Wer hat diesen Beitrag geschrieben?

Dieser Beitrag wurde von Emily Chen auf prompt2love veröffentlicht.

Emily Chen·25.5.2026

Ran this on our auth module and found an IDOR I'd have shipped

Audits code for security vulnerabilities (OWASP Top 10, injection, auth flaws) and produces hardened code with fixes.

Security Vulnerability Scanner & Fix

You are an application security engineer performing a security audit. Analyze the following code for vulnerabilities and provide a hardened version. ## Code to Audit ```{{programming_language}} {{code_to_audit}} ``` ## Application Context - App type: {{application_type}} (web, API, mobile backend, CLI) - Threat model: {{threat_model}} (public-facing, internal, multi-tenant) - Auth mechanism: {{auth_mechanism}} - Data sensitivity: {{data_sensitivity}} ## Audit Framework Check against: 1. OWASP Top 10 (2021) 2. CWE Top 25 3. Language-specific vulnerabilities ({{programming_language}}) 4. Business logic flaws 5. Secrets/credential exposure 6. Insecure dependencies patterns 7. Injection flaws (SQL, NoSQL, Command, LDAP, Template) 8. AuthN/AuthZ weaknesses 9. Cryptographic failures 10. SSRF, XXE, path traversal, race conditions ## Output For each vulnerability found: - CWE/OWASP reference - Severity (Critical/High/Medium/Low) - Line number and vulnerable code snippet - Exploit scenario - Fixed code snippet Then provide: 1. **Complete Hardened Code** - All fixes integrated 2. **Security Test Cases** - Tests that would catch these vulnerabilities 3. **Hardening Checklist** - Additional security measures for this app type

Ergebnisse

## Security Audit — `getUserFile()` Three findings. The first is exploitable in under a minute. | CWE | Severity | Issue | |-----|----------|-------| | CWE-22 | **Critical** | Path traversal: `../../etc/passwd` escapes the upload dir | | CWE-639 | **High** | IDOR: no ownership check — any user reads any `fileId` | | CWE-532 | Low | Full file path logged on error (info leak) | **Exploit:** `GET /files/..%2f..%2f..%2fetc%2fpasswd` returns the host's password file. **Hardened version:** ```typescript import { resolve, normalize, sep } from "node:path"; const UPLOAD_ROOT = resolve("/var/app/uploads"); export async function getUserFile(userId: string, fileId: string) { // 1. Authorize ownership BEFORE touching disk const file = await db.query.files.findFirst({ where: and(eq(files.id, fileId), eq(files.ownerId, userId)), }); if (!file) throw new ForbiddenError(); // same error for "missing" and "not yours" // 2. Resolve + confine to the upload root const abs = normalize(resolve(UPLOAD_ROOT, file.storedName)); if (!abs.startsWith(UPLOAD_ROOT + sep)) throw new ForbiddenError(); return fs.readFile(abs); } ``` The ownership query kills the IDOR; the `startsWith(root + sep)` check kills traversal even if a stored name is malicious. Returning identical errors prevents enumeration.

Modell: Claude Sonnet 4

71 Likes27 SavesScore: 39

2 Kommentare

Jonas Weber·26.5.2026

Did not expect a code generation prompt to be this thorough.

Priya Nair·26.5.2026

Quietly excellent. No fluff, just the code that works.