Back to Details

security-review

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Security Review Workflow

安全审查工作流

When to Use This Skill

本技能适用场景

  • Security audit of code changes
  • Implementing authentication/authorization
  • Data protection review
  • Vulnerability assessment
  • 代码变更安全审计
  • 身份验证/权限控制实现
  • 数据保护审查
  • 漏洞评估

Pre-Flight Checklist

前期检查清单

  • Identify security-sensitive areas
  • Review OWASP Top 10 relevance
  • Check for existing security patterns
  • Plan remediation approach
  • 识别安全敏感区域
  • 核查OWASP Top 10相关风险
  • 检查现有安全模式
  • 制定整改方案

OWASP Top 10 Checklist

OWASP Top 10 检查清单

1. Broken Access Control

1. 访问控制失效

csharp
// :x: VULNERABLE - No authorization check
[HttpGet("{id}")]
public async Task<Employee> Get(string id)
    => await repo.GetByIdAsync(id);

// :white_check_mark: SECURE - Authorization enforced
[HttpGet("{id}")]
[PlatformAuthorize(Roles.Manager, Roles.Admin)]
public async Task<Employee> Get(string id)
{
    var employee = await repo.GetByIdAsync(id);

    // Verify access to this specific resource
    if (employee.CompanyId != RequestContext.CurrentCompanyId())
        throw new UnauthorizedAccessException();

    return employee;
}
csharp
// :x: VULNERABLE - No authorization check
[HttpGet("{id}")]
public async Task<Employee> Get(string id)
    => await repo.GetByIdAsync(id);

// :white_check_mark: SECURE - Authorization enforced
[HttpGet("{id}")]
[PlatformAuthorize(Roles.Manager, Roles.Admin)]
public async Task<Employee> Get(string id)
{
    var employee = await repo.GetByIdAsync(id);

    // Verify access to this specific resource
    if (employee.CompanyId != RequestContext.CurrentCompanyId())
        throw new UnauthorizedAccessException();

    return employee;
}

2. Cryptographic Failures

2. 加密机制失效

csharp
// :x: VULNERABLE - Storing plain text secrets
var apiKey = config["ApiKey"];
await SaveToDatabase(apiKey);

// :white_check_mark: SECURE - Encrypt sensitive data
var encryptedKey = encryptionService.Encrypt(apiKey);
await SaveToDatabase(encryptedKey);

// Use secure configuration
var apiKey = config.GetValue<string>("ApiKey");  // From Azure Key Vault
csharp
// :x: VULNERABLE - Storing plain text secrets
var apiKey = config["ApiKey"];
await SaveToDatabase(apiKey);

// :white_check_mark: SECURE - Encrypt sensitive data
var encryptedKey = encryptionService.Encrypt(apiKey);
await SaveToDatabase(encryptedKey);

// Use secure configuration
var apiKey = config.GetValue<string>("ApiKey");  // From Azure Key Vault

3. Injection

3. 注入攻击

csharp
// :x: VULNERABLE - SQL Injection
var sql = $"SELECT * FROM Users WHERE Name = '{name}'";
await context.Database.ExecuteSqlRawAsync(sql);

// :white_check_mark: SECURE - Parameterized query
await context.Users.Where(u => u.Name == name).ToListAsync();

// Or if raw SQL needed:
await context.Database.ExecuteSqlRawAsync(
    "SELECT * FROM Users WHERE Name = @p0", name);
csharp
// :x: VULNERABLE - SQL Injection
var sql = $"SELECT * FROM Users WHERE Name = '{name}'";
await context.Database.ExecuteSqlRawAsync(sql);

// :white_check_mark: SECURE - Parameterized query
await context.Users.Where(u => u.Name == name).ToListAsync();

// Or if raw SQL needed:
await context.Database.ExecuteSqlRawAsync(
    "SELECT * FROM Users WHERE Name = @p0", name);

4. Insecure Design

4. 不安全设计

csharp
// :x: VULNERABLE - No rate limiting
[HttpPost("login")]
public async Task<IActionResult> Login(LoginRequest request)
    => await authService.Login(request);

// :white_check_mark: SECURE - Rate limiting applied
[HttpPost("login")]
[RateLimit(MaxRequests = 5, WindowSeconds = 60)]
public async Task<IActionResult> Login(LoginRequest request)
    => await authService.Login(request);
csharp
// :x: VULNERABLE - No rate limiting
[HttpPost("login")]
public async Task<IActionResult> Login(LoginRequest request)
    => await authService.Login(request);

// :white_check_mark: SECURE - Rate limiting applied
[HttpPost("login")]
[RateLimit(MaxRequests = 5, WindowSeconds = 60)]
public async Task<IActionResult> Login(LoginRequest request)
    => await authService.Login(request);

5. Security Misconfiguration

5. 安全配置错误

csharp
// :x: VULNERABLE - Detailed errors in production
app.UseDeveloperExceptionPage();  // Exposes stack traces

// :white_check_mark: SECURE - Generic errors in production
if (env.IsDevelopment())
    app.UseDeveloperExceptionPage();
else
    app.UseExceptionHandler("/Error");
csharp
// :x: VULNERABLE - Detailed errors in production
app.UseDeveloperExceptionPage();  // Exposes stack traces

// :white_check_mark: SECURE - Generic errors in production
if (env.IsDevelopment())
    app.UseDeveloperExceptionPage();
else
    app.UseExceptionHandler("/Error");

6. Vulnerable Components

6. 易受攻击的组件

bash
undefined
bash
undefined

Check for vulnerable packages

Check for vulnerable packages

dotnet list package --vulnerable
dotnet list package --vulnerable

Update vulnerable packages

Update vulnerable packages

dotnet outdated
undefined
dotnet outdated
undefined

7. Authentication Failures

7. 身份验证失效

csharp
// :x: VULNERABLE - Weak password policy
if (password.Length >= 4) { }

// :white_check_mark: SECURE - Strong password policy
public class PasswordPolicy
{
    public bool Validate(string password)
    {
        return password.Length >= 12
            && password.Any(char.IsUpper)
            && password.Any(char.IsLower)
            && password.Any(char.IsDigit)
            && password.Any(c => !char.IsLetterOrDigit(c));
    }
}
csharp
// :x: VULNERABLE - Weak password policy
if (password.Length >= 4) { }

// :white_check_mark: SECURE - Strong password policy
public class PasswordPolicy
{
    public bool Validate(string password)
    {
        return password.Length >= 12
            && password.Any(char.IsUpper)
            && password.Any(char.IsLower)
            && password.Any(char.IsDigit)
            && password.Any(c => !char.IsLetterOrDigit(c));
    }
}

8. Data Integrity Failures

8. 数据完整性失效

csharp
// :x: VULNERABLE - No validation of external data
var userData = await externalApi.GetUserAsync(id);
await SaveToDatabase(userData);

// :white_check_mark: SECURE - Validate external data
var userData = await externalApi.GetUserAsync(id);
var validation = userData.Validate();
if (!validation.IsValid)
    throw new ValidationException(validation.Errors);
await SaveToDatabase(userData);
csharp
// :x: VULNERABLE - No validation of external data
var userData = await externalApi.GetUserAsync(id);
await SaveToDatabase(userData);

// :white_check_mark: SECURE - Validate external data
var userData = await externalApi.GetUserAsync(id);
var validation = userData.Validate();
if (!validation.IsValid)
    throw new ValidationException(validation.Errors);
await SaveToDatabase(userData);

9. Logging Failures

9. 日志记录失效

csharp
// :x: VULNERABLE - Logging sensitive data
Logger.LogInformation("User login: {Email} {Password}", email, password);

// :white_check_mark: SECURE - Redact sensitive data
Logger.LogInformation("User login: {Email}", email);
// Never log passwords, tokens, or PII
csharp
// :x: VULNERABLE - Logging sensitive data
Logger.LogInformation("User login: {Email} {Password}", email, password);

// :white_check_mark: SECURE - Redact sensitive data
Logger.LogInformation("User login: {Email}", email);
// Never log passwords, tokens, or PII

10. SSRF (Server-Side Request Forgery)

10. SSRF(服务器端请求伪造)

csharp
// :x: VULNERABLE - User-controlled URL
var url = request.WebhookUrl;
await httpClient.GetAsync(url);  // Could access internal services

// :white_check_mark: SECURE - Validate and restrict URLs
if (!IsAllowedUrl(request.WebhookUrl))
    throw new SecurityException("Invalid webhook URL");

private bool IsAllowedUrl(string url)
{
    var uri = new Uri(url);
    return AllowedDomains.Contains(uri.Host)
        && uri.Scheme == "https";
}
csharp
// :x: VULNERABLE - User-controlled URL
var url = request.WebhookUrl;
await httpClient.GetAsync(url);  // Could access internal services

// :white_check_mark: SECURE - Validate and restrict URLs
if (!IsAllowedUrl(request.WebhookUrl))
    throw new SecurityException("Invalid webhook URL");

private bool IsAllowedUrl(string url)
{
    var uri = new Uri(url);
    return AllowedDomains.Contains(uri.Host)
        && uri.Scheme == "https";
}

Authorization Patterns

权限控制模式

Controller Level

控制器级别

csharp
[ApiController]
[Route("api/[controller]")]
[PlatformAuthorize]  // Require authentication
public class EmployeeController : PlatformBaseController
{
    [HttpPost]
    [PlatformAuthorize(Roles.Admin, Roles.Manager)]  // Role-based
    public async Task<IActionResult> Create(...)
}
csharp
[ApiController]
[Route("api/[controller]")]
[PlatformAuthorize]  // Require authentication
public class EmployeeController : PlatformBaseController
{
    [HttpPost]
    [PlatformAuthorize(Roles.Admin, Roles.Manager)]  // Role-based
    public async Task<IActionResult> Create(...)
}

Handler Level

处理器级别

csharp
protected override async Task<PlatformValidationResult<T>> ValidateRequestAsync(
    PlatformValidationResult<T> validation, CancellationToken ct)
{
    return await validation
        // Check role
        .And(_ => RequestContext.HasRole(Roles.Admin), "Admin role required")
        // Check company access
        .And(_ => entity.CompanyId == RequestContext.CurrentCompanyId(),
            "Access denied: different company")
        // Check ownership
        .And(_ => entity.OwnerId == RequestContext.UserId() ||
            RequestContext.HasRole(Roles.Admin),
            "Access denied: not owner");
}
csharp
protected override async Task<PlatformValidationResult<T>> ValidateRequestAsync(
    PlatformValidationResult<T> validation, CancellationToken ct)
{
    return await validation
        // Check role
        .And(_ => RequestContext.HasRole(Roles.Admin), "Admin role required")
        // Check company access
        .And(_ => entity.CompanyId == RequestContext.CurrentCompanyId(),
            "Access denied: different company")
        // Check ownership
        .And(_ => entity.OwnerId == RequestContext.UserId() ||
            RequestContext.HasRole(Roles.Admin),
            "Access denied: not owner");
}

Query Level

查询级别

csharp
// Always filter by company/user context
var employees = await repo.GetAllAsync(
    e => e.CompanyId == RequestContext.CurrentCompanyId()
        && (e.IsPublic || e.OwnerId == RequestContext.UserId()));
csharp
// Always filter by company/user context
var employees = await repo.GetAllAsync(
    e => e.CompanyId == RequestContext.CurrentCompanyId()
        && (e.IsPublic || e.OwnerId == RequestContext.UserId()));

Data Protection

数据保护

Sensitive Data Handling

敏感数据处理

csharp
public class SensitiveDataHandler
{
    // Encrypt at rest
    public string EncryptForStorage(string plainText)
        => encryptionService.Encrypt(plainText);

    // Mask for display
    public string MaskEmail(string email)
    {
        var parts = email.Split('@');
        return $"{parts[0][0]}***@{parts[1]}";
    }

    // Never log sensitive data
    public void LogUserAction(User user)
    {
        Logger.LogInformation("User action: {UserId}", user.Id);
        // NOT: Logger.Log("User: {Email} {Phone}", user.Email, user.Phone);
    }
}
csharp
public class SensitiveDataHandler
{
    // Encrypt at rest
    public string EncryptForStorage(string plainText)
        => encryptionService.Encrypt(plainText);

    // Mask for display
    public string MaskEmail(string email)
    {
        var parts = email.Split('@');
        return $"{parts[0][0]}***@{parts[1]}";
    }

    // Never log sensitive data
    public void LogUserAction(User user)
    {
        Logger.LogInformation("User action: {UserId}", user.Id);
        // NOT: Logger.Log("User: {Email} {Phone}", user.Email, user.Phone);
    }
}

File Upload Security

文件上传安全

csharp
public async Task<IActionResult> Upload(IFormFile file)
{
    // Validate file type
    var allowedTypes = new[] { ".pdf", ".docx", ".xlsx" };
    var extension = Path.GetExtension(file.FileName).ToLowerInvariant();
    if (!allowedTypes.Contains(extension))
        return BadRequest("Invalid file type");

    // Validate file size
    if (file.Length > 10 * 1024 * 1024)  // 10MB
        return BadRequest("File too large");

    // Scan for malware (if available)
    if (!await antivirusService.ScanAsync(file))
        return BadRequest("File rejected by security scan");

    // Generate safe filename
    var safeFileName = $"{Guid.NewGuid()}{extension}";

    // Save to isolated storage
    await fileService.SaveAsync(file, safeFileName);

    return Ok();
}
csharp
public async Task<IActionResult> Upload(IFormFile file)
{
    // Validate file type
    var allowedTypes = new[] { ".pdf", ".docx", ".xlsx" };
    var extension = Path.GetExtension(file.FileName).ToLowerInvariant();
    if (!allowedTypes.Contains(extension))
        return BadRequest("Invalid file type");

    // Validate file size
    if (file.Length > 10 * 1024 * 1024)  // 10MB
        return BadRequest("File too large");

    // Scan for malware (if available)
    if (!await antivirusService.ScanAsync(file))
        return BadRequest("File rejected by security scan");

    // Generate safe filename
    var safeFileName = $"{Guid.NewGuid()}{extension}";

    // Save to isolated storage
    await fileService.SaveAsync(file, safeFileName);

    return Ok();
}

Security Scanning Commands

安全扫描命令

bash
undefined
bash
undefined

.NET vulnerability scan

.NET vulnerability scan

dotnet list package --vulnerable
dotnet list package --vulnerable

Outdated packages

Outdated packages

dotnet outdated
dotnet outdated

Secret scanning

Secret scanning

grep -r "password|secret|apikey" --include=".cs" --include=".json"
grep -r "password|secret|apikey" --include=".cs" --include=".json"

Hardcoded credentials

Hardcoded credentials

grep -r "Password="" --include="*.cs" grep -r "connectionString.password" --include=".json"
undefined
grep -r "Password="" --include="*.cs" grep -r "connectionString.password" --include=".json"
undefined

Security Review Checklist

安全审查清单

Authentication

身份验证

  • Strong password policy enforced
  • Account lockout after failed attempts
  • Secure session management
  • JWT tokens properly validated
  • Refresh token rotation
  • 强制执行强密码策略
  • 多次失败尝试后锁定账户
  • 安全会话管理
  • JWT令牌正确验证
  • 刷新令牌轮换机制

Authorization

权限控制

  • All endpoints require authentication
  • Role-based access control implemented
  • Resource-level permissions checked
  • No privilege escalation possible
  • 所有端点要求身份验证
  • 实现基于角色的访问控制
  • 检查资源级权限
  • 无权限提升可能

Input Validation

输入验证

  • All inputs validated
  • SQL injection prevented (parameterized queries)
  • XSS prevented (output encoding)
  • File uploads validated
  • URL validation for redirects
  • 所有输入均经过验证
  • 防止SQL注入(使用参数化查询)
  • 防止XSS攻击(输出编码)
  • 文件上传验证
  • 重定向URL验证

Data Protection

数据保护

  • Sensitive data encrypted at rest
  • HTTPS enforced
  • No sensitive data in logs
  • Proper error handling (no stack traces)
  • 敏感数据静态加密
  • 强制使用HTTPS
  • 日志中无敏感数据
  • 合理的错误处理(不暴露堆栈跟踪)

Dependencies

依赖项

  • No known vulnerable packages
  • Dependencies regularly updated
  • Third-party code reviewed
  • 无已知易受攻击的包
  • 定期更新依赖项
  • 第三方代码已审查

Anti-Patterns to AVOID

需避免的反模式

:x: Trusting client input
csharp
var isAdmin = request.IsAdmin;  // User-supplied!
:x: Exposing internal errors
csharp
catch (Exception ex) { return BadRequest(ex.ToString()); }
:x: Hardcoded secrets
csharp
var apiKey = "sk_live_xxxxx";
:x: Insufficient logging
csharp
// No audit trail for sensitive operations
await DeleteAllUsers();
:x: 信任客户端输入
csharp
var isAdmin = request.IsAdmin;  // User-supplied!
:x: 暴露内部错误
csharp
catch (Exception ex) { return BadRequest(ex.ToString()); }
:x: 硬编码密钥
csharp
var apiKey = "sk_live_xxxxx";
:x: 日志记录不足
csharp
// No audit trail for sensitive operations
await DeleteAllUsers();

Verification Checklist

验证清单

  • OWASP Top 10 reviewed
  • Authentication/authorization verified
  • Input validation complete
  • Sensitive data protected
  • No hardcoded secrets
  • Logging appropriate (no PII)
  • Dependencies scanned
  • 已审查OWASP Top 10相关内容
  • 身份验证/权限控制已验证
  • 输入验证完成
  • 敏感数据已保护
  • 无硬编码密钥
  • 日志记录合规(无个人可识别信息)
  • 依赖项已扫描