Skills
skills/arabelatso/skills-4-se/static-vulnerability-detector

static-vulnerability-detector

SKILL.md

Static Vulnerability Detector

Analyze code for security vulnerabilities with CWE classification and severity assessment.

Analysis Workflow

1. Code Scanning

Systematically examine code for vulnerability patterns:

Memory Safety (C/C++):

  • Buffer overflows (CWE-119)
  • Out-of-bounds access (CWE-125)
  • Use-after-free (CWE-416)
  • Double free (CWE-415)
  • Null pointer dereference (CWE-476)

Injection Vulnerabilities:

  • SQL injection (CWE-89)
  • Command injection (CWE-78)
  • Cross-site scripting (CWE-79)
  • XML injection (CWE-91)
  • LDAP injection (CWE-90)

Authentication & Authorization:

  • Missing authentication (CWE-306)
  • Improper authentication (CWE-287)
  • Missing authorization (CWE-862)
  • Hard-coded credentials (CWE-798)

Cryptographic Issues:

  • Weak algorithms (CWE-327)
  • Inadequate encryption (CWE-326)
  • Weak random values (CWE-330)
  • Missing encryption (CWE-311)

Deserialization:

  • Untrusted deserialization (CWE-502)
  • Mass assignment (CWE-915)

Input Validation:

  • Improper validation (CWE-20)
  • Path traversal (CWE-22)
  • SSRF (CWE-918)

2. Pattern Matching

For each vulnerability category, identify:

Dangerous Functions:

  • C/C++: strcpy, sprintf, gets, scanf
  • Python: pickle.loads, eval, exec
  • SQL: String concatenation in queries
  • Shell: os.system, subprocess with shell=True

Unsafe Patterns:

  • Unvalidated user input
  • Missing bounds checking
  • Weak cryptographic algorithms
  • Hard-coded secrets
  • Missing authentication decorators

Context Analysis:

  • Data flow from user input to sink
  • Sanitization and validation presence
  • Authentication/authorization checks
  • Error handling adequacy

3. Severity Assessment

Assign severity based on:

CRITICAL:

  • Remote code execution possible
  • Authentication bypass
  • SQL injection with admin access
  • Arbitrary file read/write

HIGH:

  • Privilege escalation
  • Sensitive data exposure
  • Hard-coded credentials
  • Weak cryptography for sensitive data

MEDIUM:

  • Information disclosure
  • Denial of service
  • Missing input validation
  • Insecure configuration

LOW:

  • Minor information leaks
  • Verbose error messages
  • Missing security headers

4. Confidence Level

Assess confidence in finding:

HIGH: Clear vulnerability pattern, no mitigating factors MEDIUM: Vulnerability likely but context unclear LOW: Potential issue requiring manual verification

5. Generate Report

Structure findings as:

## Vulnerability: [Title]

**ID**: VULN-[number]
**CWE**: CWE-[ID]
**Severity**: [CRITICAL/HIGH/MEDIUM/LOW]
**Confidence**: [HIGH/MEDIUM/LOW]
**Location**: [File:Line]

### Description
[What the vulnerability is]

### Code Snippet
```[language]
[vulnerable code]

Impact

  • [Potential consequences]

Remediation

[fixed code]

References

  • [CWE link]
  • [OWASP reference]

## Vulnerability Categories

### Memory Safety (C/C++)

**Buffer Overflow (CWE-119)**:
```c
// VULNERABLE
char buf[10];
strcpy(buf, user_input);  // No bounds check

Use-After-Free (CWE-416):

// VULNERABLE
free(ptr);
ptr->field = value;  // Use after free

Injection Attacks

SQL Injection (CWE-89):

# VULNERABLE
query = f"SELECT * FROM users WHERE id = {user_id}"
cursor.execute(query)

Command Injection (CWE-78):

# VULNERABLE
os.system("ping " + user_host)

XSS (CWE-79):

// VULNERABLE
element.innerHTML = user_input;

Authentication Issues

Missing Authentication (CWE-306):

# VULNERABLE
@app.route('/admin')
def admin_panel():
    return render_template('admin.html')  # No auth check

Hard-coded Credentials (CWE-798):

# VULNERABLE
PASSWORD = "admin123"
API_KEY = "sk-1234567890"

Cryptographic Weaknesses

Weak Algorithm (CWE-327):

# VULNERABLE
hash = hashlib.md5(password.encode()).hexdigest()

Weak Random (CWE-330):

# VULNERABLE
token = random.randint(1000, 9999)  # For security token

Deserialization

Untrusted Data (CWE-502):

# VULNERABLE
obj = pickle.loads(user_data)  # RCE possible

Input Validation

Path Traversal (CWE-22):

# VULNERABLE
with open(f'/uploads/{filename}', 'r') as f:  # ../../../etc/passwd
    content = f.read()

SSRF (CWE-918):

# VULNERABLE
response = requests.get(user_url)  # Can access internal services

Detection Heuristics

Data Flow Analysis

Track tainted data from source to sink:

Sources (user input):

  • HTTP parameters, headers, body
  • Command-line arguments
  • File contents
  • Environment variables
  • Database queries

Sinks (dangerous operations):

  • SQL query execution
  • System command execution
  • File operations
  • HTML output
  • Deserialization

Sanitization (check for):

  • Input validation
  • Escaping/encoding
  • Parameterized queries
  • Whitelist filtering

Pattern Recognition

Dangerous function calls:

  • Without input validation
  • With user-controlled arguments
  • In security-sensitive contexts

Missing security controls:

  • No authentication decorator
  • No authorization check
  • No CSRF protection
  • No rate limiting

Weak configurations:

  • Debug mode enabled
  • Verbose errors
  • Insecure defaults

CWE Reference

For detailed vulnerability patterns and remediation, see cwe_patterns.md.

Key CWE categories:

  • Memory safety (CWE-119, 125, 416, 415)
  • Injection (CWE-89, 78, 79, 91)
  • Authentication (CWE-287, 306, 798, 862)
  • Cryptography (CWE-327, 326, 330, 311)
  • Deserialization (CWE-502, 915)
  • Input validation (CWE-20, 22, 918)

Report Format

Summary Section

# Security Vulnerability Report

**Scan Date**: [Date]
**Code Base**: [Project]
**Total Findings**: [Count]

## Severity Breakdown
- Critical: [Count]
- High: [Count]
- Medium: [Count]
- Low: [Count]

Detailed Findings

For each vulnerability:

  • Unique ID
  • CWE classification
  • Severity and confidence
  • Location (file, line, function)
  • Description
  • Code snippet
  • Impact assessment
  • Remediation guidance
  • References

Recommendations

Prioritized action items:

  1. Fix critical vulnerabilities immediately
  2. Address high-severity issues
  3. Plan remediation for medium/low issues
  4. Implement security best practices

Examples

For complete vulnerability detection examples including:

  • SQL injection analysis
  • Buffer overflow detection
  • Hard-coded credentials
  • Insecure deserialization
  • Missing authentication
  • Weak cryptography

See examples.md.

Analysis Tips

  • Context matters: Consider surrounding code and mitigations
  • False positives: Mark uncertain findings as low confidence
  • Data flow: Trace user input to dangerous sinks
  • Defense in depth: Note multiple security layers
  • Language-specific: Apply appropriate patterns per language
  • Framework awareness: Consider framework protections
  • Configuration: Check for insecure settings
  • Dependencies: Note vulnerable library versions
  • Completeness: Scan all code paths
  • Prioritize: Focus on critical and high severity first
Weekly Installs
1
Repository
arabelatso/skills-4-se
GitHub Stars
47
First Seen
11 days ago
Security Audits
Gen Agent Trust HubPass
SocketFail
SnykFail
Installed on
amp1
cline1
opencode1
cursor1
kimi-cli1
codex1