Found in smoke #14
Comprehensive-bench has many dynamic routes (`/boards/:id`, `/boards/:id/task/:taskId`, `/help/:slug`) that BugHunter skipped during discovery: "no discoveryFixtures configured".
These routes host most of the nav-state, race, IDOR, and multi-context planted bugs. Skipping them blocks ~10 BugKinds in those categories.
Fix
Add a `.bughunter/discoveryFixtures.json` (or wherever the schema expects) declaring real seed IDs for each dynamic-segment parameter:
```json
{
"/boards/:id": ["b1", "b2", "b3"],
"/boards/:id/task/:taskId": [
{ "id": "b1", "taskId": "t-seed-1" },
{ "id": "b2", "taskId": "t-seed-2" }
],
"/help/:slug": ["getting-started", "billing", "api"]
}
```
The IDs must match what's in `comprehensive-bench/server/seed.js`. Cross-reference and document.
Tests
- BugHunter run against comprehensive-bench surfaces clusters from the dynamic routes (sample: an IDOR plant on `/boards/b1/task/t-seed-2` should be reachable)
- The skipped-with-no-fixtures log line goes away
Priority
High — single-config-file fix unlocks ~10 kinds.
Related
Found in smoke #14
Comprehensive-bench has many dynamic routes (`/boards/:id`, `/boards/:id/task/:taskId`, `/help/:slug`) that BugHunter skipped during discovery: "no discoveryFixtures configured".
These routes host most of the nav-state, race, IDOR, and multi-context planted bugs. Skipping them blocks ~10 BugKinds in those categories.
Fix
Add a `.bughunter/discoveryFixtures.json` (or wherever the schema expects) declaring real seed IDs for each dynamic-segment parameter:
```json
{
"/boards/:id": ["b1", "b2", "b3"],
"/boards/:id/task/:taskId": [
{ "id": "b1", "taskId": "t-seed-1" },
{ "id": "b2", "taskId": "t-seed-2" }
],
"/help/:slug": ["getting-started", "billing", "api"]
}
```
The IDs must match what's in `comprehensive-bench/server/seed.js`. Cross-reference and document.
Tests
Priority
High — single-config-file fix unlocks ~10 kinds.
Related