personal-projects/leo-claude-mktplace
Template
0
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
32bbca73ba59a2726101ce1f58253e3037037c50
leo-claude-mktplace/plugins/code-sentinel/commands/security-scan.md
lmiranda 870ed26510 feat: add code-sentinel plugin for security scanning and refactoring 
Adds security scanning via PreToolUse hooks + refactoring commands:
- PreToolUse hook catches security issues before code is written
- /security-scan command for comprehensive security audit
- /refactor command to apply refactoring patterns
- /refactor-dry command to preview refactoring opportunities
- security-reviewer agent for vulnerability analysis
- refactor-advisor agent for code structure improvements
- security-patterns skill for vulnerability detection rules

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-20 12:32:43 -05:00

2.0 KiB
Raw Blame History

description
description
Full security audit of codebase - scans all files for vulnerability patterns

Security Scan

Comprehensive security audit of the project.

Process

  1. File Discovery Scan all code files: .py, .js, .ts, .jsx, .tsx, .go, .rs, .java, .rb, .php, .sh

  2. Pattern Detection

    Critical Vulnerabilities

    Pattern Risk Detection
    SQL Injection High String concat in SQL queries
    Command Injection High shell=True, os.system with vars
    XSS High innerHTML with user input
    Code Injection Critical eval/exec with external input
    Deserialization Critical pickle.loads, yaml.load unsafe
    Path Traversal High File ops without sanitization
    Hardcoded Secrets High API keys, passwords in code
    SSRF Medium URL from user input in requests

    Code Quality Issues

    Pattern Risk Detection
    Broad Exceptions Low except: or except Exception:
    Debug Statements Low print/console.log with data
    TODO/FIXME Security Medium Comments mentioning security
    Deprecated Functions Medium Known insecure functions

  3. Output Format

## Security Scan Report

### Critical (Immediate Action Required)
🔴 src/db.py:45 - SQL Injection
   Code: `f"SELECT * FROM users WHERE id = {user_id}"`
   Fix: Use parameterized query: `cursor.execute("SELECT * FROM users WHERE id = ?", (user_id,))`

### High
🟠 config.py:12 - Hardcoded Secret
   Code: `API_KEY = "sk-1234..."`
   Fix: Use environment variable: `API_KEY = os.environ.get("API_KEY")`

### Medium
🟡 utils.py:78 - Broad Exception
   Code: `except:`
   Fix: Catch specific exceptions

### Summary
- Critical: X (must fix before deploy)
- High: X (fix soon)
- Medium: X (improve when possible)
  1. Exit Code Guidance
    • Critical findings: Recommend blocking merge/deploy
    • High findings: Recommend fixing before release
    • Medium/Low: Informational
Reference in New Issue View Git Blame Copy Permalink