Security Rules - Vibe-Guard

💉

SQL Injection

Detects SQL injection vulnerabilities where user input is directly concatenated into SQL queries.

Critical Database Web

🎯

XSS Detection

Identifies Cross-Site Scripting vulnerabilities where user input is rendered without proper sanitization.

High Web Client

🔑

Exposed Secrets

Finds exposed API keys, passwords, tokens, and other sensitive credentials in source code.

Critical Secrets Config

📁

Directory Traversal

Detects path traversal attacks where attackers can access files outside intended directories.

High File Web

🔄

CSRF Protection

Identifies missing CSRF protection in web applications that handle state-changing requests.

High Web Auth

📦

Insecure Dependencies

Checks for known vulnerable dependencies and outdated packages with security issues.

Medium Dependencies Packages

🔐

Missing Authentication

Identifies endpoints and resources that lack proper authentication mechanisms.

High Auth Access

🚫

Broken Access Control

Detects authorization bypasses and improper access control implementations.

High Auth Access

📝

Insecure Logging

Identifies logging of sensitive information like passwords, tokens, and personal data.

Medium Logging Privacy

📥

Unvalidated Input

Detects user input that lacks proper validation, sanitization, or type checking.

Medium Input Validation

🌐

Insecure HTTP

Identifies usage of HTTP instead of HTTPS for transmitting sensitive data.

Medium Transport Web

🛡️

Missing Security Headers

Checks for missing security headers like CSP, HSTS, X-Frame-Options, and others.

Medium Headers Web

🌍

Open CORS

Detects overly permissive CORS configurations that allow unauthorized cross-origin requests.

Medium CORS API

📤

Insecure File Upload

Identifies file upload vulnerabilities that could allow malicious file execution.

High File Upload

🔄

Insecure Deserialization

Detects unsafe deserialization of user-controlled data that could lead to code execution.

High Data Serialization

⚠️

Insecure Error Handling

Identifies error messages that leak sensitive information about the application.

Medium Errors Info

🎲

Insecure Random Generation

Detects usage of cryptographically weak random number generators for security purposes.

Medium Crypto Random

🎫

Insecure Session Management

Identifies weak session management practices like predictable session IDs.

High Session Auth

🔒

Hardcoded Sensitive Data

Finds hardcoded passwords, API keys, and other sensitive data in source code.

Critical Hardcoded Secrets

⚙️

Insecure Configuration

Identifies insecure configuration settings that could compromise application security.

Medium Config Settings

🤖

Prompt Injection Detection

Detects potential prompt injection vulnerabilities in AI-powered applications.

High AI Prompt

🧠

AI-Generated Code Validation

Identifies potential security issues in AI-generated code that may lack proper validation.

Medium AI Code

🤖

AI Agent Access Control

Detects missing access controls for AI agents that could lead to unauthorized actions.

High AI Agent

🔒

AI Data Leakage Prevention

Identifies potential data leakage vulnerabilities in AI systems and applications.

Critical AI Data

🔌

MCP Server Security

Detects security vulnerabilities in Model Context Protocol (MCP) server implementations.

High MCP Server

The 25 Security Rules