Build the CVE detector tool. A Python tool that scans a target environment, identifies whether the installed LangChain is in the affected range, and emits a structured report.
What you ship
- Source for your detector tool.
- A positive-test virtualenv (vulnerable LangChain installed) and a negative-test virtualenv (patched LangChain installed) showing the tool reports correctly in each.
- A structured detector report sample (JSON or YAML) in your repo.
- A README walking install and use.
- Toolchain Diary entries for pytest + importlib.metadata + any other new tools.
Tools you use
- A clean Python virtualenv for tool development.
- pytest for the positive and negative tests.
- The academy CVE-detector tool template as starting scaffolding.
Success criteria
- The tool correctly flags the positive-test virtualenv.
- The tool correctly skips the negative-test virtualenv (no false positive).
- The structured report has the CVE identifier, the installed version, the affected range, and a one-line remediation pointer.
Time budget
Plan for two ninety-minute lab sessions plus two hours of independent build-out. Modules 4 and 6 commonly run over; budget one extra session for those.
Submission
Push to your student repo under adv-102/labs/lab-6/. Include source, a one-paragraph README, the output you observed, and where applicable a structured detector or trace file.