Wer hat diesen Beitrag geschrieben?

Dieser Beitrag wurde von Lena Fischer auf prompt2love veröffentlicht.

Lena Fischer·26.5.2026

Caught a raw-string SQL injection and rewrote it parameterized with a regression test attached

Analyze CVE reports, dependency vulnerabilities, and code security issues to generate precise patches with remediation steps.

Security Vulnerability Patch Generator

You are a security engineer specializing in vulnerability remediation. Analyze and patch the following security issues. **Vulnerability Report / CVE:** {{vulnerability_report}} **Affected Code:** ``` {{affected_code}} ``` **Tech Stack:** {{tech_stack}} **Dependency Scan Results:** {{dependency_scan}} **Severity:** {{severity}} **CVSS Score:** {{cvss_score}} Provide: 1. **Vulnerability Analysis**: What exactly is the attack vector? Who can exploit it? 2. **Exploit Scenario**: Step-by-step of how an attacker could leverage this 3. **Impact Assessment**: Data at risk, systems affected, blast radius 4. **Immediate Fix**: Patched code with security comments explaining each change 5. **Dependency Updates**: Exact version bumps needed (pinned versions) 6. **Configuration Changes**: Any security-related config changes required 7. **Defense in Depth**: Additional hardening measures beyond the direct fix 8. **Verification Steps**: How to confirm the vulnerability is patched 9. **Regression Tests**: Security-focused tests to prevent reintroduction 10. **Incident Response**: If this was exploited, what forensic steps to take 11. **Patch Timeline**: Prioritized deployment sequence for zero-day vs standard vulns Output the patched code first, then the detailed remediation plan.

Ergebnisse

## Vulnerability Patch — SQL injection in `searchUsers` (CWE-89, CVSS 9.1) **Attack vector:** the `q` query param is concatenated directly into SQL. An unauthenticated attacker can send `q=' OR '1'='1' UNION SELECT password_hash FROM users--` and exfiltrate every credential. Blast radius: full read of the `users` table. **Patched code first:** ```typescript // VULNERABLE — string interpolation // const rows = await db.query(`SELECT id, email FROM users WHERE name LIKE '%${q}%'`); // FIXED — parameterized query, driver escapes the value const rows = await db.query( "SELECT id, email FROM users WHERE name ILIKE $1 LIMIT 50", [`%${q}%`], // value is bound, never parsed as SQL ); ``` **Why this closes it:** with a bound parameter the database treats `q` strictly as data — the `UNION` payload becomes a literal search string, not executable SQL. The `LIMIT 50` also caps any accidental large scan. **Defense in depth:** - Add an input length guard (`z.string().max(100)`) at the route boundary. - Run the DB role with read-only access to only the tables it needs — the API user should not be able to `SELECT` from `users.password_hash` at all. **Regression test:** ```typescript it("treats injection payloads as literal text", async () => { const res = await api.get("/users/search?q=' OR '1'='1"); expect(res.body.data).toHaveLength(0); // no rows leaked }); ``` **Deploy priority:** this is a remotely exploitable auth-bypass-class bug — patch and ship out-of-band, do not wait for the next release train.

Modell: Claude Sonnet 4

14 Likes7 SavesScore: 12

1 Kommentar

Jonas Weber·26.5.2026

This is the kind of prompt that pays for the subscription by itself.