secure-code-review
9
总安装量
2
周安装量
#31150
全站排名
安装命令
npx skills add https://github.com/ed1s0nz/cyberstrikeai --skill secure-code-review
Agent 安装分布
amp
1
opencode
1
kimi-cli
1
codex
1
github-copilot
1
codebuddy
1
Skill 文档
å®å ¨ä»£ç 审æ¥
æ¦è¿°
å®å ¨ä»£ç 审æ¥æ¯è¯å«ä»£ç ä¸å®å ¨æ¼æ´çéè¦æ¹æ³ãæ¬æè½æä¾å®å ¨ä»£ç 审æ¥çæ¹æ³ãå·¥å ·åæä½³å®è·µã
审æ¥èå´
1. è¾å ¥éªè¯
æ£æ¥é¡¹ç®ï¼
- ç¨æ·è¾å ¥éªè¯
- åæ°éªè¯
- æ°æ®è¿æ»¤
- è¾¹çæ£æ¥
2. è¾åºç¼ç
æ£æ¥é¡¹ç®ï¼
- XSSé²æ¤
- è¾åºç¼ç
- å 容å®å ¨çç¥
- ååºå¤´è®¾ç½®
3. 认è¯ææ
æ£æ¥é¡¹ç®ï¼
- 认è¯æºå¶
- ä¼è¯ç®¡ç
- æéæ§å¶
- å¯ç å¤ç
4. å å¯åå¯é¥
æ£æ¥é¡¹ç®ï¼
- æ°æ®å å¯
- å¯é¥ç®¡ç
- åå¸ç®æ³
- éæºæ°çæ
审æ¥æ¹æ³
1. éæåæ
使ç¨SASTå·¥å ·ï¼
# SonarQube
sonar-scanner
# Checkmarx
# 使ç¨Webçé¢
# Fortify
sourceanalyzer -b project build.sh
sourceanalyzer -b project -scan
# Semgrep
semgrep --config=auto .
2. æå¨å®¡æ¥
审æ¥æ¸ åï¼
- è¾å ¥éªè¯
- è¾åºç¼ç
- SQLæ³¨å ¥
- XSSæ¼æ´
- 认è¯ææ
- å å¯ä½¿ç¨
- é误å¤ç
- æ¥å¿è®°å½
3. 代ç 模å¼è¯å«
å±é©å½æ°ï¼
# Pythonå±é©å½æ°
eval()
exec()
pickle.loads()
os.system()
subprocess.call()
// Javaå±é©å½æ°
Runtime.exec()
ProcessBuilder()
Class.forName()
// PHPå±é©å½æ°
eval()
exec()
system()
passthru()
常è§æ¼æ´æ¨¡å¼
SQLæ³¨å ¥
å±é©ä»£ç ï¼
String query = "SELECT * FROM users WHERE id = " + userId;
Statement stmt = connection.createStatement();
ResultSet rs = stmt.executeQuery(query);
å®å ¨ä»£ç ï¼
String query = "SELECT * FROM users WHERE id = ?";
PreparedStatement stmt = connection.prepareStatement(query);
stmt.setInt(1, userId);
ResultSet rs = stmt.executeQuery();
XSSæ¼æ´
å±é©ä»£ç ï¼
document.innerHTML = userInput;
element.innerHTML = "<div>" + userInput + "</div>";
å®å ¨ä»£ç ï¼
element.textContent = userInput;
element.setAttribute("data-value", userInput);
// æ使ç¨ç¼ç åº
element.innerHTML = escapeHtml(userInput);
å½ä»¤æ³¨å ¥
å±é©ä»£ç ï¼
import os
os.system("ping " + user_input)
å®å ¨ä»£ç ï¼
import subprocess
subprocess.run(["ping", "-c", "1", validated_input])
è·¯å¾éå
å±é©ä»£ç ï¼
String filePath = "/uploads/" + fileName;
File file = new File(filePath);
å®å ¨ä»£ç ï¼
String basePath = "/uploads/";
String fileName = Paths.get(fileName).getFileName().toString();
String filePath = basePath + fileName;
File file = new File(filePath);
if (!file.getCanonicalPath().startsWith(basePath)) {
throw new SecurityException("Invalid path");
}
硬ç¼ç å¯é¥
å±é©ä»£ç ï¼
String apiKey = "1234567890abcdef";
String password = "admin123";
å®å ¨ä»£ç ï¼
String apiKey = System.getenv("API_KEY");
String password = keyStore.getPassword("db_password");
å·¥å ·ä½¿ç¨
SonarQube
# å¯å¨SonarQube
docker run -d -p 9000:9000 sonarqube
# è¿è¡æ«æ
sonar-scanner \
-Dsonar.projectKey=myproject \
-Dsonar.sources=. \
-Dsonar.host.url=http://localhost:9000
Semgrep
# å®è£
pip install semgrep
# è¿è¡æ«æ
semgrep --config=auto .
# 使ç¨è§å
semgrep --config=p/security-audit .
CodeQL
# å建æ°æ®åº
codeql database create database --language=java --source-root=.
# è¿è¡æ¥è¯¢
codeql database analyze database security-and-quality.qls --format=sarif-latest
审æ¥æ¸ å
è¾å ¥éªè¯
- ææç¨æ·è¾å ¥é½ç»è¿éªè¯
- 使ç¨ç½ååéªè¯
- éªè¯æ°æ®ç±»ååèå´
- å¤çç¹æ®å符
è¾åºç¼ç
- HTMLè¾åºç¼ç
- URLç¼ç
- JavaScriptç¼ç
- SQLåæ°å
认è¯ææ
- 强å¯ç çç¥
- å®å ¨çä¼è¯ç®¡ç
- æééªè¯
- å¤å ç´ è®¤è¯
å å¯
- 使ç¨å¼ºå å¯ç®æ³
- å¯é¥å®å ¨åå¨
- ä¼ è¾å å¯
- åå¨å å¯
é误å¤ç
- ä¸æ³é²ææä¿¡æ¯
- ç»ä¸é误ååº
- è®°å½é误æ¥å¿
- å¼å¸¸å¤ç
æä½³å®è·µ
1. å®å ¨ç¼ç è§è
- éµå¾ªOWASP Top 10
- 使ç¨å®å ¨ç¼ç æå
- 代ç 审æ¥æµç¨
- å®å ¨å¹è®
2. èªå¨åå·¥å ·
- éæSASTå·¥å ·
- CI/CDå®å ¨æ£æ¥
- èªå¨åæ«æ
- ç»æåæ
3. 代ç 审æ¥æµç¨
- åè¡å®¡æ¥
- å®å ¨ä¸å®¶å®¡æ¥
- å®æ审æ¥
- è®°å½é®é¢
注æäºé¡¹
- ç»åå·¥å ·å人工审æ¥
- å ³æ³¨ä¸å¡é»è¾æ¼æ´
- å®ææ´æ°å·¥å ·è§å
- 建ç«å®å ¨ç¼ç æå