代码安全审查工具 - 高置信度漏洞检测，识别可利用的安全漏洞

security-review by getsentry/skills

1,400 周安装量

467 GitHub Stars

GitHub

安装命令

npx skills add https://github.com/getsentry/skills --skill security-review

开发安全

🇨🇳中文介绍

安全审查技能

识别代码中可利用的安全漏洞。仅报告高置信度的发现——即存在明确易受攻击模式且攻击者可控制输入的情况。

范围：研究与报告

关键区别：

报告对象：仅限用户提供的特定文件、差异或代码
研究：在报告前，研究整个代码库以建立信心

在标记任何问题之前，您必须研究代码库以了解：

这个输入实际上来自哪里？（追踪数据流）
其他地方是否有验证/清理？
这是如何配置的？（检查设置、配置文件、中间件）
存在哪些框架保护措施？

不要仅基于模式匹配来报告问题。 先进行调查，然后仅报告您确信可利用的问题。

置信度级别

级别	标准	操作
高	确认存在易受攻击模式且攻击者可控制输入	报告并注明严重性
中	存在易受攻击模式，输入来源不明确	备注为"需要验证"
低

广告位招租

在这里展示您的产品或服务

触达数万 AI 开发者，精准高效

联系我们

不应标记的情况

测试文件（除非明确审查测试安全性）
死代码、注释代码、文档字符串
使用常量或服务器控制配置的模式
需要先进行身份验证才能访问的代码路径（改为注明身份验证要求）

服务器控制的值（非攻击者控制）

这些由操作员配置，不由攻击者控制：

来源	示例	安全原因
Django 设置	`settings.API_URL`, `settings.ALLOWED_HOSTS`	在部署时通过配置/环境变量设置
环境变量	`os.environ.get('DATABASE_URL')`	部署配置
配置文件	`config.yaml`, `app.config['KEY']`	服务器端文件
框架常量	`django.conf.settings.*`	用户不可修改
硬编码值	`BASE_URL = "https://api.internal"`	编译时常量

SSRF 示例 - 非漏洞：

# 安全：URL 来自 Django 设置（服务器控制）
response = requests.get(f"{settings.SEER_AUTOFIX_URL}{path}")

SSRF 示例 - 是漏洞：

# 易受攻击：URL 来自请求（攻击者控制）
response = requests.get(request.GET.get('url'))

框架缓解的模式

在标记之前，请查阅语言指南。常见的误报：

模式	通常安全的原因
Django `{{ variable }}`	默认自动转义
React `{variable}`	默认自动转义
Vue `{{ variable }}`	默认自动转义
`User.objects.filter(id=input)`	ORM 参数化查询
`cursor.execute("...%s", (input,))`	参数化查询
`innerHTML = "<b>Loading...</b>"`	常量字符串，无用户输入

仅在以下情况下标记这些：

Django: {{ var|safe }}, {% autoescape off %}, mark_safe(user_input)
React: dangerouslySetInnerHTML={{__html: userInput}}
Vue: v-html="userInput"
ORM: .raw(), .extra(), RawSQL() 与字符串插值结合使用

我正在审查什么类型的代码？

代码类型	加载这些参考文件
API 端点、路由	`authorization.md`, `authentication.md`, `injection.md`
前端、模板	`xss.md`, `csrf.md`
文件处理、上传	`file-security.md`
加密、密钥、令牌	`cryptography.md`, `data-protection.md`
数据序列化	`deserialization.md`
外部请求	`ssrf.md`
业务工作流	`business-logic.md`
GraphQL、REST 设计	`api-security.md`
配置、头部、CORS	`misconfiguration.md`
CI/CD、依赖项	`supply-chain.md`
错误处理	`error-handling.md`
审计、日志记录	`logging.md`

2. 加载语言指南

基于文件扩展名或导入：

指示符	指南
`.py`, `django`, `flask`, `fastapi`	`languages/python.md`
`.js`, `.ts`, `express`, `react`, `vue`, `next`	`languages/javascript.md`
`.go`, `go.mod`	`languages/go.md`
`.rs`, `Cargo.toml`	`languages/rust.md`
`.java`, `spring`, `@Controller`	`languages/java.md`

3. 加载基础设施指南（如适用）

文件类型	指南
`Dockerfile`, `.dockerignore`	`infrastructure/docker.md`
K8s 清单、Helm 图表	`infrastructure/kubernetes.md`
`.tf`, Terraform	`infrastructure/terraform.md`
GitHub Actions, `.gitlab-ci.yml`	`infrastructure/ci-cd.md`
AWS/GCP/Azure 配置、IAM	`infrastructure/cloud.md`

4. 标记前进行研究

对于每个潜在问题，研究代码库以建立信心：

这个值实际上来自哪里？追踪数据流。
它是在部署时配置的（设置、环境变量）还是来自用户输入？
其他地方是否有验证、清理或白名单机制？
适用哪些框架保护措施？

只有在理解更广泛的上下文后，对问题有高置信度时才进行报告。

5. 验证可利用性

对于每个潜在发现，确认：

输入是否由攻击者控制？

攻击者控制（需调查）	服务器控制（通常安全）
`request.GET`, `request.POST`, `request.args`	`settings.X`, `app.config['X']`
`request.json`, `request.data`, `request.body`	`os.environ.get('X')`
`request.headers`（大多数头部）	硬编码常量
`request.cookies`（未签名）	来自配置的内部服务 URL
URL 路径段：`/users/<id>/`	来自管理员/系统的数据库内容
文件上传（内容和名称）	已签名的会话数据
来自其他用户的数据库内容	框架设置
WebSocket 消息

框架是否缓解了此问题？

检查语言指南中的自动转义、参数化
检查是否存在进行清理的中间件/装饰器

上游是否有验证？

在此代码之前的输入验证
清理库（DOMPurify、bleach 等）

6. 仅报告高置信度问题

跳过理论性问题。仅报告经过研究后确认可利用的问题。

严重性	影响	示例
严重	直接利用，严重影响，无需身份验证	RCE、导致数据泄露的 SQL 注入、身份验证绕过、硬编码密钥
高	有条件可利用，重大影响	存储型 XSS、导致元数据泄露的 SSRF、导致敏感数据泄露的 IDOR
中	需要特定条件，中等影响	反射型 XSS、状态变更操作上的 CSRF、路径遍历
低	纵深防御，直接影响最小	缺少头部、详细错误信息、非关键上下文中的弱算法

始终标记（严重）

eval(user_input)           # 任何语言
exec(user_input)           # 任何语言
pickle.loads(user_data)    # Python
yaml.load(user_data)       # Python (非 safe_load)
unserialize($user_data)    # PHP
deserialize(user_data)     # Java ObjectInputStream
shell=True + user_input    # Python subprocess
child_process.exec(user)   # Node.js

始终标记（高）

innerHTML = userInput              # DOM XSS
dangerouslySetInnerHTML={user}     # React XSS
v-html="userInput"                 # Vue XSS
f"SELECT * FROM x WHERE {user}"    # SQL 注入
`SELECT * FROM x WHERE ${user}`    # SQL 注入
os.system(f"cmd {user_input}")     # 命令注入

始终标记（密钥）

password = "hardcoded"
api_key = "sk-..."
AWS_SECRET_ACCESS_KEY = "..."
private_key = "-----BEGIN"

先检查上下文（标记前必须调查）

# SSRF - 仅当 URL 来自用户输入，而非来自设置/配置时
requests.get(request.GET['url'])     # 标记：用户控制的 URL
requests.get(settings.API_URL)       # 安全：服务器控制的配置
requests.get(f"{settings.BASE}/{x}") # 检查：'x' 是用户输入吗？

# 路径遍历 - 仅当路径来自用户输入时
open(request.GET['file'])            # 标记：用户控制的路径
open(settings.LOG_PATH)              # 安全：服务器控制的配置
open(f"{BASE_DIR}/{filename}")       # 检查：'filename' 是用户输入吗？

# 开放重定向 - 仅当 URL 来自用户输入时
redirect(request.GET['next'])        # 标记：用户控制的重定向
redirect(settings.LOGIN_URL)         # 安全：服务器控制的配置

# 弱加密 - 仅当用于安全目的时
hashlib.md5(file_content)            # 安全：文件校验和、缓存
hashlib.md5(password)                # 标记：密码哈希
random.random()                      # 安全：非安全用途（UI、采样）
random.random() for token            # 标记：安全令牌需要 secrets 模块

## 安全审查：[文件/组件名称]

### 摘要
- **发现**：X（Y 个严重，Z 个高，...）
- **风险级别**：严重/高/中/低
- **置信度**：高/混合

### 发现

#### [VULN-001] [漏洞类型] (严重性)
- **位置**：`file.py:123`
- **置信度**：高
- **问题**：[漏洞是什么]
- **影响**：[攻击者能做什么]
- **证据**：
  ```python
  [易受攻击的代码片段]

修复：[如何修复]

[VERIFY-001] [潜在问题]

位置：file.py:456

问题：[需要验证什么]

如果未发现漏洞，请声明："未识别出高置信度漏洞。"

参考文件

核心漏洞 (`references/`)

文件	涵盖内容
`injection.md`	SQL、NoSQL、OS 命令、LDAP、模板注入
`xss.md`	反射型、存储型、基于 DOM 的 XSS
`authorization.md`	授权、IDOR、权限提升
`authentication.md`	会话、凭据、密码存储
`cryptography.md`	算法、密钥管理、随机性
`deserialization.md`	Pickle、YAML、Java、PHP 反序列化
`file-security.md`	路径遍历、上传、XXE
`ssrf.md`	服务器端请求伪造
`csrf.md`	跨站请求伪造
`data-protection.md`	密钥暴露、PII、日志记录
`api-security.md`	REST、GraphQL、大规模分配
`business-logic.md`	竞争条件、工作流绕过
`modern-threats.md`	原型污染、LLM 注入、WebSocket
`misconfiguration.md`	头部、CORS、调试模式、默认值
`error-handling.md`	故障开放、信息泄露
`supply-chain.md`	依赖项、构建安全
`logging.md`	审计失败、日志注入

语言指南 (`languages/`)

python.md - Django、Flask、FastAPI 模式
javascript.md - Node、Express、React、Vue、Next.js
go.md - Go 特定的安全模式
rust.md - Rust 不安全块、FFI 安全
java.md - Spring、Java EE 模式

基础设施 (`infrastructure/`)

docker.md - 容器安全
kubernetes.md - K8s RBAC、密钥、策略
terraform.md - IaC 安全
ci-cd.md - 流水线安全
cloud.md - AWS/GCP/Azure 安全

🇺🇸English

Security Review Skill

Identify exploitable security vulnerabilities in code. Report only HIGH CONFIDENCE findings—clear vulnerable patterns with attacker-controlled input.

Scope: Research vs. Reporting

CRITICAL DISTINCTION:

Report on : Only the specific file, diff, or code provided by the user
Research : The ENTIRE codebase to build confidence before reporting

Before flagging any issue, you MUST research the codebase to understand:

Where does this input actually come from? (Trace data flow)
Is there validation/sanitization elsewhere?
How is this configured? (Check settings, config files, middleware)
What framework protections exist?

Do NOT report issues based solely on pattern matching. Investigate first, then report only what you're confident is exploitable.

Confidence Levels

Level	Criteria	Action
HIGH	Vulnerable pattern + attacker-controlled input confirmed	Report with severity
MEDIUM	Vulnerable pattern, input source unclear	Note as "Needs verification"
LOW	Theoretical, best practice, defense-in-depth	Do not report

Do Not Flag

General Rules

Test files (unless explicitly reviewing test security)
Dead code, commented code, documentation strings
Patterns using constants or server-controlled configuration
Code paths that require prior authentication to reach (note the auth requirement instead)

Server-Controlled Values (NOT Attacker-Controlled)

These are configured by operators, not controlled by attackers:

Source	Example	Why It's Safe
Django settings	`settings.API_URL`, `settings.ALLOWED_HOSTS`	Set via config/env at deployment
Environment variables	`os.environ.get('DATABASE_URL')`	Deployment configuration
Config files	`config.yaml`, `app.config['KEY']`	Server-side files
Framework constants	`django.conf.settings.*`

SSRF Example - NOT a vulnerability:

# SAFE: URL comes from Django settings (server-controlled)
response = requests.get(f"{settings.SEER_AUTOFIX_URL}{path}")

SSRF Example - IS a vulnerability:

# VULNERABLE: URL comes from request (attacker-controlled)
response = requests.get(request.GET.get('url'))

Framework-Mitigated Patterns

Check language guides before flagging. Common false positives:

Pattern	Why It's Usually Safe
Django `{{ variable }}`	Auto-escaped by default
React `{variable}`	Auto-escaped by default
Vue `{{ variable }}`	Auto-escaped by default
`User.objects.filter(id=input)`	ORM parameterizes queries
`cursor.execute("...%s", (input,))`	Parameterized query
`innerHTML = "<b>Loading...</b>"`

Only flag these when:

Django: {{ var|safe }}, {% autoescape off %}, mark_safe(user_input)
React: dangerouslySetInnerHTML={{__html: userInput}}
Vue: v-html="userInput"
ORM: .raw(), .extra(), RawSQL() with string interpolation

Review Process

1. Detect Context

What type of code am I reviewing?

Code Type	Load These References
API endpoints, routes	`authorization.md`, `authentication.md`, `injection.md`
Frontend, templates	`xss.md`, `csrf.md`
File handling, uploads	`file-security.md`
Crypto, secrets, tokens	`cryptography.md`, `data-protection.md`

2. Load Language Guide

Based on file extension or imports:

Indicators	Guide
`.py`, `django`, `flask`, `fastapi`	`languages/python.md`
`.js`, `.ts`, `express`, `react`, `vue`,

3. Load Infrastructure Guide (if applicable)

File Type	Guide
`Dockerfile`, `.dockerignore`	`infrastructure/docker.md`
K8s manifests, Helm charts	`infrastructure/kubernetes.md`
`.tf`, Terraform	`infrastructure/terraform.md`
GitHub Actions, `.gitlab-ci.yml`	`infrastructure/ci-cd.md`

4. Research Before Flagging

For each potential issue, research the codebase to build confidence:

Where does this value actually come from? Trace the data flow.
Is it configured at deployment (settings, env vars) or from user input?
Is there validation, sanitization, or allowlisting elsewhere?
What framework protections apply?

Only report issues where you have HIGH confidence after understanding the broader context.

5. Verify Exploitability

For each potential finding, confirm:

Is the input attacker-controlled?

Attacker-Controlled (Investigate)	Server-Controlled (Usually Safe)
`request.GET`, `request.POST`, `request.args`	`settings.X`, `app.config['X']`
`request.json`, `request.data`, `request.body`	`os.environ.get('X')`

Does the framework mitigate this?

Check language guide for auto-escaping, parameterization
Check for middleware/decorators that sanitize

Is there validation upstream?

Input validation before this code
Sanitization libraries (DOMPurify, bleach, etc.)

6. Report HIGH Confidence Only

Skip theoretical issues. Report only what you've confirmed is exploitable after research.

Severity Classification

Severity	Impact	Examples
Critical	Direct exploit, severe impact, no auth required	RCE, SQL injection to data, auth bypass, hardcoded secrets
High	Exploitable with conditions, significant impact	Stored XSS, SSRF to metadata, IDOR to sensitive data
Medium	Specific conditions required, moderate impact	Reflected XSS, CSRF on state-changing actions, path traversal
Low	Defense-in-depth, minimal direct impact	Missing headers, verbose errors, weak algorithms in non-critical context

Quick Patterns Reference

Always Flag (Critical)

eval(user_input)           # Any language
exec(user_input)           # Any language
pickle.loads(user_data)    # Python
yaml.load(user_data)       # Python (not safe_load)
unserialize($user_data)    # PHP
deserialize(user_data)     # Java ObjectInputStream
shell=True + user_input    # Python subprocess
child_process.exec(user)   # Node.js

Always Flag (High)

innerHTML = userInput              # DOM XSS
dangerouslySetInnerHTML={user}     # React XSS
v-html="userInput"                 # Vue XSS
f"SELECT * FROM x WHERE {user}"    # SQL injection
`SELECT * FROM x WHERE ${user}`    # SQL injection
os.system(f"cmd {user_input}")     # Command injection

Always Flag (Secrets)

password = "hardcoded"
api_key = "sk-..."
AWS_SECRET_ACCESS_KEY = "..."
private_key = "-----BEGIN"

Check Context First (MUST Investigate Before Flagging)

# SSRF - ONLY if URL is from user input, NOT from settings/config
requests.get(request.GET['url'])     # FLAG: User-controlled URL
requests.get(settings.API_URL)       # SAFE: Server-controlled config
requests.get(f"{settings.BASE}/{x}") # CHECK: Is 'x' user input?

# Path traversal - ONLY if path is from user input
open(request.GET['file'])            # FLAG: User-controlled path
open(settings.LOG_PATH)              # SAFE: Server-controlled config
open(f"{BASE_DIR}/{filename}")       # CHECK: Is 'filename' user input?

# Open redirect - ONLY if URL is from user input
redirect(request.GET['next'])        # FLAG: User-controlled redirect
redirect(settings.LOGIN_URL)         # SAFE: Server-controlled config

# Weak crypto - ONLY if used for security purposes
hashlib.md5(file_content)            # SAFE: File checksums, caching
hashlib.md5(password)                # FLAG: Password hashing
random.random()                      # SAFE: Non-security uses (UI, sampling)
random.random() for token            # FLAG: Security tokens need secrets module

Output Format

## Security Review: [File/Component Name]

### Summary
- **Findings**: X (Y Critical, Z High, ...)
- **Risk Level**: Critical/High/Medium/Low
- **Confidence**: High/Mixed

### Findings

#### [VULN-001] [Vulnerability Type] (Severity)
- **Location**: `file.py:123`
- **Confidence**: High
- **Issue**: [What the vulnerability is]
- **Impact**: [What an attacker could do]
- **Evidence**:
  ```python
  [Vulnerable code snippet]

Fix : [How to remediate]

Needs Verification

[VERIFY-001] [Potential Issue]

Location : file.py:456
Question : [What needs to be verified]

If no vulnerabilities found, state: "No high-confidence vulnerabilities identified."

Reference Files

Core Vulnerabilities (references/)

File Covers
injection.md SQL, NoSQL, OS command, LDAP, template injection
xss.md Reflected, stored, DOM-based XSS
authorization.md Authorization, IDOR, privilege escalation

File	Covers
`injection.md`	SQL, NoSQL, OS command, LDAP, template injection
`xss.md`	Reflected, stored, DOM-based XSS
`authorization.md`	Authorization, IDOR, privilege escalation

Weekly Installs

1.2K

Repository

getsentry/skills

GitHub Stars

458

First Seen

Jan 29, 2026

Security Audits

Gen Agent Trust HubPass SocketPass SnykFail

Installed on

opencode1.1K

codex1.1K

gemini-cli1.1K

github-copilot1.1K

cursor1.0K

kimi-cli991

React 组合模式指南：Vercel 组件架构最佳实践，提升代码可维护性

102,200 周安装

Language Guides (`languages/`)

python.md - Django, Flask, FastAPI patterns
javascript.md - Node, Express, React, Vue, Next.js
go.md - Go-specific security patterns
rust.md - Rust unsafe blocks, FFI security
java.md - Spring, Java EE patterns

Infrastructure (`infrastructure/`)

docker.md - Container security
kubernetes.md - K8s RBAC, secrets, policies
terraform.md - IaC security
ci-cd.md - Pipeline security
cloud.md - AWS/GCP/Azure security