Security Review
When reviewing code for security issues, check each category below. Reference the detailed checklist in references/security-checklist.md.
Injection Vulnerabilities
- •SQL injection: Look for string concatenation in database queries
- •Command injection: Check for unsanitized input passed to shell commands (
exec,spawn) - •XSS: Look for unsanitized user input rendered in HTML/templates
- •Path traversal: Check for user input in file paths without sanitization
Authentication & Authorization
- •Verify authentication checks on protected routes/endpoints
- •Ensure authorization checks match the required access level
- •Look for privilege escalation paths (e.g., user can modify other users' data)
- •Check that password/token comparison uses constant-time comparison
Secrets & Credentials
- •Hardcoded API keys, passwords, tokens, or connection strings
- •Secrets in configuration files that might be committed
- •Sensitive data in logs or error messages
- •Credentials passed via URL query parameters
Input Validation
- •Validate and sanitize all external input (user input, API responses, file contents)
- •Check for missing or weak input validation on API endpoints
- •Verify type coercion doesn't bypass validation
- •Look for overly permissive CORS or CSP configurations
Data Exposure
- •Sensitive data returned in API responses unnecessarily
- •PII or secrets in application logs
- •Information leakage in error messages (stack traces, internal paths)
- •Missing data encryption for sensitive fields
Severity Levels
- •🔴 CRITICAL: Exploitable vulnerability (injection, auth bypass, exposed secrets)
- •🟠 HIGH: Potential vulnerability that needs investigation
- •🟡 MEDIUM: Security weakness or missing best practice
- •🔵 LOW: Minor security improvement suggestion