Variant Analysis

When you find a bug, the same mistake almost certainly exists elsewhere. Variant analysis systematically hunts for siblings of a known vulnerability.

Process

Step 1: Characterize the Original Bug

Before searching, understand what makes this bug a bug:

ORIGINAL BUG:
  File: src/api/users.ts:42
  Type: Missing input validation
  Pattern: req.params.id used directly in DB query without sanitization
  Root cause: Developer assumed framework sanitizes params
  Trigger: Untrusted input reaches database query