arch-security-review
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseQuick Summary
快速概述
Goal: Review code for security vulnerabilities against OWASP Top 10 and enforce authorization, data protection, and secure coding patterns.
Workflow:
- Pre-Flight — Identify security-sensitive areas, check OWASP relevance, review existing patterns
- OWASP Audit — Evaluate code against all 10 categories (access control, injection, auth, etc.)
- Platform Checks — Verify PlatformAuthorize, entity access expressions, input validation
- Report — Document findings with severity, vulnerable vs secure code examples
Key Rules:
- Always check both backend (C#) and frontend (Angular) attack surfaces
- Use and entity-level access expressions, never rely on UI-only guards
[PlatformAuthorize] - Validate all external data with , never trust client input
PlatformValidationResult
目标: 对照OWASP Top 10审查代码中的安全漏洞,落实权限控制、数据保护及安全编码规范。
工作流:
- 前期准备 — 识别安全敏感区域,检查与OWASP的相关性,审查现有安全规范
- OWASP审计 — 对照全部10个类别(访问控制、注入攻击、身份验证等)评估代码
- 平台检查 — 验证PlatformAuthorize、实体访问表达式、输入校验
- 报告 — 记录发现的问题,标注严重程度,并提供漏洞代码与安全代码示例
核心规则:
- 务必同时检查后端(C#)和前端(Angular)的攻击面
- 使用和实体级访问表达式,绝不能仅依赖UI层面的防护
[PlatformAuthorize] - 用校验所有外部数据,绝不信任客户端输入
PlatformValidationResult
Security Review Workflow
安全审查工作流
When to Use This Skill
何时使用该技能
- Security audit of code changes
- Implementing authentication/authorization
- Data protection review
- Vulnerability assessment
- 代码变更的安全审计
- 身份验证/权限控制的实现
- 数据保护审查
- 漏洞评估
Pre-Flight Checklist
前期准备清单
- Identify security-sensitive areas
- Review OWASP Top 10 relevance
- Check for existing security patterns
- Plan remediation approach
- 识别安全敏感区域
- 审查OWASP Top 10的相关性
- 检查现有安全规范
- 规划修复方案
OWASP Top 10 Checklist
OWASP Top 10 检查清单
1. Broken Access Control
1. 访问控制失效
csharp
// :x: VULNERABLE - No authorization check
[HttpGet("{id}")]
public async Task<Employee> Get(string id)
=> await repo.GetByIdAsync(id);
// :white_check_mark: SECURE - Authorization enforced
[HttpGet("{id}")]
[PlatformAuthorize(Roles.Manager, Roles.Admin)]
public async Task<Employee> Get(string id)
{
var employee = await repo.GetByIdAsync(id);
// Verify access to this specific resource
if (employee.CompanyId != RequestContext.CurrentCompanyId())
throw new UnauthorizedAccessException();
return employee;
}csharp
// :x: 存在漏洞 - 未做权限校验
[HttpGet("{id}")]
public async Task<Employee> Get(string id)
=> await repo.GetByIdAsync(id);
// :white_check_mark: 安全合规 - 已落实权限控制
[HttpGet("{id}")]
[PlatformAuthorize(Roles.Manager, Roles.Admin)]
public async Task<Employee> Get(string id)
{
var employee = await repo.GetByIdAsync(id);
// 验证对该特定资源的访问权限
if (employee.CompanyId != RequestContext.CurrentCompanyId())
throw new UnauthorizedAccessException();
return employee;
}2. Cryptographic Failures
2. 加密机制失效
csharp
// :x: VULNERABLE - Storing plain text secrets
var apiKey = config["ApiKey"];
await SaveToDatabase(apiKey);
// :white_check_mark: SECURE - Encrypt sensitive data
var encryptedKey = encryptionService.Encrypt(apiKey);
await SaveToDatabase(encryptedKey);
// Use secure configuration
var apiKey = config.GetValue<string>("ApiKey"); // From Azure Key Vaultcsharp
// :x: 存在漏洞 - 明文存储敏感信息
var apiKey = config["ApiKey"];
await SaveToDatabase(apiKey);
// :white_check_mark: 安全合规 - 加密敏感数据
var encryptedKey = encryptionService.Encrypt(apiKey);
await SaveToDatabase(encryptedKey);
// 使用安全配置
var apiKey = config.GetValue<string>("ApiKey"); // 来自Azure Key Vault3. Injection
3. 注入攻击
csharp
// :x: VULNERABLE - SQL Injection
var sql = $"SELECT * FROM Users WHERE Name = '{name}'";
await context.Database.ExecuteSqlRawAsync(sql);
// :white_check_mark: SECURE - Parameterized query
await context.Users.Where(u => u.Name == name).ToListAsync();
// Or if raw SQL needed:
await context.Database.ExecuteSqlRawAsync(
"SELECT * FROM Users WHERE Name = @p0", name);csharp
// :x: 存在漏洞 - SQL注入风险
var sql = $"SELECT * FROM Users WHERE Name = '{name}'";
await context.Database.ExecuteSqlRawAsync(sql);
// :white_check_mark: 安全合规 - 参数化查询
await context.Users.Where(u => u.Name == name).ToListAsync();
// 若需使用原生SQL:
await context.Database.ExecuteSqlRawAsync(
"SELECT * FROM Users WHERE Name = @p0", name);4. Insecure Design
4. 不安全设计
csharp
// :x: VULNERABLE - No rate limiting
[HttpPost("login")]
public async Task<IActionResult> Login(LoginRequest request)
=> await authService.Login(request);
// :white_check_mark: SECURE - Rate limiting applied
[HttpPost("login")]
[RateLimit(MaxRequests = 5, WindowSeconds = 60)]
public async Task<IActionResult> Login(LoginRequest request)
=> await authService.Login(request);csharp
// :x: 存在漏洞 - 未做速率限制
[HttpPost("login")]
public async Task<IActionResult> Login(LoginRequest request)
=> await authService.Login(request);
// :white_check_mark: 安全合规 - 已应用速率限制
[HttpPost("login")]
[RateLimit(MaxRequests = 5, WindowSeconds = 60)]
public async Task<IActionResult> Login(LoginRequest request)
=> await authService.Login(request);5. Security Misconfiguration
5. 安全配置错误
csharp
// :x: VULNERABLE - Detailed errors in production
app.UseDeveloperExceptionPage(); // Exposes stack traces
// :white_check_mark: SECURE - Generic errors in production
if (env.IsDevelopment())
app.UseDeveloperExceptionPage();
else
app.UseExceptionHandler("/Error");csharp
// :x: 存在漏洞 - 生产环境暴露详细错误
app.UseDeveloperExceptionPage(); // 暴露堆栈跟踪信息
// :white_check_mark: 安全合规 - 生产环境返回通用错误
if (env.IsDevelopment())
app.UseDeveloperExceptionPage();
else
app.UseExceptionHandler("/Error");6. Vulnerable Components
6. 易受攻击的组件
bash
undefinedbash
undefinedCheck for vulnerable packages
检查存在漏洞的包
dotnet list package --vulnerable
dotnet list package --vulnerable
Update vulnerable packages
更新存在漏洞的包
dotnet outdated
undefineddotnet outdated
undefined7. Authentication Failures
7. 身份验证失效
csharp
// :x: VULNERABLE - Weak password policy
if (password.Length >= 4) { }
// :white_check_mark: SECURE - Strong password policy
public class PasswordPolicy
{
public bool Validate(string password)
{
return password.Length >= 12
&& password.Any(char.IsUpper)
&& password.Any(char.IsLower)
&& password.Any(char.IsDigit)
&& password.Any(c => !char.IsLetterOrDigit(c));
}
}csharp
// :x: 存在漏洞 - 密码策略过弱
if (password.Length >= 4) { }
// :white_check_mark: 安全合规 - 强密码策略
public class PasswordPolicy
{
public bool Validate(string password)
{
return password.Length >= 12
&& password.Any(char.IsUpper)
&& password.Any(char.IsLower)
&& password.Any(char.IsDigit)
&& password.Any(c => !char.IsLetterOrDigit(c));
}
}8. Data Integrity Failures
8. 数据完整性失效
csharp
// :x: VULNERABLE - No validation of external data
var userData = await externalApi.GetUserAsync(id);
await SaveToDatabase(userData);
// :white_check_mark: SECURE - Validate external data
var userData = await externalApi.GetUserAsync(id);
var validation = userData.Validate();
if (!validation.IsValid)
throw new ValidationException(validation.Errors);
await SaveToDatabase(userData);csharp
// :x: 存在漏洞 - 未校验外部数据
var userData = await externalApi.GetUserAsync(id);
await SaveToDatabase(userData);
// :white_check_mark: 安全合规 - 校验外部数据
var userData = await externalApi.GetUserAsync(id);
var validation = userData.Validate();
if (!validation.IsValid)
throw new ValidationException(validation.Errors);
await SaveToDatabase(userData);9. Logging Failures
9. 日志记录失效
csharp
// :x: VULNERABLE - Logging sensitive data
Logger.LogInformation("User login: {Email} {Password}", email, password);
// :white_check_mark: SECURE - Redact sensitive data
Logger.LogInformation("User login: {Email}", email);
// Never log passwords, tokens, or PIIcsharp
// :x: 存在漏洞 - 记录敏感数据
Logger.LogInformation("User login: {Email} {Password}", email, password);
// :white_check_mark: 安全合规 - 脱敏敏感数据
Logger.LogInformation("User login: {Email}", email);
// 绝不能记录密码、令牌或个人可识别信息(PII)10. SSRF (Server-Side Request Forgery)
10. SSRF(服务器端请求伪造)
csharp
// :x: VULNERABLE - User-controlled URL
var url = request.WebhookUrl;
await httpClient.GetAsync(url); // Could access internal services
// :white_check_mark: SECURE - Validate and restrict URLs
if (!IsAllowedUrl(request.WebhookUrl))
throw new SecurityException("Invalid webhook URL");
private bool IsAllowedUrl(string url)
{
var uri = new Uri(url);
return AllowedDomains.Contains(uri.Host)
&& uri.Scheme == "https";
}csharp
// :x: 存在漏洞 - 用户可控URL
var url = request.WebhookUrl;
await httpClient.GetAsync(url); // 可能访问内部服务
// :white_check_mark: 安全合规 - 校验并限制URL
if (!IsAllowedUrl(request.WebhookUrl))
throw new SecurityException("Invalid webhook URL");
private bool IsAllowedUrl(string url)
{
var uri = new Uri(url);
return AllowedDomains.Contains(uri.Host)
&& uri.Scheme == "https";
}Authorization Patterns
权限控制规范
⚠️ MUST READ: CLAUDE.md for controller/handler patterns, usage, and entity-level access filters.
PlatformAuthorizeRequestContext⚠️ 必读: 请查看CLAUDE.md了解控制器/处理器规范、用法及实体级访问过滤器。
PlatformAuthorizeRequestContextData Protection
数据保护
Sensitive Data Handling
敏感数据处理
csharp
public class SensitiveDataHandler
{
// Encrypt at rest
public string EncryptForStorage(string plainText)
=> encryptionService.Encrypt(plainText);
// Mask for display
public string MaskEmail(string email)
{
var parts = email.Split('@');
return $"{parts[0][0]}***@{parts[1]}";
}
// Never log sensitive data
public void LogUserAction(User user)
{
Logger.LogInformation("User action: {UserId}", user.Id);
// NOT: Logger.Log("User: {Email} {Phone}", user.Email, user.Phone);
}
}csharp
public class SensitiveDataHandler
{
// 静态数据加密
public string EncryptForStorage(string plainText)
=> encryptionService.Encrypt(plainText);
// 显示时脱敏
public string MaskEmail(string email)
{
var parts = email.Split('@');
return $"{parts[0][0]}***@{parts[1]}";
}
// 绝不能记录敏感数据
public void LogUserAction(User user)
{
Logger.LogInformation("User action: {UserId}", user.Id);
// 错误示例:Logger.Log("User: {Email} {Phone}", user.Email, user.Phone);
}
}File Upload Security
文件上传安全
csharp
public async Task<IActionResult> Upload(IFormFile file)
{
// Validate file type
var allowedTypes = new[] { ".pdf", ".docx", ".xlsx" };
var extension = Path.GetExtension(file.FileName).ToLowerInvariant();
if (!allowedTypes.Contains(extension))
return BadRequest("Invalid file type");
// Validate file size
if (file.Length > 10 * 1024 * 1024) // 10MB
return BadRequest("File too large");
// Scan for malware (if available)
if (!await antivirusService.ScanAsync(file))
return BadRequest("File rejected by security scan");
// Generate safe filename
var safeFileName = $"{Guid.NewGuid()}{extension}";
// Save to isolated storage
await fileService.SaveAsync(file, safeFileName);
return Ok();
}csharp
public async Task<IActionResult> Upload(IFormFile file)
{
// 校验文件类型
var allowedTypes = new[] { ".pdf", ".docx", ".xlsx" };
var extension = Path.GetExtension(file.FileName).ToLowerInvariant();
if (!allowedTypes.Contains(extension))
return BadRequest("无效文件类型");
// 校验文件大小
if (file.Length > 10 * 1024 * 1024) // 10MB
return BadRequest("文件过大");
// 扫描恶意软件(若有相关工具)
if (!await antivirusService.ScanAsync(file))
return BadRequest("文件未通过安全扫描");
// 生成安全文件名
var safeFileName = $"{Guid.NewGuid()}{extension}";
// 保存至隔离存储
await fileService.SaveAsync(file, safeFileName);
return Ok();
}Security Scanning Commands
安全扫描命令
bash
undefinedbash
undefined.NET vulnerability scan
.NET 漏洞扫描
dotnet list package --vulnerable
dotnet list package --vulnerable
Outdated packages
检查过时包
dotnet outdated
dotnet outdated
Secret scanning
敏感信息扫描
grep -r "password|secret|apikey" --include=".cs" --include=".json"
grep -r "password|secret|apikey" --include=".cs" --include=".json"
Hardcoded credentials
硬编码凭证检查
grep -r "Password="" --include="*.cs"
grep -r "connectionString.password" --include=".json"
undefinedgrep -r "Password="" --include="*.cs"
grep -r "connectionString.password" --include=".json"
undefinedSecurity Review Checklist
安全审查清单
Authentication
身份验证
- Strong password policy enforced
- Account lockout after failed attempts
- Secure session management
- JWT tokens properly validated
- Refresh token rotation
- 已落实强密码策略
- 多次失败尝试后锁定账户
- 会话管理安全
- JWT令牌校验正确
- 刷新令牌轮转机制
Authorization
权限控制
- All endpoints require authentication
- Role-based access control implemented
- Resource-level permissions checked
- No privilege escalation possible
- 所有端点均需身份验证
- 已实现基于角色的访问控制
- 已检查资源级权限
- 无权限提升风险
Input Validation
输入校验
- All inputs validated
- SQL injection prevented (parameterized queries)
- XSS prevented (output encoding)
- File uploads validated
- URL validation for redirects
- 所有输入均已校验
- 已防范SQL注入(使用参数化查询)
- 已防范XSS攻击(输出编码)
- 文件上传已校验
- 重定向URL已校验
Data Protection
数据保护
- Sensitive data encrypted at rest
- HTTPS enforced
- No sensitive data in logs
- Proper error handling (no stack traces)
- 敏感数据已静态加密
- 已强制使用HTTPS
- 日志中无敏感数据
- 错误处理得当(不暴露堆栈跟踪)
Dependencies
依赖项
- No known vulnerable packages
- Dependencies regularly updated
- Third-party code reviewed
- 无已知漏洞的包
- 依赖项定期更新
- 第三方代码已审查
Anti-Patterns to AVOID
需规避的反模式
:x: Trusting client input
csharp
var isAdmin = request.IsAdmin; // User-supplied!:x: Exposing internal errors
csharp
catch (Exception ex) { return BadRequest(ex.ToString()); }:x: Hardcoded secrets
csharp
var apiKey = "sk_live_xxxxx";:x: Insufficient logging
csharp
// No audit trail for sensitive operations
await DeleteAllUsers();:x: 信任客户端输入
csharp
var isAdmin = request.IsAdmin; // 由用户提供!:x: 暴露内部错误
csharp
catch (Exception ex) { return BadRequest(ex.ToString()); }:x: 硬编码敏感信息
csharp
var apiKey = "sk_live_xxxxx";:x: 日志记录不足
csharp
// 敏感操作无审计痕迹
await DeleteAllUsers();Verification Checklist
验证清单
- OWASP Top 10 reviewed
- Authentication/authorization verified
- Input validation complete
- Sensitive data protected
- No hardcoded secrets
- Logging appropriate (no PII)
- Dependencies scanned
- 已审查OWASP Top 10
- 已验证身份验证/权限控制
- 输入校验已完成
- 敏感数据已保护
- 无硬编码敏感信息
- 日志记录合规(无PII)
- 依赖项已扫描
Related
相关技能
arch-performance-optimizationarch-cross-service-integrationcode-review
IMPORTANT Task Planning Notes (MUST FOLLOW)
- Always plan and break work into many small todo tasks
- Always add a final review todo task to verify work quality and identify fixes/enhancements
arch-performance-optimizationarch-cross-service-integrationcode-review
重要任务规划须知(必须遵守)
- 务必将工作拆解为多个小型待办任务
- 务必添加最终审查待办任务,以验证工作质量并确定需要修复/优化的内容