Back to Details

find-bugs

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Find Bugs

查找Bug

Review changes on this branch for bugs, security vulnerabilities, and code quality issues.
评审此分支中的变更,查找其中的bug、安全漏洞和代码质量问题。

Phase 1: Complete Input Gathering

阶段1:完整收集输入

  1. Get the FULL diff: 
    git diff master...HEAD
  2. If output is truncated, read each changed file individually until you have seen every changed line
  3. List all files modified in this branch before proceeding
  1. 获取完整差异:
    git diff master...HEAD
  2. 如果输出被截断,逐个读取每个变更文件,直到查看完所有变更行
  3. 在继续之前,列出此分支中所有被修改的文件

Phase 2: Attack Surface Mapping

阶段2:攻击面映射

For each changed file, identify and list:
  • All user inputs (request params, headers, body, URL components)
  • All database queries
  • All authentication/authorization checks
  • All session/state operations
  • All external calls
  • All cryptographic operations
针对每个变更文件,识别并列出:
  • 所有用户输入(请求参数、请求头、请求体、URL组件)
  • 所有数据库查询
  • 所有身份验证/授权检查
  • 所有会话/状态操作
  • 所有外部调用
  • 所有加密操作

Phase 3: Security Checklist (check EVERY item for EVERY file)

阶段3:安全检查清单(为每个文件检查每一项)

  • Injection: SQL, command, template, header injection
  • XSS: All outputs in templates properly escaped?
  • Authentication: Auth checks on all protected operations?
  • Authorization/IDOR: Access control verified, not just auth?
  • CSRF: State-changing operations protected?
  • Race conditions: TOCTOU in any read-then-write patterns?
  • Session: Fixation, expiration, secure flags?
  • Cryptography: Secure random, proper algorithms, no secrets in logs?
  • Information disclosure: Error messages, logs, timing attacks?
  • DoS: Unbounded operations, missing rate limits, resource exhaustion?
  • Business logic: Edge cases, state machine violations, numeric overflow?
  • 注入问题:SQL注入、命令注入、模板注入、头部注入
  • XSS攻击:模板中的所有输出是否都已正确转义?
  • 身份验证:所有受保护操作是否都有身份验证检查?
  • 授权/越权访问(IDOR):是否验证了访问控制,而不仅仅是身份验证?
  • CSRF攻击:修改状态的操作是否受到保护?
  • 竞争条件:任何“先读后写”模式中是否存在TOCTOU问题?
  • 会话管理:会话固定、过期、安全标志是否配置正确?
  • 加密:是否使用安全随机数、合适的算法,日志中是否没有敏感信息?
  • 信息泄露:错误信息、日志、时序攻击是否存在风险?
  • 拒绝服务(DoS):是否存在无界操作、缺少速率限制、资源耗尽风险?
  • 业务逻辑:是否存在边缘情况、状态机违规、数值溢出问题?

Phase 4: Verification

阶段4:验证

For each potential issue:
  • Check if it's already handled elsewhere in the changed code
  • Search for existing tests covering the scenario
  • Read surrounding context to verify the issue is real
对于每个潜在问题:
  • 检查变更代码中是否已在其他地方处理了该问题
  • 搜索是否存在覆盖该场景的现有测试
  • 阅读周边上下文以验证问题是否真实存在

Phase 5: Pre-Conclusion Audit

阶段5:结论前审核

Before finalizing, you MUST:
  1. List every file you reviewed and confirm you read it completely
  2. List every checklist item and note whether you found issues or confirmed it's clean
  3. List any areas you could NOT fully verify and why
  4. Only then provide your final findings
在得出最终结论前,你必须:
  1. 列出你评审过的每个文件,并确认已完整阅读
  2. 列出每个检查项,注明是否发现问题或确认无问题
  3. 列出任何你无法完全验证的领域及原因
  4. 之后再提供最终发现

Output Format

输出格式

Prioritize: security vulnerabilities > bugs > code quality
Skip: stylistic/formatting issues
For each issue:
  • File:Line - Brief description
  • Severity: Critical/High/Medium/Low
  • Problem: What's wrong
  • Evidence: Why this is real (not already fixed, no existing test, etc.)
  • Fix: Concrete suggestion
  • References: OWASP, RFCs, or other standards if applicable
If you find nothing significant, say so - don't invent issues.
Do not make changes - just report findings. I'll decide what to address.
优先级:安全漏洞 > Bug > 代码质量问题
忽略:风格/格式问题
对于每个问题:
  • 文件:行号 - 简要描述
  • 严重程度:Critical(严重)/High(高)/Medium(中)/Low(低)
  • 问题:具体错误
  • 证据:为何此问题真实存在(未被修复、无现有测试等)
  • 修复建议:具体的修复方案
  • 参考:OWASP、RFCs或其他适用标准
如果未发现重大问题,请如实说明 - 不要编造问题。
请勿修改代码 - 仅报告发现的问题。我会决定需要处理哪些内容。