cyntrisec

Overview Schema Related Servers Score Discussions

cyntrisec
scripts

verify_phase2.py•4.76 KiB

""" Verify Phase 2 Implementation (Cost-Aware Graph). """ import uuid import logging import sys from decimal import Decimal # Setup logging logging.basicConfig(level=logging.INFO) log = logging.getLogger("verify_phase2") # Import components from cyntrisec.core.cost_estimator import CostEstimator from cyntrisec.core.cuts import MinCutFinder, CutResult from cyntrisec.core.graph import GraphBuilder from cyntrisec.core.schema import Asset, Relationship, AttackPath def run_verification(): log.info("Starting Phase 2 Verification...") # 1. Verify Cost Estimator estimator = CostEstimator() rds_asset = Asset( snapshot_id=uuid.uuid4(), asset_type="rds:db-instance", aws_resource_id="db-1", name="Production DB" ) est = estimator.estimate(rds_asset) if est and est.monthly_cost_usd_estimate > 0: log.info(f"Cost Estimator Check: RDS cost = ${est.monthly_cost_usd_estimate} ({est.confidence}) - OK") else: log.error("Cost Estimator returned invalid result") sys.exit(1) # 2. Verify ROI Ranking Logic # We create a graph with 2 independent attack paths that require removing different edges. # Path 1: Blocks 1 path, saves $1000 (Redshift) # Path 2: Blocks 5 paths, saves $0 (Default) # Graph Construction snap_id = uuid.uuid4() # Asset A (Entry) -> B (Target: Redshift, $250) asset_a = Asset(snapshot_id=snap_id, asset_type="ec2:instance", aws_resource_id="a", name="Entry A") asset_b = Asset(snapshot_id=snap_id, asset_type="redshift:cluster", aws_resource_id="b", name="Target B") # High Cost # Asset C (Entry) -> D (Target: S3) asset_c = Asset(snapshot_id=snap_id, asset_type="ec2:instance", aws_resource_id="c", name="Entry C") asset_d = Asset(snapshot_id=snap_id, asset_type="s3:bucket", aws_resource_id="d", name="Target D") # Low Cost # Edges rel_ab = Relationship(snapshot_id=snap_id, source_asset_id=asset_a.id, target_asset_id=asset_b.id, relationship_type="ALLOWS_TRAFFIC_TO") # Cut 1 rel_cd = Relationship(snapshot_id=snap_id, source_asset_id=asset_c.id, target_asset_id=asset_d.id, relationship_type="ALLOWS_TRAFFIC_TO") # Cut 2 builder = GraphBuilder() graph = builder.build(assets=[asset_a, asset_b, asset_c, asset_d], relationships=[rel_ab, rel_cd]) # Mock Paths # Path 1 involves AB. Blocks 1 path. path_1 = AttackPath( snapshot_id=snap_id, source_asset_id=asset_a.id, target_asset_id=asset_b.id, path_asset_ids=[asset_a.id, asset_b.id], path_relationship_ids=[rel_ab.id], attack_vector="network", path_length=1, entry_confidence=Decimal("1"), exploitability_score=Decimal("1"), impact_score=Decimal("1"), risk_score=Decimal("1") ) # Path 2-6 involve CD. Blocks 5 paths. paths_cd = [] for i in range(5): paths_cd.append(AttackPath( snapshot_id=snap_id, source_asset_id=asset_c.id, target_asset_id=asset_d.id, path_asset_ids=[asset_c.id, asset_d.id], path_relationship_ids=[rel_cd.id], attack_vector="network", path_length=1, entry_confidence=Decimal("1"), exploitability_score=Decimal("1"), impact_score=Decimal("1"), risk_score=Decimal("1"), id=uuid.uuid4() # unique IDs )) all_paths = [path_1] + paths_cd # Run MinCutFinder finder = MinCutFinder(cost_estimator=estimator) result = finder.find_cuts(graph, all_paths, max_cuts=5) # Analysis # Cut AB: Blocks 1 path. Saving: Redshift($250). Score = 1 + (250 * 0.05) = 1 + 12.5 = 13.5 # Cut CD: Blocks 5 paths. Saving: S3(0/unknown). Score = 5 + 0 = 5. # Expectation: AB should be ranked HIGHER than CD despite blocking fewer paths, because cost savings are huge. # Note: This verifies the "Cost Aware" behavior. if len(result.remediations) != 2: log.error(f"Expected 2 remediations, got {len(result.remediations)}") sys.exit(1) first_rem = result.remediations[0] log.info(f"Top 1 Remediation: {first_rem.description} (ROI: {first_rem.roi_score})") log.info(f" Paths Blocked: {len(first_rem.paths_blocked)}") log.info(f" Cost Savings: ${first_rem.cost_savings}") if first_rem.relationship.id == rel_ab.id: log.info("Ranking Logic Check: PASSED (High Cost savings prioritized over pure path count in this specific weight scenario)") else: log.warning("Ranking Logic Check: FAILED (Expected Redshift cut to be first due to high cost savings)") log.info(f"Formula used: Score = Paths + (Savings * 0.05)") log.info(f"Rel AB Score: 1 + (250 * 0.05) = 13.5") log.info(f"Rel CD Score: 5 + (0 * 0.05) = 5") log.info("Verification Complete: SUCCESS") if __name__ == "__main__": run_verification()

Loading blob content...

Latest Blog Posts

Redis vs ioredis vs valkey-glide
By punkpeye on January 26, 2026.
benchmark
Redis
valkey
Quickstart: Publish an MCP Server to the MCP Registry
By punkpeye on January 24, 2026.
mcp
official reference mirror
Official MCP Registry Server.json Requirements
By punkpeye on January 24, 2026.
mcp
official reference mirror

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/tsyrulb/cyntrisec'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

verify_phase2.py•4.76 KiB