the successful delivery of the request. > [!TIP] > > **Note:** Remember to push your code to the tests/security/integration branch. ## Go to DB and vulnerability on the platform The Fluid Attacks Cursor extension offers you external links to [Fluid Attacks' database](https://db.fluidattacks.com/) (DB) and, separately, to the report of the vulnerability on the platform. Fluid Attacks' DB is documentation that mainly presents the standards, requirements and vulnerability types that determine the results of security testing. If starting from the Fluid Attacks extension icon to access those external links: 1. Click on the extension in Cursor's activity bar. 1. Right-click on the type of vulnerability of your interest 1. Select between the options **Go to DB** and **Go to Finding**. If starting from Cursor's explorer, follow these steps to access the link to the DB: 1. Click on the file to open it. 1. Right-click on the vulnerable line and select **Go to DB**. To access the link to the vulnerability on the platform, starting from Cursor's explorer, do the following: 1. Click on the file to open it. 1. Locate the vulnerable line and hover your mouse cursor over it. A pop-up window appears, showing the definition and the external link. Open link to the platform from the Fluid Attacks Cursor extension

Open link to the platform from the Fluid Attacks Cursor extension

1. Click on the [link to the vulnerability](https://help.fluidattacks.com/portal/en/kb/articles/see-where-vulnerabilities-are-and-more-details#Get_the_link_to_share_the_details_of_a_vulnerability) on the platform. ## View vulnerability description [Fluid Attacks](https://fluidattacks.com/) offers comprehensive documentation on its own [classification of vulnerabilities](https://db.fluidattacks.com/wek/). To read Fluid Attacks' description of a vulnerability type, starting from the Fluid Attacks extension icon: 1. Click on the Fluid Attacks extension in Cursor's activity bar. 1. Right-click on the type of vulnerability of your interest. 1. Select **See Finding description**. The current editor view splits to show you the corresponding information from Fluid Attacks' documentation without leaving Cursor. This includes the information on attack vector, threat, severity score and average remediation time. If starting from Cursor's explorer, follow these steps to view the vulnerability description: 1. Click on the file to open it. 1. Right-click on the vulnerable line and select **See Finding description**. The vulnerability description and other details are displayed at the right side of the editor. ## Use the fix options > [!CAUTION] > > Always review the accuracy of remediation suggestions generated with AI. Fluid Attacks' Cursor extension uses AI to generate fix suggestions. You have two features at your disposal: - [**Custom fix**](https://help.fluidattacks.com/portal/en/kb/articles/get-ai-generated-guides-for-remediation)**:** Generates a step-by-step guide telling you how to fix your code. Access it by clicking on a file and then on the wrench icon. Use Custom fix on the Fluid Attacks Cursor extension

Use Custom fix on the Fluid Attacks Cursor extension

- [**Autofix**](https://help.fluidattacks.com/portal/en/kb/articles/fix-code-automatically-with-gen-ai)**:** Automatically generates a **suggested** pull request fixing the code (special caution is advised when using this function, as it intends to make changes directly to your codebase). Access it by clicking on a file and then on the hammer and wrench icon. Use Custom fix on the Fluid Attacks Cursor extension

> [!TIP] > > For more information on these features, refer to [Fix code with gen AI](https://help.fluidattacks.com/portal/en/kb/find-security-vulnerabilities/fix-code-with-gen-ai). ## Refresh button Click the refresh button to ensure that actions such as reattack requests and treatment assignment are reflected in the extension. Refresh the Fluid Attacks Cursor extension

Refresh the Fluid Attacks Cursor extension

Upon refreshing, vulnerability underlines update to reflect their status: - **Blue:** Reattack requested - **Yellow:** 'Temporarily accepted' treatment applied