Strict static code analysis methodology, AST review constraints, taint analysis flow, and definitive checks for injection, authentication, and cryptographic flaws. Use for authoritative SAST testing and secure code review.
This skill enforces a strict, multi-step methodology for Static Application Security Testing (SAST). It ensures that all testing covers required security boundaries natively in source code without skipping critical details.
• Running Static Application Security Testing against source code • Parsing and analyzing AST (Abstract Syntax Tree) patterns for logic flaws • Identifying Injection, Authentication, or Cryptographic vulnerabilities directly in local files • Running pre-commit hooks or CI/CD source branch validations
Evaluate how untrusted data propagates from sources to sinks.
$_GET, req.query, , environment variables) through the code syntax tree.sys.argvint()) is enforced on expected primitive types early in the execution chain.dangerouslySetInnerHTML, |safe).Do not assume parameterized statements are safe without inspecting their input binding.
f"{var}", .format(var), or %s) actively used inside database query execution strings.subprocess.run(shell=True, ...).? or $1 parameter bindings in SQL statements.pickle.loads, yaml.unsafe_load, eval()) are immediately flagged and barred.Hardcoded values and legacy hashes are universally non-compliant.
Math.random(), random.randint()) for security tokens or session establishment.secrets module in Python, crypto.randomBytes in Node.js).Business logic mapped natively in the backend logic limits horizontal/vertical escalation.
if/else routes.@login_required decorators).verify=False parameters are flagged as Critical.Provide verbatim AST/Source snippets:
os.system(user_input)) and Indirect Vulnerability (os.system("ls " + stored_db_value)).random() if it is strictly used for non-security mechanics (e.g., pseudo-randomly assigning UI states, selecting test cases).