Files
wehub-resource-sync d48cda4081
CI / Test (ubuntu-latest, Node 18.x, bun) (push) Failing after 15m1s
CI / Test (ubuntu-latest, Node 18.x, npm) (push) Failing after 15m1s
CI / Test (ubuntu-latest, Node 18.x, pnpm) (push) Failing after 15m1s
CI / Test (ubuntu-latest, Node 18.x, yarn) (push) Failing after 15m1s
CI / Test (ubuntu-latest, Node 20.x, bun) (push) Failing after 17m13s
CI / Test (ubuntu-latest, Node 20.x, npm) (push) Failing after 18m42s
CI / Test (ubuntu-latest, Node 20.x, pnpm) (push) Failing after 15m0s
CI / Test (ubuntu-latest, Node 20.x, yarn) (push) Failing after 49m44s
CI / Test (ubuntu-latest, Node 22.x, bun) (push) Failing after 51m55s
CI / Test (ubuntu-latest, Node 22.x, pnpm) (push) Failing after 21m57s
CI / Test (ubuntu-latest, Node 22.x, npm) (push) Failing after 37m39s
CI / Test (ubuntu-latest, Node 22.x, yarn) (push) Failing after 34m7s
CI / Validate Components (push) Failing after 37m15s
CI / Python Tests (push) Failing after 10m1s
CI / Security Scan (push) Failing after 10m1s
CI / Lint (push) Failing after 17m12s
CI / Coverage (push) Failing after 20m19s
CI / Test (macos-latest, Node 18.x, bun) (push) Has been cancelled
CI / Test (macos-latest, Node 18.x, npm) (push) Has been cancelled
CI / Test (macos-latest, Node 18.x, pnpm) (push) Has been cancelled
CI / Test (macos-latest, Node 18.x, yarn) (push) Has been cancelled
CI / Test (windows-latest, Node 18.x, npm) (push) Has been cancelled
CI / Test (windows-latest, Node 18.x, pnpm) (push) Has been cancelled
CI / Test (windows-latest, Node 18.x, yarn) (push) Has been cancelled
CI / Test (macos-latest, Node 20.x, bun) (push) Has been cancelled
CI / Test (macos-latest, Node 20.x, npm) (push) Has been cancelled
CI / Test (macos-latest, Node 20.x, pnpm) (push) Has been cancelled
CI / Test (macos-latest, Node 20.x, yarn) (push) Has been cancelled
CI / Test (windows-latest, Node 20.x, npm) (push) Has been cancelled
CI / Test (windows-latest, Node 20.x, pnpm) (push) Has been cancelled
CI / Test (windows-latest, Node 20.x, yarn) (push) Has been cancelled
CI / Test (macos-latest, Node 22.x, bun) (push) Has been cancelled
CI / Test (macos-latest, Node 22.x, npm) (push) Has been cancelled
CI / Test (macos-latest, Node 22.x, pnpm) (push) Has been cancelled
CI / Test (macos-latest, Node 22.x, yarn) (push) Has been cancelled
CI / Test (windows-latest, Node 22.x, npm) (push) Has been cancelled
CI / Test (windows-latest, Node 22.x, pnpm) (push) Has been cancelled
CI / Test (windows-latest, Node 22.x, yarn) (push) Has been cancelled
chore: import upstream snapshot with attribution
2026-07-13 11:55:55 +08:00

2.1 KiB

description, agent, subtask
description agent subtask
Run comprehensive security review everything-claude-code:security-reviewer true

Security Review Command

Conduct a comprehensive security review: $ARGUMENTS

Your Task

Analyze the specified code for security vulnerabilities following OWASP guidelines and security best practices.

Security Checklist

OWASP Top 10

  1. Injection (SQL, NoSQL, OS command, LDAP)

    • Check for parameterized queries
    • Verify input sanitization
    • Review dynamic query construction
  2. Broken Authentication

    • Password storage (bcrypt, argon2)
    • Session management
    • Multi-factor authentication
    • Password reset flows
  3. Sensitive Data Exposure

    • Encryption at rest and in transit
    • Proper key management
    • PII handling
  4. XML External Entities (XXE)

    • Disable DTD processing
    • Input validation for XML
  5. Broken Access Control

    • Authorization checks on every endpoint
    • Role-based access control
    • Resource ownership validation
  6. Security Misconfiguration

    • Default credentials removed
    • Error handling doesn't leak info
    • Security headers configured
  7. Cross-Site Scripting (XSS)

    • Output encoding
    • Content Security Policy
    • Input sanitization
  8. Insecure Deserialization

    • Validate serialized data
    • Implement integrity checks
  9. Using Components with Known Vulnerabilities

    • Run npm audit
    • Check for outdated dependencies
  10. Insufficient Logging & Monitoring

    • Security events logged
    • No sensitive data in logs
    • Alerting configured

Additional Checks

  • Secrets in code (API keys, passwords)
  • Environment variable handling
  • CORS configuration
  • Rate limiting
  • CSRF protection
  • Secure cookie flags

Report Format

Critical Issues

[Issues that must be fixed immediately]

High Priority

[Issues that should be fixed before release]

Recommendations

[Security improvements to consider]


IMPORTANT: Security issues are blockers. Do not proceed until critical issues are resolved.