security-scanner

Security Scanner

Comprehensive security analysis detecting hardcoded secrets, SQL injection, XSS, insecure dependencies, and OWASP Top 10 vulnerabilities.

What This Skill Does

• Scans for hardcoded secrets (API keys, passwords, tokens)
• Detects SQL injection vulnerabilities
• Finds XSS attack vectors
• Checks insecure dependencies
• Identifies authentication/authorization flaws
• Reviews CORS and CSP configurations
• Checks for insecure cryptography

Instructions

Phase 1: Secret Detection

Search for common secret patterns:

# API Keys
Grep for patterns:
- AWS: AKIA[0-9A-Z]{16}
- GitHub: ghp_[0-9a-zA-Z]{36}
- Slack: xox[baprs]-[0-9]{10,13}-[0-9a-zA-Z]{24,}
- Stripe: sk_live_[0-9a-zA-Z]{24}
- Private keys: -----BEGIN.*PRIVATE KEY-----

# Passwords
- password\s*=\s*["'][^"']+["']
- DB connection strings
- Hardcoded credentials

Example findings:

HIGH: Hardcoded AWS key found
File: src/config.js:12
Pattern: const AWS_KEY = "AKIAIOSFODNN7EXAMPLE"
Risk: Exposed AWS credentials
Fix: Use environment variables or secrets manager

Phase 2: Injection Vulnerabilities

SQL Injection:

# BAD: String concatenation
query = "SELECT * FROM users WHERE id = " + user_id

# GOOD: Parameterized query
query = "SELECT * FROM users WHERE id = ?"

Command Injection:

// BAD: Direct execution
exec(`ls ${userInput}`)

// GOOD: Sanitized input
execFile('ls', [sanitize(userInput)])

XSS Detection:

// BAD: innerHTML with user input
element.innerHTML = userInput

// GOOD: textContent or sanitize
element.textContent = userInput
// Or use DOMPurify
element.innerHTML = DOMPurify.sanitize(userInput)

Phase 3: Dependency Vulnerabilities

# Check for vulnerable dependencies
npm audit
pip-audit
cargo audit

# Generate report
npm audit --json > audit-report.json

Phase 4: OWASP Top 10 Checks

1. Broken Access Control

   • Missing authorization checks
   • Insecure direct object references
   • Exposed admin endpoints

2. Cryptographic Failures

   • Hardcoded encryption keys
   • Weak algorithms (MD5, SHA1)
   • Unencrypted sensitive data

3. Injection

   • SQL, NoSQL, OS command, LDAP injection
   • Unsanitized user input

4. Insecure Design

   • Missing rate limiting
   • No CSRF protection
   • Weak session management

5. Security Misconfiguration

   • Debug mode in production
   • Default credentials
   • Unnecessary services enabled

Scan Report Format

# Security Scan Report

**Scan Date**: 2025-01-13
**Project**: myapp
**Total Issues**: 12

## Critical (2)
1. Hardcoded AWS credentials
   - File: config/aws.js:5
   - Risk: Full AWS account compromise
   - Fix: Use AWS IAM roles or environment variables

2. SQL Injection vulnerability
   - File: api/users.js:45
   - Code: `SELECT * FROM users WHERE id = ${userId}`
   - Fix: Use parameterized queries

## High (5)
3. XSS vulnerability in search
   - File: components/Search.jsx:23
   - Risk: Arbitrary JavaScript execution
   - Fix: Sanitize user input with DOMPurify

4. Missing authentication on /admin endpoint
   - File: routes/admin.js
   - Risk: Unauthorized access to admin functions
   - Fix: Add authentication middleware

## Medium (3)
5. Weak CORS configuration
   - File: server.js:10
   - Issue: CORS set to *
   - Fix: Whitelist specific domains

## Low (2)
6. Console.log in production
   - Multiple files
   - Risk: Information disclosure
   - Fix: Remove or use proper logging

## Recommendations
1. Implement secrets management (AWS Secrets Manager, Vault)
2. Add input validation library (joi, express-validator)
3. Enable Content Security Policy
4. Implement rate limiting
5. Add security headers (helmet.js)

Auto-Fix Suggestions

// Before (Vulnerable)
const query = `SELECT * FROM users WHERE email = '${email}'`;

// After (Fixed)
const query = 'SELECT * FROM users WHERE email = ?';
db.execute(query, [email]);

Best Practices

1. Never commit secrets: Use .env files (in .gitignore)
2. Sanitize all input: Treat all user input as untrusted
3. Use prepared statements: Prevent SQL injection
4. Implement CSP: Mitigate XSS attacks
5. Regular dependency updates: Fix known vulnerabilities
6. Principle of least privilege: Minimal permissions

Tool Requirements

• Read: Examine source code
• Grep: Pattern matching for vulnerabilities
• Glob: Find all relevant files
• Bash: Run security tools (npm audit, etc.)

Examples

Example 1: Quick Scan

User: "Scan my code for security issues"

Output:

• 3 Critical: Hardcoded secrets
• 5 High: SQL injection, XSS
• 2 Medium: CORS misconfiguration
• Auto-fix suggestions provided

Example 2: Dependency Audit

User: "Check for vulnerable dependencies"

Output:

• 15 vulnerabilities found
• 10 fixable with npm audit fix
• 5 require manual updates

Changelog

Version 1.0.0

• Secret detection
• Injection vulnerability scanning
• OWASP Top 10 checks
• Dependency auditing
• Auto-fix suggestions

Author

GLINCKER Team

• Repository: claude-code-marketplace