security-review
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseSecurity Review
安全审查
Comprehensive security audit for the MuRP codebase.
针对MuRP代码库的全面安全审计。
Security Checklist
安全检查清单
Authentication & Authorization
身份验证与授权
- No hardcoded credentials
- API keys only in environment variables
- Proper token handling
- RLS policies on Supabase tables
- 无硬编码凭据
- API密钥仅存储在环境变量中
- 正确的令牌处理
- Supabase表上的RLS策略
Data Protection
数据保护
- No sensitive data in logs
- PII properly handled
- Encryption for sensitive fields
- Input sanitization
- 日志中无敏感数据
- PII(个人可识别信息)妥善处理
- 敏感字段加密
- 输入清理
API Security
API安全
- SQL injection prevention (parameterized queries)
- XSS protection
- CSRF tokens where needed
- Rate limiting configured
- 防止SQL注入(参数化查询)
- XSS防护
- 必要时使用CSRF令牌
- 配置速率限制
Dependencies
依赖项
- Run
npm audit - Check for known vulnerabilities
- Verify dependency integrity
- 运行
npm audit - 检查已知漏洞
- 验证依赖项完整性
Infrastructure
基础设施
- Environment variables not exposed to frontend
- Edge functions use proper auth
- Webhook endpoints validated
- 环境变量不暴露给前端
- Edge Functions使用正确的身份验证
- Webhook端点已验证
Scan Commands
扫描命令
bash
undefinedbash
undefinedCheck for hardcoded secrets
检查硬编码密钥
grep -r "sk_" --include=".ts" --include=".tsx" .
grep -r "password.=" --include=".ts" --include="*.tsx" .
grep -r "sk_" --include=".ts" --include=".tsx" .
grep -r "password.=" --include=".ts" --include="*.tsx" .
Check npm vulnerabilities
检查npm漏洞
npm audit
npm audit
Check for console.log with sensitive data
检查包含敏感数据的console.log
grep -r "console.log.token|password|secret" --include=".ts" .
undefinedgrep -r "console.log.token|password|secret" --include=".ts" .
undefinedReport Format
报告格式
| Severity | File | Issue | Remediation |
|---|---|---|---|
| Critical | path | desc | fix |
| 严重程度 | 文件 | 问题 | 修复方案 |
|---|---|---|---|
| 严重 | 路径 | 描述 | 修复方法 |
Trigger Phrases
触发短语
- "security review"
- "security audit"
- "check for vulnerabilities"
- "/security-review"
- "安全审查"
- "安全审计"
- "检查漏洞"
- "/security-review"