security-audit

Security Audit

Audit the code at $ARGUMENTS against production-quality security standards.

If no path is provided, audit the most recently changed files: !git diff --name-only HEAD~1 2>/dev/null | head -30

Scope

• Single file → audit that file deeply
• Directory → recurse, prioritize entry points (routes, handlers, IaC, CI configs, Dockerfiles)
• PR diff → audit only changed lines + their surrounding context
• "the whole repo" → full audit (warn about runtime; suggest tooling)

Audit Categories

For each piece of code, run the categories below. Only report actual issues. Calibrate severity by exploitability + blast radius (see threat-modeling.md).

1. Injection (CWE-79, CWE-89, CWE-78, CWE-94, CWE-77)

SQL / NoSQL / OS command / code / template / expression-language / LDAP / XPath. Look for: string concat into queries, eval, child_process.exec, dangerouslySetInnerHTML, pickle.loads, ORM raw/literal/Unsafe APIs.

2. Broken Access Control (CWE-862, CWE-863, CWE-639, CWE-352)

IDOR, BOLA, BOPLA, missing auth on routes, mass assignment, missing CSRF, client-only checks, Server Actions without auth() call. Trace every state-changing handler — what's the first non-trivial line?

3. Cryptographic Failures (CWE-327, CWE-328, CWE-330, CWE-916)

Weak hashes (MD5, SHA1, bcrypt < 12), Math.random() for tokens, ECB mode, hardcoded IVs/keys, JWT alg: none, HS256/RS256 confusion, === for HMAC compare, rejectUnauthorized: false.

4. SSRF (CWE-918)

fetch/requests.get/http.get with user-controllable URL without allowlist + private-IP block + protocol pin.

5. Path Traversal (CWE-22)

fs.readFile(userPath), send_file, path.join(base, userInput) without resolve+prefix-check.

6. Insecure Deserialization (CWE-502)

pickle.loads, yaml.load (not safe_load), ObjectInputStream, node-serialize, Marshal.load, vm2 sandbox use.

7. XSS (CWE-79)

dangerouslySetInnerHTML, innerHTML=, v-html, {@html}, unsafe markdown render, DOM-based XSS via location.hash/query.

8. Authentication & Session (CWE-287, CWE-384, CWE-521)

Plaintext password compare, JWT in localStorage, missing rate limit on login, missing MFA, weak password policy, sessions not regenerated on auth, predictable reset tokens.

9. Hardcoded Secrets (CWE-798)

AWS keys, GitHub tokens, Stripe keys, OpenAI/Anthropic keys, JWTs, private keys, DB connection strings, generic high-entropy strings. Skip the .env files themselves; scan source / configs / CI / Docker.

10. Cloud Misconfiguration

S3 public, IAM *:*, security group 0.0.0.0/0:22, RDS public, IMDSv1 enabled, missing encryption, missing audit logging.

11. Container & Kubernetes Misconfiguration

privileged: true, runAsUser: 0, hostNetwork: true, /var/run/docker.sock mount, missing resource limits, image:latest, missing securityContext.

12. CI/CD Risks

pull_request_target + checkout fork code, ${{ github.event.pull_request.title }} in shell, mutable Action tags, permissions: write-all, secrets passed to fork PRs.

13. Supply Chain

Unpinned Action tags, :latest Docker tags, missing SRI on <script src>, curl … | sh in setup scripts, postinstall scripts, vulnerable deps from npm audit.

14. Open Redirect (CWE-601)

router.push(searchParams.get('next')) without allowlist; bypasses like //evil.com.

15. ReDoS (CWE-1333)

Catastrophic backtracking patterns: (a+)+, (a*)*, (a|aa)+.

16. Server Action / RPC Authorization

Every 'use server' function — first line auth check + ownership verification + input schema?

17. Sensitive Data Exposure (CWE-200)

Stack traces in responses, full user objects hydrated to client, secrets in logs, error messages with file paths.

18. CSRF / CORS / Cookies (CWE-352)

Missing CSRF token, cors({ origin: '*', credentials: true }), cookies without httpOnly / Secure / SameSite.

19. Markdown / Output Rendering Hazards

Image URL constructed from secrets / untrusted content (exfil channel — see BridgeWard).

20. LLM-Specific (when applicable)

LLM05 (output passed to dangerous sink), LLM06 (excessive agency), LLM07 (secrets in system prompt).

Output Format

# BridgeSecurity Audit Report

**Target**: <path or scope>
**Scanned**: <N files / X bytes>
**Date**: <ISO date>

## Summary

| Severity | Count |
|---|---|
| Critical | N |
| High | N |
| Medium | N |
| Low | N |
| Info | N |

## Findings

### [Critical] <Title — concrete, not "potential issue">
- **File**: `path/to/file.ts:42`
- **Class**: <category — Injection / Broken Access Control / etc.>
- **CWE**: CWE-89 (SQL Injection)
- **OWASP**: A03 Injection
- **Code**:
  ```ts
  const result = await db.query(`SELECT * FROM users WHERE email = '${email}'`);

• Why it's a problem: <one paragraph — concrete exploit scenario, not generic theory>
• Fix:

  const result = await db.query('SELECT * FROM users WHERE email = $1', [email]);
  

• References: CWE-89, BridgeSecurity language-patterns

[next finding...]

Conclusion

<overall verdict — block merge / fix before release / good enough to ship> <top 3 priority items for immediate action>

### Severity Levels

- **Critical**: direct RCE / full data exposure / auth bypass / mass exfiltration. Fix before merge.
- **High**: significant data exposure / privilege escalation / DoS / IDOR. Fix this sprint.
- **Medium**: likely-exploitable but limited blast radius, or requires user interaction.
- **Low**: defense-in-depth gap.
- **Info**: best-practice deviation worth noting.

Calibrate to **production impact**, not theoretical purity. A `Math.random()` for an unguessable element ID is `Info`. The same code generating a session token is `Critical`.

### Important Rules for Auditor

1. **Read-only**. Suggest fixes; don't apply them unless explicitly asked.
2. **Quote, don't paraphrase**. Show the exact vulnerable code.
3. **Concrete fixes**. Show the patched code, not just "use parameterized queries".
4. **Map to CWE + OWASP**. Use canonical IDs.
5. **No false positives if avoidable**. Verify before flagging:
   - Is the input actually user-controllable, or constant?
   - Is this a test fixture / example?
   - Is there sanitization on the way to the sink?
6. **Calibrate severity by reachability**. Unreachable vuln in dead code = Info.
7. **Don't dump tool output**. If you ran `semgrep` / `trivy` / `gitleaks`, synthesize. Deduplicate. Prioritize.
8. **Respect environment files**. Never read or display `.env*` contents (project rule). You can flag *references* to env files (e.g., a Dockerfile that copies `.env`).

### Default behavior when `$ARGUMENTS` is empty

Audit the most recently changed files (last commit / current diff). If outside a git repo, ask the user:

> "What would you like me to audit? Options: (1) a file or directory path, (2) `git diff HEAD~1`, (3) the whole repo (slower), (4) a specific concern (e.g., 'all server actions', 'all SQL queries', 'all Dockerfiles')."