security-vulnerability-scan

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

security-vulnerability-scan

安全漏洞扫描工具

OWASP Top 10:2025-aligned vulnerability scanner for any codebase. Static-only (no source files modified); produces a persisted Markdown report under

audit/<YYYY-MM-DD>/report.md

in the project root and echoes the path back to the user.

符合OWASP Top 10:2025标准的代码库漏洞扫描工具。仅执行静态扫描（不会修改源文件）；会在项目根目录的

audit/<YYYY-MM-DD>/report.md

路径下生成持久化Markdown报告，并向用户返回报告路径。

When I Activate

触发场景

Activate proactively on any of the following — do not wait for the literal phrase "use the security-vulnerability-scan skill":

"review this code", "code review", "PR review", "review my app"
"security review", "security audit", "audit this app", "audit my code"
"scan for vulnerabilities", "vulnerability scan", "find vulnerabilities", "OWASP scan"
"look for improvements", "find issues", "what could be better", "what should I fix"
"harden security", "secure this", "make it more secure", "lock down"
"check for OWASP", "OWASP Top 10", "CVE check", "CWE", "threat model"
"find secrets", "leaked credentials", "exposed keys", "secret scan"
"pentest this", "attack surface", "assess risk", "risk assessment"
"audit dependencies", "vulnerable packages", "dependency audit", "outdated packages"

When in doubt, trigger. Overtriggering this skill is cheap; missing a real security review is expensive.

出现以下任意场景时主动触发，无需等待用户明确说出“使用security-vulnerability-scan技能”：

"审查这段代码"、"代码审查"、"PR审查"、"审查我的应用"
"安全审查"、"安全审计"、"审计这个应用"、"审计我的代码"
"扫描漏洞"、"漏洞扫描"、"查找漏洞"、"OWASP扫描"
"寻找改进点"、"查找问题"、"哪些地方可以优化"、"我应该修复什么"
"强化安全"、"保障安全"、"提升安全性"、"锁定安全"
"检查OWASP"、"OWASP Top 10"、"CVE检查"、"CWE"、"威胁模型"
"查找密钥"、"凭证泄露"、"密钥暴露"、"密钥扫描"
"渗透测试"、"攻击面分析"、"风险评估"、"风险评价"
"审计依赖"、"易受攻击的包"、"依赖审计"、"过时包"

如有疑问，直接触发。过度触发本技能的成本很低，但遗漏真实安全审查的代价极高。

Read/Write Contract

读写规则

Read the project freely: source files, configs, lockfiles, manifests.
Write exactly one location:
```
<project root>/audit/<YYYY-MM-DD>/report.md
```
(or a timestamped variant if it already exists).
Never modify source files, configs, dependencies, lockfiles,
```
.gitignore
```
,
```
.env*
```
, or anything outside
```
audit/
```
.
No outbound network calls are required after Step 0 (clone) completes. Optional dependency-audit shell calls (
```
npm audit
```
,
```
pip-audit
```
, …) require network and exec — mark them as skipped in sandboxed environments.

读取权限：可自由读取项目中的源文件、配置文件、锁文件、清单文件。
写入权限：仅能写入一个位置：
```
<项目根目录>/audit/<YYYY-MM-DD>/report.md
```
（若该文件已存在，则使用带时间戳的变体）。
禁止修改：不得修改源文件、配置文件、依赖项、锁文件、
```
.gitignore
```
、
```
.env*
```
或
```
audit/
```
目录以外的任何内容。
网络调用规则：完成步骤0（克隆）后无需进行出站网络调用。可选的依赖审计Shell调用（
```
npm audit
```
、
```
pip-audit
```
等）需要网络和执行权限——在沙箱环境中需标记为已跳过。

Step 0 — Bootstrap Decision

步骤0 — 初始化判断

Determine whether the working directory already contains a project, or is blank and needs a clone.

bash

undefined

判断工作目录是否已包含项目，或是空白目录需要克隆项目。

bash

undefined

Inside a git repo?

是否在git仓库内？

git rev-parse --is-inside-work-tree 2>/dev/null


Also check for telltale project files:

```bash

git rev-parse --is-inside-work-tree 2>/dev/null


同时检查标志性项目文件：

```bash

Glob '**/*' capped — if nothing meaningful, treat as blank.

匹配'**/*'但限制范围——若未找到有意义的文件，则视为空白目录。


Use Glob to look for any of: `package.json`, `pyproject.toml`, `requirements.txt`, `go.mod`, `pom.xml`, `build.gradle`, `Gemfile`, `Cargo.toml`, `composer.json`, `*.csproj`, `*.sln`, `Dockerfile`, `*.tf`.

**If populated:** skip to Step 1.

**If blank:** ask the user for a GitHub URL. Then clone:

```bash
gh repo clone <url> .   # preferred — uses gh auth


使用Glob查找以下任意文件：`package.json`、`pyproject.toml`、`requirements.txt`、`go.mod`、`pom.xml`、`build.gradle`、`Gemfile`、`Cargo.toml`、`composer.json`、`*.csproj`、`*.sln`、`Dockerfile`、`*.tf`。

**若目录非空**：跳至步骤1。

**若目录为空**：向用户索要GitHub URL，然后克隆项目：

```bash
gh repo clone <url> .   # 优先使用——借助gh认证

fallback if gh unavailable:

若gh不可用则使用备选方案：

git clone <url> .


Re-run the populated check and proceed to Step 1. If both clone commands fail, stop and report the error verbatim; do not improvise.

git clone <url> .


重新执行非空检查后进入步骤1。若两种克隆命令均失败，则停止操作并如实报告错误；不得自行变通。

Step 1 — Recon

步骤1 — 技术栈识别

Identify the stack so subsequent checks are framework-aware.

Signal	Detect via	What it tells you
`package.json`	Read	Node/JS; check `dependencies` for express/fastify/koa/next/nest, react/vue/svelte
`pyproject.toml` , `requirements.txt` , `Pipfile`	Read	Python; check for django/flask/fastapi
`go.mod`	Read	Go; framework is in imports (gin/echo/fiber/chi)
`pom.xml` , `build.gradle` , `build.gradle.kts`	Read	Java/Kotlin; spring-boot/quarkus
`Gemfile`	Read	Ruby; rails/sinatra
`Cargo.toml`	Read	Rust; actix-web/axum/rocket
`composer.json`	Read	PHP; laravel/symfony
`.csproj` , `.sln`	Glob+Read	.NET; aspnetcore version
`Dockerfile` , `docker-compose.yml`	Read	Runtime base images; exposed ports; build steps
`.github/workflows/*.yml` , `.gitlab-ci.yml` , `bitbucket-pipelines.yml`	Glob+Read	CI/CD posture for A03/A08
`terraform/` , `*.tf` , `cdk.json` , `pulumi.yaml`	Glob	IaC for A02 misconfig
`.env` , `config/.{yml,yaml,json,toml}`	Glob	Configuration surface, secret leak risk

Capture: language(s), web framework(s), DB driver(s), auth library, runtime image, CI provider, package manager. Use this profile to prioritize Step 4 framework checks.

识别项目技术栈，以便后续检查适配对应框架。

信号	检测方式	说明
`package.json`	读取文件	Node/JS技术栈；检查 `dependencies` 中的express/fastify/koa/next/nest、react/vue/svelte等框架
`pyproject.toml` 、 `requirements.txt` 、 `Pipfile`	读取文件	Python技术栈；检查django/flask/fastapi等框架
`go.mod`	读取文件	Go技术栈；从导入语句中识别框架（gin/echo/fiber/chi）
`pom.xml` 、 `build.gradle` 、 `build.gradle.kts`	读取文件	Java/Kotlin技术栈；spring-boot/quarkus等框架
`Gemfile`	读取文件	Ruby技术栈；rails/sinatra等框架
`Cargo.toml`	读取文件	Rust技术栈；actix-web/axum/rocket等框架
`composer.json`	读取文件	PHP技术栈；laravel/symfony等框架
`.csproj` 、 `.sln`	匹配+读取	.NET技术栈；aspnetcore版本
`Dockerfile` 、 `docker-compose.yml`	读取文件	运行时基础镜像；暴露端口；构建步骤
`.github/workflows/*.yml` 、 `.gitlab-ci.yml` 、 `bitbucket-pipelines.yml`	匹配+读取	用于A03/A08类问题的CI/CD配置检查
`terraform/` 、 `*.tf` 、 `cdk.json` 、 `pulumi.yaml`	匹配	用于A02类配置错误的IaC（基础设施即代码）检查
`.env` 、 `config/.{yml,yaml,json,toml}`	匹配	配置面、密钥泄露风险检查

记录：语言、Web框架、数据库驱动、认证库、运行时镜像、CI提供商、包管理器。利用此信息优先执行步骤4中的框架针对性检查。

Step 2 — OWASP Top 10:2025 Static Scan

步骤2 — OWASP Top 10:2025静态扫描

One short scan section per category. Each section ends with a pointer to the reference file, which you load on demand only when triaging a specific finding in that category.

每个类别对应一个简短的扫描章节。每个章节末尾需指向参考文件，仅在分类排查具体问题时按需加载该文件。

A01:2025 — Broken Access Control

A01:2025 — 访问控制失效

Grep targets (Node/Python/Go syntaxes shown; adapt to stack):

Missing auth middleware on routes:

app\.(get|post|put|delete|patch)\s*\(

without an

authenticate

authorize

requireAuth

-style guard nearby.

IDOR risk: queries by primary key that don't scope to the session user:
```
findByPk$req\.(params|body|query)\.id$
```
,
```
WHERE id\s*=\s*\$\{
```
without a tenant/user filter.

Mass assignment:

req\.body

spread into a model

User.create({...req.body})

User.update(req.body)

Path traversal:
```
path.join
```
/
```
fs.read
```
/
```
open(
```
with unsanitized user input. Look for
```
..
```
allowed in supplied paths.

CORS wildcard with credentials:

Access-Control-Allow-Origin:\s*\*

next to

Access-Control-Allow-Credentials:\s*true

JWT
```
alg: none
```
accepted, JWT decode without verify, JWT secret hard-coded.
Hidden admin/debug routes: grep for
```
/admin
```
,
```
/debug
```
,
```
/internal
```
,
```
/__
```
and check guard presence.

For full guidance (description, prevention, attack scenarios, mapped CWEs), read
references/A01_2025-Broken_Access_Control.md
before recommending fixes.

Grep扫描目标（示例为Node/Python/Go语法；需适配对应技术栈）：

路由缺少认证中间件：

app\.(get|post|put|delete|patch)\s*\(

附近无

authenticate

authorize

requireAuth

类守卫。

IDOR（不安全的直接对象引用）风险：查询主键时未限定会话用户范围：
```
findByPk$req\.(params|body|query)\.id$
```
、
```
WHERE id\s*=\s*\$\{
```
未添加租户/用户过滤条件。

批量赋值：

req\.body

直接扩展到模型中

User.create({...req.body})

、

User.update(req.body)

。

路径遍历：
```
path.join
```
/
```
fs.read
```
/
```
open(
```
使用未净化的用户输入。查找路径中允许
```
..
```
的情况。

CORS通配符与凭证共存：

Access-Control-Allow-Origin:\s*\*

与

Access-Control-Allow-Credentials:\s*true

同时存在。

JWT接受
```
alg: none
```
算法、解码JWT时未验证、JWT密钥硬编码。
隐藏的管理员/调试路由：查找
```
/admin
```
、
```
/debug
```
、
```
/internal
```
、
```
/__
```
路径并检查是否有守卫。

如需完整指导（描述、预防方案、攻击场景、对应CWE），在推荐修复方案前请阅读
references/A01_2025-Broken_Access_Control.md
。

A02:2025 — Security Misconfiguration

A02:2025 — 安全配置错误

Grep / file checks:

Debug/verbose error pages in prod:
```
DEBUG\s*=\s*True
```
,
```
app.debug = True
```
,
```
NODE_ENV
```
defaulting to development.
Default credentials in configs:
```
admin:admin
```
,
```
root:root
```
,
```
password=changeme
```
.

Permissive CORS, missing Helmet/

helmet()

, missing security headers (

Strict-Transport-Security

Content-Security-Policy

X-Content-Type-Options

Referrer-Policy

Permissions-Policy

Open S3/GCS buckets:

acl: public-read

BucketAccessControl.PUBLIC_READ

iam.PublicAccessPrevention: inherited

Container hygiene:

FROM .*:latest

USER root

left in final stage,

apt-get install

without

--no-install-recommends

, missing

rm -rf /var/lib/apt/lists/*

Docker-compose with ports
```
0.0.0.0:
```
bound to dev-only services.
Terraform/CDK:
```
0.0.0.0/0
```
ingress rules, public RDS, unencrypted S3.
Sample apps /
```
/swagger
```
,
```
/api-docs
```
,
```
/graphql
```
exposed without auth in non-dev.

For full guidance, read
references/A02_2025-Security_Misconfiguration.md
.

Grep/文件检查：

生产环境中启用调试/详细错误页面：
```
DEBUG\s*=\s*True
```
、
```
app.debug = True
```
、
```
NODE_ENV
```
默认设为开发环境。
配置文件中存在默认凭证：
```
admin:admin
```
、
```
root:root
```
、
```
password=changeme
```
。

CORS配置过于宽松、未安装Helmet/

helmet()

、缺少安全头（

Strict-Transport-Security

、

Content-Security-Policy

、

X-Content-Type-Options

、

Referrer-Policy

、

Permissions-Policy

）。

开放的S3/GCS存储桶：

acl: public-read

、

BucketAccessControl.PUBLIC_READ

、

iam.PublicAccessPrevention: inherited

。

容器卫生问题：

FROM .*:latest

、最终阶段保留

USER root

、

apt-get install

未添加

--no-install-recommends

、未执行

rm -rf /var/lib/apt/lists/*

。

Docker-compose将开发专用服务绑定到
```
0.0.0.0:
```
端口。
Terraform/CDK：
```
0.0.0.0/0
```
入站规则、公开的RDS、未加密的S3。
非开发环境中暴露示例应用/
```
/swagger
```
、
```
/api-docs
```
、
```
/graphql
```
且未加认证。

如需完整指导，请阅读
references/A02_2025-Security_Misconfiguration.md
。

A03:2025 — Software Supply Chain Failures

A03:2025 — 软件供应链故障

Lockfile + dependency checks:

Confirm a lockfile exists:

package-lock.json

yarn.lock

pnpm-lock.yaml

poetry.lock

Pipfile.lock

go.sum

Gemfile.lock

Cargo.lock

. No lockfile is itself a finding.

Known-vulnerable packages: run if available —
```
npm audit --json
```
,
```
pip-audit -f json
```
,
```
bundle audit
```
,
```
cargo audit
```
,
```
govulncheck ./...
```
,
```
osv-scanner -r .
```
. Mark as skipped if exec/network is forbidden.
GitHub Actions pinning: grep workflows for
```
uses:\s*[\w/-]+@v?\d+
```
(tag-pinned) vs
```
uses:\s*[\w/-]+@[0-9a-f]{40}
```
(SHA-pinned). Tag-pinned third-party actions are findings.
Registry trust:
```
.npmrc
```
/
```
pip.conf
```
/
```
.cargo/config.toml
```
referencing unknown registries.
Auto-update without signature: code that downloads + runs binaries (
```
curl ... | sh
```
in Dockerfile/CI scripts).

Direct fetches from

raw.githubusercontent.com

gist.github.com

in build scripts.

SBOM presence: any
```
sbom.json
```
,
```
bom.xml
```
,
```
*.cdx.json
```
,
```
*.spdx.json
```
. Absence is a finding.

For full guidance, read
references/A03_2025-Software_Supply_Chain_Failures.md
.

锁文件+依赖检查：

确认锁文件存在：

package-lock.json

、

yarn.lock

、

pnpm-lock.yaml

、

poetry.lock

、

Pipfile.lock

、

go.sum

、

Gemfile.lock

、

Cargo.lock

。无锁文件本身即视为问题。

已知易受攻击的包：若允许则执行——
```
npm audit --json
```
、
```
pip-audit -f json
```
、
```
bundle audit
```
、
```
cargo audit
```
、
```
govulncheck ./...
```
、
```
osv-scanner -r .
```
。若禁止执行/网络调用则标记为已跳过。
GitHub Actions版本固定：查找工作流中
```
uses:\s*[\w/-]+@v?\d+
```
（标签固定）与
```
uses:\s*[\w/-]+@[0-9a-f]{40}
```
（SHA固定）。使用标签固定的第三方Action视为问题。
仓库可信度：
```
.npmrc
```
/
```
pip.conf
```
/
```
.cargo/config.toml
```
引用未知仓库。
无签名的自动更新：代码中存在下载并运行二进制文件的逻辑（Dockerfile/CI脚本中的
```
curl ... | sh
```
）。
构建脚本中直接从
```
raw.githubusercontent.com
```
或
```
gist.github.com
```
获取内容。
SBOM存在性：检查是否有
```
sbom.json
```
、
```
bom.xml
```
、
```
*.cdx.json
```
、
```
*.spdx.json
```
。不存在SBOM视为问题。

如需完整指导，请阅读
references/A03_2025-Software_Supply_Chain_Failures.md
。

A04:2025 — Cryptographic Failures

A04:2025 — 加密机制失效

Grep targets:

Weak hashes for security:

\b(md5|sha1)\b

crypto.createHash\(['"](md5|sha1)['"]\)

hashlib\.(md5|sha1)\(

Weak ciphers:

\b(DES|3DES|RC4|ECB)\b

Cipher\.getInstance\(['"](DES|RC4|.*ECB)['"]\)

crypto.createCipher\(

(deprecated; no IV).

Bad randomness for security:
```
Math\.random
```
,
```
rand
```
,
```
random\.random
```
,
```
new Random
```
— flag near token/password-reset/CSRF generation.

Cert validation disabled:

rejectUnauthorized:\s*false

verify=False

InsecureSkipVerify:\s*true

ServicePointManager\.ServerCertificateValidationCallback

Hard-coded keys / IVs / secrets:

(?i)(secret|key|password|token|api[_-]?key)\s*[:=]\s*['"][^'"]{8,}['"]

Plain HTTP:
```
http://
```
URLs to internal services in non-localhost contexts.
TLS downgrades:
```
TLSv1\b
```
,
```
SSLv3
```
, ciphersuite strings allowing
```
:RC4:
```
or
```
:NULL:
```
.
Password storage without KDF:
```
bcrypt
```
/
```
scrypt
```
/
```
argon2
```
/
```
pbkdf2
```
absent and passwords being hashed with bare SHA-* or stored plain.
AES-GCM nonce reuse risk:
```
createCipheriv\('aes-...-gcm', key, iv)
```
where
```
iv
```
is constant or counter-derived from a recycled source.

For full guidance, read
references/A04_2025-Cryptographic_Failures.md
.

Grep扫描目标：

使用弱哈希算法处理安全相关数据：

\b(md5|sha1)\b

、

crypto.createHash\(['"](md5|sha1)['"]\)

、

hashlib\.(md5|sha1)\(

。

使用弱密码算法：

\b(DES|3DES|RC4|ECB)\b

、

Cipher\.getInstance\(['"](DES|RC4|.*ECB)['"]\)

、

crypto.createCipher\(

（已弃用；无IV）。

安全场景中使用弱随机数：
```
Math\.random
```
、
```
rand
```
、
```
random\.random
```
、
```
new Random
```
——在令牌/密码重置/CSRF生成附近标记此类代码。

禁用证书验证：

rejectUnauthorized:\s*false

、

verify=False

、

InsecureSkipVerify:\s*true

、

ServicePointManager\.ServerCertificateValidationCallback

。

硬编码密钥/IV/密钥：

(?i)(secret|key|password|token|api[_-]?key)\s*[:=]\s*['"][^'"]{8,}['"]

。

使用明文HTTP：非本地环境中内部服务使用
```
http://
```
URL。
TLS降级：
```
TLSv1\b
```
、
```
SSLv3
```
、密码套件字符串允许
```
:RC4:
```
或
```
:NULL:
```
。
密码存储未使用KDF：未使用
```
bcrypt
```
/
```
scrypt
```
/
```
argon2
```
/
```
pbkdf2
```
，密码使用裸SHA-*哈希或明文存储。
AES-GCM随机数重用风险：
```
createCipheriv\('aes-...-gcm', key, iv)
```
中
```
iv
```
为常量或从循环源派生的计数器。

如需完整指导，请阅读
references/A04_2025-Cryptographic_Failures.md
。

A05:2025 — Injection

A05:2025 — 注入攻击

Grep targets:

SQL string concatenation / template-literal interpolation:
```
(query|execute|raw)\s*\(\s*['"\
```
][^'"`]${
,
'\s+\sreq.
,
f"SELECT . {
```
, 
```
String.format(.*SELECT`.

ORM raw escapes:

sequelize\.literal\(

Sequelize\.QueryTypes\.RAW

Model\.findAll\(\{\s*where:\s*\[

db\.execute\("

NoSQL:
```
req\.body\.\w+
```
passed directly to
```
find
```
/
```
findOne
```
without shape validation;
```
where:\s*\{[^}]*\$ne
```
patterns in user-controlled input.

Shell injection:

exec\(

execSync\(

with concatenation;

spawn\(.*,\s*{\s*shell:\s*true

;

os.system\(

subprocess\..*shell=True

Runtime\.exec

XSS:

dangerouslySetInnerHTML

v-html

\|safe

Element\.innerHTML\s*=

document\.write\(

, server templates with

{!! !!}

<%== %>

on user data.

SSTI:

Template\(.*\+

render_template_string\(

eval\(.*req\.

LDAP injection: filter string concatenation with user input.

Eval/dynamic code:

eval\(

new Function\(

setTimeout\(string

vm\.runInNewContext\(

LLM/agent context (2025): tool outputs / fetched docs / RAG context passed verbatim into prompts without separation.

For full guidance, read
references/A05_2025-Injection.md
.

Grep扫描目标：

SQL字符串拼接/模板字面量插值：
```
(query|execute|raw)\s*\(\s*['"\
```
][^'"`]${
、
'\s+\sreq.
、
f"SELECT . {
```
、
```
String.format(.*SELECT`。

ORM原生SQL使用：

sequelize\.literal\(

、

Sequelize\.QueryTypes\.RAW

、

Model\.findAll\(\{\s*where:\s*\[

、

db\.execute\("

。

NoSQL注入：
```
req\.body\.\w+
```
直接传入
```
find
```
/
```
findOne
```
且未做格式验证；用户可控输入中存在
```
where:\s*\{[^}]*\$ne
```
模式。

Shell注入：

exec\(

execSync\(

使用字符串拼接；

spawn\(.*,\s*{\s*shell:\s*true

；

os.system\(

、

subprocess\..*shell=True

、

Runtime\.exec

。

XSS攻击：

dangerouslySetInnerHTML

、

v-html

、

\|safe

、

Element\.innerHTML\s*=

、

document\.write\(

、服务器模板中对用户数据使用

{!! !!}

<%== %>

。

SSTI（服务器端模板注入）：

Template\(.*\+

、

render_template_string\(

、

eval\(.*req\.

。

LDAP注入：过滤字符串与用户输入拼接。

Eval/动态代码：

eval\(

、

new Function\(

、

setTimeout\(string

、

vm\.runInNewContext\(

。

LLM/Agent上下文（2025）：工具输出/获取的文档/RAG上下文直接传入提示词未做隔离。

如需完整指导，请阅读
references/A05_2025-Injection.md
。

A06:2025 — Insecure Design

A06:2025 — 不安全设计

Static signals (these often need a brief design read, not just grep):

Login endpoint without rate limiting middleware (
```
express-rate-limit
```
,
```
flask-limiter
```
,
```
django-ratelimit
```
, gateway-level limit).
No CAPTCHA / anti-automation on password reset, registration, MFA challenge.
Workflow endpoints without server-side state checks (e.g.,
```
/order/confirm
```
accepts any order ID without re-checking payment state).
Server-trusted client-computed values:
```
req.body.total
```
,
```
req.body.role
```
,
```
req.body.discount
```
written to DB without recomputation.
Single-tenant query patterns in a multi-tenant schema: any
```
Model.findAll()
```
/
```
SELECT * FROM table
```
without
```
WHERE tenant_id =
```
in code that handles tenant data.
URL fetchers that accept arbitrary destinations:
```
axios.get(req.body.url)
```
,
```
fetch(userInput)
```
with no allow-list / metadata-IP block.
File uploads without type/size/storage-path enforcement.
Recursive parsers / regex without complexity bounds (ReDoS risk).
No abuse-case tests — search for tests named
```
should_reject_
```
,
```
unauthenticated_
```
,
```
forbidden_
```
,
```
denies_
```
. Sparse coverage is a finding.

For full guidance, read
references/A06_2025-Insecure_Design.md
.

静态信号（通常需简要阅读设计而非仅依赖grep）：

登录端点未配置速率限制中间件（
```
express-rate-limit
```
、
```
flask-limiter
```
、
```
django-ratelimit
```
、网关级限制）。
密码重置、注册、MFA验证环节无CAPTCHA/反自动化机制。
工作流端点未做服务器端状态检查（例如
```
/order/confirm
```
接受任意订单ID而未重新检查支付状态）。
服务器信任客户端计算的值：
```
req.body.total
```
、
```
req.body.role
```
、
```
req.body.discount
```
写入数据库前未重新计算。
多租户架构中使用单租户查询模式：处理租户数据的代码中存在
```
Model.findAll()
```
/
```
SELECT * FROM table
```
且未添加
```
WHERE tenant_id =
```
条件。
URL获取器接受任意目标：
```
axios.get(req.body.url)
```
、
```
fetch(userInput)
```
未配置允许列表/元数据IP拦截。
文件上传未限制类型/大小/存储路径。
递归解析器/无复杂度限制的正则表达式（ReDoS风险）。
无滥用场景测试——查找命名为
```
should_reject_
```
、
```
unauthenticated_
```
、
```
forbidden_
```
、
```
denies_
```
的测试用例。测试覆盖率不足视为问题。

如需完整指导，请阅读
references/A06_2025-Insecure_Design.md
。

A07:2025 — Authentication Failures

A07:2025 — 认证机制失效

Grep targets:

Missing MFA enforcement on admin/privileged routes.

Hard-coded credentials in source:

password\s*=\s*['"][^'"]+['"]

Authorization:\s*Basic\s+[A-Za-z0-9+/=]+

in code or configs.

Session ID in URL:
```
req\.query\.session
```
,
```
?token=
```
patterns,
```
sessionid
```
in redirect URLs.
Session not rotated on login: look for session-store
```
set
```
/
```
save
```
after auth without a prior
```
regenerate
```
/
```
rotate
```
.
JWT without revocation: any JWT issuance code with no corresponding blocklist / refresh-token rotation.
Weak password policy / no breached-password check: registration handler that accepts any non-empty password.
Username enumeration: differing responses on login/reset/register for "user exists" vs "user does not exist."
No rate limit on login/reset/MFA endpoints.
OAuth/OIDC issues:
```
redirect_uri
```
parsed from request and used without allow-list check;
```
state
```
parameter missing;
```
alg: none
```
accepted on ID tokens.
Default/well-known passwords in seed data, fixtures, or examples that may be copy-pasted to prod.

For full guidance, read
references/A07_2025-Authentication_Failures.md
.

Grep扫描目标：

管理员/特权路由未强制启用MFA。

源代码中存在硬编码凭证：

password\s*=\s*['"][^'"]+['"]

、代码或配置中存在

Authorization:\s*Basic\s+[A-Za-z0-9+/=]+

。

URL中包含会话ID：
```
req\.query\.session
```
、
```
?token=
```
模式、重定向URL中包含
```
sessionid
```
。
登录时未轮换会话：查找认证后会话存储
```
set
```
/
```
save
```
操作前未执行
```
regenerate
```
/
```
rotate
```
的代码。
JWT无吊销机制：存在JWT签发代码但无对应的黑名单/刷新令牌轮换逻辑。
弱密码策略/无泄露密码检查：注册接口接受任意非空密码。
用户名枚举：登录/重置/注册环节中“用户存在”与“用户不存在”返回不同响应。
登录/重置/MFA端点无速率限制。
OAuth/OIDC问题：
```
redirect_uri
```
从请求中解析并直接使用未做允许列表检查；缺少
```
state
```
参数；ID令牌接受
```
alg: none
```
算法。
种子数据、测试数据或示例中存在默认/知名密码，可能被复制到生产环境。

如需完整指导，请阅读
references/A07_2025-Authentication_Failures.md
。

A08:2025 — Software or Data Integrity Failures

A08:2025 — 软件或数据完整性失效

Grep targets:

Insecure deserialization:

pickle\.loads\(

yaml\.load\(

(without

SafeLoader

ObjectInputStream

BinaryFormatter

unserialize\(

Marshal\.load\(

Auto-update without signature verification: code that downloads + executes/installs without checksum or signature check.
Signed cookie/token verification missing or weak: JWT decoded without
```
verify
```
;
```
cookie-parser
```
without
```
signed: true
```
; HMAC compare with
```
==
```
instead of constant-time.
CI workflows running on untrusted PRs with secrets:
```
pull_request_target
```
+ checkout of PR head + access to
```
${{ secrets.* }}
```
.
Plugin/extension loading from disk or URL without signature:
```
require(userPath)
```
,
```
import(userModule)
```
,
```
Assembly.LoadFrom(file)
```
.
Mutable third-party actions/images:
```
:latest
```
tags, branch refs in
```
uses:
```
lines.
Missing SBOM/provenance artifacts in release pipeline.

For full guidance, read
references/A08_2025-Software_or_Data_Integrity_Failures.md
.

Grep扫描目标：

不安全的反序列化：

pickle\.loads\(

、

yaml\.load\(

（未使用

SafeLoader

）、

ObjectInputStream

、

BinaryFormatter

、

unserialize\(

、

Marshal\.load\(

。

无签名验证的自动更新：代码中存在下载并执行/安装的逻辑但未做校验和或签名检查。
签名Cookie/令牌验证缺失或薄弱：JWT解码时未执行
```
verify
```
；
```
cookie-parser
```
未设置
```
signed: true
```
；HMAC比较使用
```
==
```
而非恒定时长比较。
CI工作流在不受信任的PR中运行并使用密钥：
```
pull_request_target
```
+检出PR代码+访问
```
${{ secrets.* }}
```
。
从磁盘或URL加载插件/扩展未做签名验证：
```
require(userPath)
```
、
```
import(userModule)
```
、
```
Assembly.LoadFrom(file)
```
。
可变的第三方Action/镜像：
```
:latest
```
标签、
```
uses:
```
行中使用分支引用。
发布流水线中缺少SBOM/溯源工件。

如需完整指导，请阅读
references/A08_2025-Software_or_Data_Integrity_Failures.md
。

A09:2025 — Security Logging and Alerting Failures

A09:2025 — 安全日志与告警失效

Static-only signals (this category requires runtime context — flag gaps but defer depth to the agent):

No structured logger in the project (no winston/pino/bunyan, no python
```
logging
```
setup, no Serilog) — or only
```
console.log
```
in server code.
Auth events not logged: search
```
authenticate
```
/
```
authorize
```
paths for log calls on failure.
Sensitive data logged: log calls that include
```
password
```
,
```
token
```
,
```
secret
```
,
```
creditCard
```
,
```
ssn
```
, full request body, full headers.
No centralized error handler / no request-ID correlation.
No audit trail for high-value actions (role change, payment, data export) — look for
```
INSERT INTO audit_log
```
or equivalent on critical write paths.
No retention policy / no log shipping config (no
```
fluentbit
```
,
```
vector
```
,
```
filebeat
```
, no Datadog/Splunk/CloudWatch agent config).

For full guidance, read
references/A09_2025-Security_Logging_and_Alerting_Failures.md
.

静态信号（该类别需运行时上下文——标记缺口但深度分析交由Agent处理）：

项目中无结构化日志工具（无winston/pino/bunyan、无Python
```
logging
```
配置、无Serilog）——或服务器代码仅使用
```
console.log
```
。
认证事件未记录：查找
```
authenticate
```
/
```
authorize
```
路径中失败时的日志调用。
日志中包含敏感数据：日志调用包含
```
password
```
、
```
token
```
、
```
secret
```
、
```
creditCard
```
、
```
ssn
```
、完整请求体、完整请求头。
无集中式错误处理/无请求ID关联。
高价值操作（角色变更、支付、数据导出）无审计追踪——查找关键写入路径中的
```
INSERT INTO audit_log
```
或等效操作。
无保留策略/无日志传输配置（无
```
fluentbit
```
、
```
vector
```
、
```
filebeat
```
、无Datadog/Splunk/CloudWatch代理配置）。

如需完整指导，请阅读
references/A09_2025-Security_Logging_and_Alerting_Failures.md
。

A10:2025 — Mishandling of Exceptional Conditions

A10:2025 — 异常条件处理不当

Grep targets:

Silent exception swallowing:

catch\s*\(\s*\w*\s*\)\s*\{\s*\}

except[^:]*:\s*pass

catch\s*\(_?\)\s*=>\s*\{\s*\}

try { ... } catch { /* ignore */ }

Generic catches around security calls:

catch (Exception)

except Exception:

wrapping

authorize

verify

validate

check*

calls.

Fail-open patterns: catch blocks that set a permission/role/allowed flag to
```
true
```
or return
```
true
```
on error.
Stack-trace responses: error middleware that sends
```
err.stack
```
or
```
err.message
```
to clients in non-dev mode.
Unhandled async rejections:
```
async
```
route handlers in Express 4 without
```
express-async-errors
```
or try/catch — flag any
```
async (req, res) =>
```
without an error catcher.
Transaction without rollback on error:
```
BEGIN
```
/
```
commit
```
without a matching rollback in the catch.
Different status codes/messages between "exists" and "not found" branches on auth-adjacent endpoints (enumeration via error).
TOCTOU patterns:
```
if (fs.exists) { ... fs.read }
```
— separated check and use.

For full guidance, read
references/A10_2025-Mishandling_of_Exceptional_Conditions.md
.

Grep扫描目标：

静默捕获异常：

catch\s*\(\s*\w*\s*\)\s*\{\s*\}

、

except[^:]*:\s*pass

、

catch\s*\(_?\)\s*=>\s*\{\s*\}

、

try { ... } catch { /* ignore */ }

。

安全相关调用使用通用捕获：
```
catch (Exception)
```
/
```
except Exception:
```
包裹
```
authorize
```
、
```
verify
```
、
```
validate
```
、
```
check*
```
调用。
故障开放模式：捕获块中将权限/角色/允许标志设为
```
true
```
或错误时返回
```
true
```
。
返回堆栈跟踪：错误中间件在非开发模式下向客户端返回
```
err.stack
```
或
```
err.message
```
。
未处理的异步拒绝：Express 4中的异步路由处理器未使用
```
express-async-errors
```
或try/catch——标记所有无错误捕获的
```
async (req, res) =>
```
代码。
事务错误时未回滚：
```
BEGIN
```
/
```
commit
```
未在捕获块中执行对应的回滚操作。
认证相关端点中“存在”与“不存在”分支返回不同状态码/消息（通过错误枚举信息）。
TOCTOU（检查时间与使用时间不一致）模式：
```
if (fs.exists) { ... fs.read }
```
——检查与使用操作分离。

如需完整指导，请阅读
references/A10_2025-Mishandling_of_Exceptional_Conditions.md
。

Step 3 — Secret Scan

步骤3 — 密钥扫描

Walk

.env*

config/

secrets/

*.yml

*.yaml

*.json

*.tf

*.properties

, source files. Grep patterns:

Secret class	Regex (anchor to ensure context)
AWS access key	`AKIA[0-9A-Z]{16}`
AWS secret key	`[A-Za-z0-9/+=]{40}` near `aws_secret_access_key` / `AWS_SECRET_ACCESS_KEY`
GCP service-account key	`"type":\s"service_account"` , `"private_key":\s"-----BEGIN PRIVATE KEY-----`
GitHub PAT (classic)	`ghp_[A-Za-z0-9]{36}`
GitHub fine-grained PAT	`github_pat_[A-Za-z0-9_]{82}`
Slack token	`xox[abprs]-[A-Za-z0-9-]{10,}`
Stripe live key	`sk_live_[A-Za-z0-9]{24,}`
Stripe restricted	`rk_live_[A-Za-z0-9]{24,}`
Twilio account SID	`AC[a-f0-9]{32}`
Generic JWT	`eyJ[A-Za-z0-9_-]+\.eyJ[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+`
RSA / EC private key	`-----BEGIN (RSA
Connection string	`(postgres\|mysql\|mongodb\|redis)://[^@/]+:[^@/]+@`
Generic high-entropy assignment	`(?i)(secret\|password\|token\|api[_-]?key)\s[:=]\s['"][A-Za-z0-9+/=_-]{16,}['"]`

For each match: record file:line, redact the middle of the value in the report (

AKIA…REDACTED…XYZW

), and flag whether the file is committed to git (

git log --all --diff-filter=A -- <path>

). Committed secrets require a separate remediation note ("rotate immediately + purge history").

Recommend

gitleaks detect --no-banner

trufflehog filesystem .

as deeper follow-ups if available.

遍历

.env*

、

config/

、

secrets/

、

*.yml

*.yaml

、

*.json

、

*.tf

、

*.properties

及源文件。Grep匹配模式：

密钥类别	正则表达式（锚定以确保上下文）
AWS访问密钥	`AKIA[0-9A-Z]{16}`
AWS密钥	`[A-Za-z0-9/+=]{40}` 出现在 `aws_secret_access_key` / `AWS_SECRET_ACCESS_KEY` 附近
GCP服务账号密钥	`"type":\s"service_account"` 、 `"private_key":\s"-----BEGIN PRIVATE KEY-----`
GitHub PAT（经典版）	`ghp_[A-Za-z0-9]{36}`
GitHub细粒度PAT	`github_pat_[A-Za-z0-9_]{82}`
Slack令牌	`xox[abprs]-[A-Za-z0-9-]{10,}`
Stripe生产密钥	`sk_live_[A-Za-z0-9]{24,}`
Stripe受限密钥	`rk_live_[A-Za-z0-9]{24,}`
Twilio账号SID	`AC[a-f0-9]{32}`
通用JWT	`eyJ[A-Za-z0-9_-]+\.eyJ[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+`
RSA/EC私钥	`-----BEGIN (RSA
连接字符串	`(postgres\|mysql\|mongodb\|redis)://[^@/]+:[^@/]+@`
通用高熵赋值	`(?i)(secret\|password\|token\|api[_-]?key)\s[:=]\s['"][A-Za-z0-9+/=_-]{16,}['"]`

对于每个匹配项：记录文件:行号，在报告中对值的中间部分进行脱敏（例如

AKIA…REDACTED…XYZW

），并标记该文件是否已提交至git（通过

git log --all --diff-filter=A -- <path>

检查）。已提交的密钥需单独添加修复说明（“立即轮换密钥并清除历史记录”）。

若条件允许，推荐使用

gitleaks detect --no-banner

或

trufflehog filesystem .

进行更深度的后续扫描。

Step 4 — Framework-Aware Checks

步骤4 — 框架针对性检查

Only run the sub-section(s) matching the recon profile from Step 1.

仅执行与步骤1中识别的技术栈匹配的子章节。

Express / Node.js

```
helmet()
```
middleware installed and applied to the app.
```
express.json({ limit: ... })
```
has a reasonable cap (not unlimited).
CSRF middleware on state-changing routes (Express 5 lacks built-in CSRF — look for
```
csurf
```
or a custom token check).

Cookie flags:

httpOnly: true

secure: true

sameSite: 'lax'|'strict'

Body parsers don't accept
```
text/xml
```
if
```
xml2js
```
is wired up (XXE risk).
Open redirect:
```
res.redirect(req.query.url)
```
without allow-list.
Prototype pollution surface:
```
_.merge
```
/
```
_.set
```
on user-controlled keys;
```
Object.assign({}, req.body)
```
with no schema gate.

已安装
```
helmet()
```
中间件并应用于应用。
```
express.json({ limit: ... })
```
设置了合理的上限（非无限制）。
状态变更路由配置了CSRF中间件（Express 5无内置CSRF——查找
```
csurf
```
或自定义令牌检查）。

Cookie标志：

httpOnly: true

、

secure: true

、

sameSite: 'lax'|'strict'

。

若已配置
```
xml2js
```
，则Body解析器不接受
```
text/xml
```
（XXE风险）。
开放重定向：
```
res.redirect(req.query.url)
```
未配置允许列表。
原型污染风险：
```
_.merge
```
/
```
_.set
```
作用于用户可控的键；
```
Object.assign({}, req.body)
```
未做模式校验。

Django / Flask / FastAPI

```
DEBUG = False
```
in prod settings.
```
SECRET_KEY
```
not committed; loaded from env.
```
ALLOWED_HOSTS
```
not
```
['*']
```
in production settings.
CSRF middleware enabled;
```
@csrf_exempt
```
justified per use.

MIDDLEWARE

includes

SecurityMiddleware

XFrameOptionsMiddleware

ORM
```
.raw()
```
/
```
.extra()
```
/
```
.execute()
```
usage flagged.
Flask
```
Markup
```
/
```
|safe
```
on user input.
FastAPI
```
Depends
```
for auth on every protected route; no
```
Depends(get_user, use_cache=True)
```
masking failed lookups.
SQLAlchemy
```
text()
```
with f-string interpolation.

生产环境设置中
```
DEBUG = False
```
。
```
SECRET_KEY
```
未提交至代码仓库；从环境变量加载。
生产环境设置中
```
ALLOWED_HOSTS
```
未设为
```
['*']
```
。
CSRF中间件已启用；
```
@csrf_exempt
```
的使用有合理理由。

MIDDLEWARE

包含

SecurityMiddleware

、

XFrameOptionsMiddleware

。

标记ORM
```
.raw()
```
/
```
.extra()
```
/
```
.execute()
```
的使用。
Flask中
```
Markup
```
/
```
|safe
```
作用于用户输入。
FastAPI中每个受保护路由均使用
```
Depends
```
进行认证；无
```
Depends(get_user, use_cache=True)
```
掩盖查找失败的情况。
SQLAlchemy中
```
text()
```
使用f-string插值。

Spring / Java

```
@PreAuthorize
```
/
```
@Secured
```
on controllers; method-security enabled.

WebSecurityConfigurerAdapter

SecurityFilterChain

doesn't

permitAll()

broad paths.

CSRF disabled only with justification.
Actuator endpoints (
```
/actuator/*
```
) not exposed publicly.
```
RestTemplate
```
/
```
WebClient
```
using validated SSL contexts; no
```
TrustAllStrategy
```
.
Jackson polymorphic deserialization (
```
@JsonTypeInfo
```
) without an allow-list (deserialization RCE surface).
JNDI lookups in user-controlled strings (post-Log4Shell awareness).

控制器上配置了
```
@PreAuthorize
```
/
```
@Secured
```
；方法级安全已启用。

WebSecurityConfigurerAdapter

SecurityFilterChain

未对宽泛路径设置

permitAll()

。

CSRF仅在有合理理由时禁用。
Actuator端点（
```
/actuator/*
```
）未公开暴露。
```
RestTemplate
```
/
```
WebClient
```
使用已验证的SSL上下文；无
```
TrustAllStrategy
```
。
Jackson多态反序列化（
```
@JsonTypeInfo
```
）未配置允许列表（反序列化RCE风险）。
用户可控字符串中存在JNDI查找（Log4Shell后需注意）。

Rails / Ruby

```
protect_from_forgery
```
enabled.
```
strong_parameters
```
enforced — no
```
params.permit!
```
on user input.

Rails.application.credentials

used; no committed

secrets.yml

```
eval
```
/
```
send
```
with user input.
```
Open3.capture2
```
/
```
%x{}
```
with concatenated input.
YAML.load (not
```
safe_load
```
) on user data.

```
protect_from_forgery
```
已启用。
强制使用
```
strong_parameters
```
——用户输入未使用
```
params.permit!
```
。

使用

Rails.application.credentials

；未提交

secrets.yml

。

```
eval
```
/
```
send
```
作用于用户输入。
```
Open3.capture2
```
/
```
%x{}
```
使用拼接的输入。
用户数据使用YAML.load（而非
```
safe_load
```
）。

Go

```
http.Server
```
has timeouts set (
```
ReadTimeout
```
,
```
WriteTimeout
```
,
```
IdleTimeout
```
) — defaults are unlimited.
```
http.Handle("/", ...)
```
patterns covered by authentication middleware.
```
crypto/tls
```
config doesn't set
```
InsecureSkipVerify: true
```
.
SQL:
```
db.Query(fmt.Sprintf(...))
```
or
```
+
```
concatenation.
```
exec.Command("sh", "-c", userInput)
```
patterns.
Open redirect via
```
http.Redirect
```
.

```
http.Server
```
已设置超时（
```
ReadTimeout
```
、
```
WriteTimeout
```
、
```
IdleTimeout
```
）——默认值为无限制。
```
http.Handle("/", ...)
```
模式已被认证中间件覆盖。
```
crypto/tls
```
配置未设置
```
InsecureSkipVerify: true
```
。
SQL：
```
db.Query(fmt.Sprintf(...))
```
或
```
+
```
字符串拼接。
```
exec.Command("sh", "-c", userInput)
```
模式。
通过
```
http.Redirect
```
实现开放重定向。

.NET

```
[Authorize]
```
attribute on controllers;
```
[AllowAnonymous]
```
audited.
Antiforgery tokens on POSTs.

JsonSerializerSettings.TypeNameHandling != None

(deserialization RCE).

XmlReaderSettings.DtdProcessing != Prohibit

(XXE).

Connection strings in
```
appsettings.json
```
committed — should be in user secrets / Key Vault.
ASP.NET Core data-protection keys persisted and protected.

控制器上配置了
```
[Authorize]
```
属性；
```
[AllowAnonymous]
```
的使用已审计。
POST请求配置了防伪造令牌。

JsonSerializerSettings.TypeNameHandling != None

（反序列化RCE风险）。

XmlReaderSettings.DtdProcessing != Prohibit

（XXE风险）。

```
appsettings.json
```
中提交了连接字符串——应存储在用户密钥/密钥保管库中。
ASP.NET Core数据保护密钥已持久化并受保护。

PHP

```
eval(
```
,
```
assert(
```
,
```
create_function(
```
on input.
```
include
```
/
```
require
```
with user input.
```
unserialize
```
on cookies/inputs.
File upload:
```
move_uploaded_file
```
to web-served directory without extension allow-list.
```
mysqli_query(... . $_GET[...])
```
patterns.

```
eval(
```
、
```
assert(
```
、
```
create_function(
```
作用于输入。
```
include
```
/
```
require
```
使用用户输入。
对Cookie/输入执行
```
unserialize
```
。
文件上传：
```
move_uploaded_file
```
将文件移动到Web服务目录且未设置扩展名允许列表。
```
mysqli_query(... . $_GET[...])
```
模式。

Step 5 — Report Output

步骤5 — 报告输出

Determine project root

确定项目根目录

Use

git rev-parse --show-toplevel

if inside a repo; otherwise the working directory at scan time. Treat that path as

<project_root>

若在git仓库内，使用

git rev-parse --show-toplevel

；否则使用扫描时的工作目录。将该路径视为

<project_root>

。

Choose the report path (ISO date; collision-safe)

选择报告路径（ISO日期；避免冲突）

bash

DATE=$(date +%Y-%m-%d)
DIR="<project_root>/audit/${DATE}"
mkdir -p "$DIR"
FILE="${DIR}/report.md"
if [ -e "$FILE" ]; then
  TIME=$(date +%H%M%S)
  FILE="${DIR}/report-${TIME}.md"
fi

Windows / PowerShell equivalent:

powershell

$date = Get-Date -Format 'yyyy-MM-dd'
$dir  = Join-Path $projectRoot "audit\$date"
New-Item -ItemType Directory -Force -Path $dir | Out-Null
$file = Join-Path $dir 'report.md'
if (Test-Path $file) {
  $time = Get-Date -Format 'HHmmss'
  $file = Join-Path $dir "report-$time.md"
}

The first scan of the day writes

report.md

; subsequent scans the same day write

report-HHMMSS.md

. History is preserved; nothing is overwritten.

bash

DATE=$(date +%Y-%m-%d)
DIR="<project_root>/audit/${DATE}"
mkdir -p "$DIR"
FILE="${DIR}/report.md"
if [ -e "$FILE" ]; then
  TIME=$(date +%H%M%S)
  FILE="${DIR}/report-${TIME}.md"
fi

Windows / PowerShell等效命令：

powershell

$date = Get-Date -Format 'yyyy-MM-dd'
$dir  = Join-Path $projectRoot "audit\$date"
New-Item -ItemType Directory -Force -Path $dir | Out-Null
$file = Join-Path $dir 'report.md'
if (Test-Path $file) {
  $time = Get-Date -Format 'HHmmss'
  $file = Join-Path $dir "report-$time.md"
}

当日首次扫描生成

report.md

；当日后续扫描生成

report-HHMMSS.md

。保留历史记录；不覆盖任何文件。

Report structure

报告结构

Write via the

Write

tool with this exact skeleton:

markdown

undefined

使用Write工具按照以下固定框架编写：

markdown

undefined

Security Assessment — <project name> — <YYYY-MM-DD>

安全评估报告 — <项目名称> — <YYYY-MM-DD>

Summary

摘要

Overall risk: Critical | High | Medium | Low
Scan time: <timestamp>
Stack: <languages, frameworks, runtimes from Step 1>
Attack surface: <public endpoints, authn surface, data classes>
Components reviewed: <directories / files in scope>
Findings: N Critical / N High / N Medium / N Low

整体风险等级： 严重 | 高 | 中 | 低
扫描时间： <时间戳>
技术栈： <步骤1中识别的语言、框架、运行时>
攻击面： <公开端点、认证面、数据类别>
审查范围： <涉及的目录/文件>
问题统计： N个严重 / N个高 / N个中 / N个低风险问题

Findings

问题详情

Critical

严重风险

SEC-001 — <short title>

SEC-001 — <简短标题>

OWASP: A0X:2025 <Category>
CWE: CWE-NNN
Location:
```
path/to/file.ts:42
```
Description: <what the issue is, in plain language>
Attack scenario: <how an attacker exploits this in practice>
Remediation: <how to fix; include a code-level diff sketch when possible>
References:
```
references/A0X_2025-<Title>.md
```

OWASP类别： A0X:2025 <类别名称>
CWE编号： CWE-NNN
位置：
```
path/to/file.ts:42
```
描述： <用通俗语言说明问题>
攻击场景： <攻击者实际利用该问题的方式>
修复方案： <修复方法；尽可能提供代码级差异示例>
参考文档：
```
references/A0X_2025-<Title>.md
```

High

高风险

Medium

中风险

Low

低风险

Prioritized Remediation

优先修复建议

<Critical-1 — one-line action>
<Critical-2 — one-line action>
<High-1 — one-line action> …

<严重风险1 — 单行操作说明>
<严重风险2 — 单行操作说明>
<高风险1 — 单行操作说明> …

Recommended Follow-ups

后续推荐动作

Deep manual review: spawn the
```
@security-auditor
```
agent on the top N findings for adversarial validation.

Secret scanning: run

gitleaks detect --no-banner

and

trufflehog filesystem .

to confirm Step 3 coverage.

Dependency CVEs: run the language-appropriate auditor (
```
npm audit
```
,
```
pip-audit
```
,
```
cargo audit
```
,
```
govulncheck
```
, …) — re-include in CI if not already.
Container scan:
```
trivy fs .
```
or
```
grype dir:.
```
for OS-package + dependency CVEs in built images.
DAST: schedule an OWASP ZAP / Burp scan against a staging deployment.

undefined

深度人工审查： 针对前N个高风险问题调用
```
@security-auditor
```
Agent进行对抗性验证。
密钥扫描： 运行
```
gitleaks detect --no-banner
```
和
```
trufflehog filesystem .
```
确认步骤3的覆盖范围。
依赖CVE检查： 运行对应语言的审计工具（
```
npm audit
```
、
```
pip-audit
```
、
```
cargo audit
```
、
```
govulncheck
```
等）——若尚未集成到CI中则添加。
容器扫描： 使用
```
trivy fs .
```
或
```
grype dir:.
```
扫描构建镜像中的OS包+依赖CVE。
DAST扫描： 安排OWASP ZAP / Burp对 staging 环境进行动态应用安全测试。

undefined

Severity rubric

风险等级判定标准

Apply consistently — these are the only allowed labels.

Critical — unauthenticated remote code execution, public exfiltration of secrets/PII at scale, privilege escalation to admin from anonymous, complete authentication bypass.
High — authenticated RCE, IDOR exposing other users' sensitive data, missing auth on sensitive endpoints, hard-coded credentials in a committed file, weak password hashing in production code.
Medium — XSS in non-admin contexts, CSRF on state-changing endpoints, missing security headers, weak TLS configuration, dependency CVEs with known PoCs but limited blast radius.
Low — verbose error pages, missing rate limits without immediate abuse path, defense-in-depth gaps, missing audit logging on non-critical actions.

需统一应用以下标签：

严重 — 未认证远程代码执行、大规模公开泄露密钥/PII、匿名用户提权至管理员、完全绕过认证。
高 — 已认证远程代码执行、IDOR暴露其他用户敏感数据、敏感端点缺失认证、已提交文件中存在硬编码凭证、生产代码中使用弱密码哈希。
中 — 非管理员上下文XSS、状态变更端点CSRF、缺少安全头、弱TLS配置、已知PoC但影响范围有限的依赖CVE。
低 — 详细错误页面、无即时滥用路径的速率限制缺失、纵深防御缺口、非关键操作缺少审计日志。

After writing

报告生成后操作

Echo the absolute path of the report file back to the user in chat.
Surface the top 3 highest-severity findings as a one-line preview each.
Suggest the user add
```
audit/
```
to
```
.gitignore
```
if they don't want reports tracked in git. Do not modify
.gitignore
— surface the suggestion only.

在聊天中向用户返回报告文件的绝对路径。
展示前3个最高风险问题的单行预览。
建议用户若不想将报告纳入git追踪，可将
```
audit/
```
添加到
```
.gitignore
```
中。不得修改
.gitignore
— 仅提供建议。

Relationship with

@security-auditor

Agent

与

@security-auditor

Agent的关系

This skill produces a fast, broad, automatic first pass. The

@security-auditor

agent produces a deep, adversarial, manual review of specific surfaces.

Use this skill for: every PR review, periodic full-repo sweeps, "is there anything obvious," initial onboarding to an unfamiliar codebase.
Escalate to @security-auditor
when: a Critical/High finding needs validation; a sensitive surface (auth, payment, crypto, multi-tenant data) needs design-level review; the codebase touches a regulated domain (HIPAA, PCI, GDPR).

The recommended workflow: run this skill → user picks the 3–5 highest-impact findings → spawn

@security-auditor

to drill in.

本技能提供快速、全面、自动化的初步扫描。

@security-auditor

Agent提供深度、对抗性、人工的特定场景审查。

使用本技能的场景：每次PR审查、定期全仓库扫描、“是否存在明显问题”、首次接触陌生代码库。
升级至**
```
@security-auditor
```
**的场景：严重/高风险问题需要验证；敏感场景（认证、支付、加密、多租户数据）需要设计级审查；代码库涉及受监管领域（HIPAA、PCI、GDPR）。

推荐工作流：运行本技能 → 用户选择3-5个最高影响的问题 → 调用

@security-auditor

进行深入分析。

Sandboxing Compatibility

沙箱兼容性

Step 0 clone requires network + exec — skip in a strict sandbox; ask the user to clone manually or run outside the sandbox.
Dependency auditors (
```
npm audit
```
,
```
pip-audit
```
,
```
cargo audit
```
,
```
govulncheck
```
,
```
trivy
```
, …) require network and/or subprocess. If a call fails with permission or network error, mark the section as "Skipped — sandbox" in the report and continue with static analysis only.
Static checks (Step 1–5) are pure file reads + greps; they work in any sandbox.

步骤0克隆需要网络+执行权限——严格沙箱环境中跳过；请用户手动克隆或在沙箱外运行。
依赖审计工具（
```
npm audit
```
、
```
pip-audit
```
、
```
cargo audit
```
、
```
govulncheck
```
、
```
trivy
```
等）需要网络和/或子进程权限。若调用因权限或网络错误失败，在报告中标记该章节为“已跳过 — 沙箱环境”并继续执行静态分析。
**静态检查（步骤1-5）**仅涉及文件读取+grep；可在任意沙箱环境中运行。

Best Practices

最佳实践

Be conservative on severity. When in doubt, mark Medium and let the human re-rank. Inflated criticals destroy trust.
One finding per issue. Don't bundle "weak crypto in
```
auth.ts:10
```
,
```
auth.ts:42
```
,
```
auth.ts:88
```
" into one item — they're separate finds with separate fixes.
Cite file:line in every finding. No exceptions. A finding without a location is unactionable.
Don't propose code edits in the report body. The report is read-only context; the user/agent applies fixes deliberately afterward.
No false-positive bait. If a grep hit is in a test file mocking the unsafe pattern intentionally, omit it (or mark Low with "test file — informational only").
Re-fetch references on demand. When triaging a specific A0X finding, read the matching
```
references/A0X_2025-*.md
```
to ground the remediation language in OWASP terms.

风险等级判定保守。如有疑问，标记为中风险并交由人工重新定级。夸大严重风险会破坏信任。
一个问题对应一条记录。不要将“
```
auth.ts:10
```
、
```
auth.ts:42
```
、
```
auth.ts:88
```
中存在弱加密”合并为一条记录——它们是独立问题，需要单独修复。
每条记录必须标注文件:行号。无例外。无位置信息的问题无法处理。
报告主体中不建议代码编辑。报告为只读上下文；用户/Agent会在之后刻意应用修复。
避免误报。若grep命中的是测试文件中故意模拟的不安全模式，可忽略（或标记为低风险并注明“测试文件 — 仅作信息参考”）。
按需获取参考文档。分类排查特定A0X问题时，阅读对应的
```
references/A0X_2025-*.md
```
文档，确保修复语言符合OWASP术语。