[{"data":1,"prerenderedAt":98},["ShallowReactive",2],{"header-counts":3,"footer-counts":6,"prompt-security-audit":9},{"tools":4,"reviews":5},65,7,{"tools":4,"reviews":5,"playbooks":7,"news":8},10,8,{"id":10,"title":11,"body":12,"description":81,"extension":82,"meta":83,"navigation":84,"path":85,"seo":86,"stem":87,"tags":88,"targetTools":92,"__hash__":97},"prompts\u002Fprompts\u002Fsecurity-audit.md","安全审计 Prompt：让 AI 找出代码里的安全漏洞",{"type":13,"value":14,"toc":74},"minimark",[15,19,23,27,38,41],[16,17,18],"h2",{"id":18},"用法",[20,21,22],"p",{},"把需要审计的代码粘进来。适合 review 一个文件或一个模块，不要一次粘整个项目。",[16,24,26],{"id":25},"prompt","Prompt",[28,29,35],"pre",{"className":30,"code":32,"language":33,"meta":34},[31],"language-text","你是一个应用安全专家。请对以下代码进行安全审计，按 OWASP Top 10 逐项检查。\n\n## 代码\n\n{{粘贴代码}}\n\n## 技术栈\n\n- 语言：{{Python \u002F JavaScript \u002F Go \u002F Java}}\n- 框架：{{Express \u002F FastAPI \u002F Django \u002F Spring}}\n- 数据库：{{PostgreSQL \u002F MySQL \u002F MongoDB}}\n\n## 检查清单\n\n### A01 — 访问控制失效\n- 未授权可访问的接口\n- 越权（水平\u002F垂直）风险\n- IDOR（不安全直接对象引用）\n\n### A02 — 加密失败\n- 明文传输敏感数据\n- 弱加密算法（MD5、DES）\n- 硬编码密钥\u002F密码\n\n### A03 — 注入\n- SQL 注入（拼接 SQL 语句）\n- 命令注入（拼接 shell 命令）\n- LDAP\u002FXPath 注入\n\n### A04 — 不安全设计\n- 敏感操作缺少速率限制\n- 缺少 CSRF 防护\n- 不安全的文件上传\n\n### A05 — 安全配置错误\n- 调试模式未关闭\n- 不安全的默认配置\n- 错误信息泄露堆栈\n\n### A06 — 易受攻击的组件\n- 已知漏洞的依赖版本\n\n### A07 — 认证失败\n- 弱密码策略\n- 会话管理缺陷\n- JWT 配置问题\n\n### A08 — 数据完整性失败\n- 反序列化漏洞\n- 不安全的 CI\u002FCD\n\n### A09 — 日志监控不足\n- 安全事件未记录\n- 日志包含敏感信息\n\n### A10 — SSRF\n- 服务端发起未验证的 HTTP 请求\n\n## 输出格式\n\n对每个发现：\n- **[严重度] 漏洞类型 — 文件:行号**\n- 问题描述：为什么这是漏洞\n- 攻击场景：怎么利用\n- 修复建议：给出修复后的代码\n\n如果没有发现问题，明确写「未发现 A0X 风险」。\n","text","",[36,37,32],"code",{"__ignoreMap":34},[16,39,40],{"id":40},"严重度定义",[42,43,44,53,60,67],"ul",{},[45,46,47,48,52],"li",{},"🔴 ",[49,50,51],"strong",{},"严重"," — 可直接被利用，导致数据泄露或 RCE",[45,54,55,56,59],{},"🟡 ",[49,57,58],{},"高危"," — 需要特定条件才能利用，但影响严重",[45,61,62,63,66],{},"🟢 ",[49,64,65],{},"中危"," — 增加攻击面，但单独无法直接利用",[45,68,69,70,73],{},"⚪ ",[49,71,72],{},"低危"," — 最佳实践问题，建议修复",{"title":34,"searchDepth":75,"depth":75,"links":76},3,[77,79,80],{"id":18,"depth":78,"text":18},2,{"id":25,"depth":78,"text":26},{"id":40,"depth":78,"text":40},"把代码粘进来，AI 按 OWASP Top 10 逐项检查：SQL 注入、XSS、CSRF、认证绕过、密钥泄露、路径穿越，输出带行号的修复建议。","md",{},true,"\u002Fprompts\u002Fsecurity-audit",{"title":11,"description":81},"prompts\u002Fsecurity-audit",[89,90,91],"安全","审计","OWASP",[93,94,95,96],"Claude","Cursor","ChatGPT","GLM","JZ1UkdpsqL6Ip5gpjxiR1kKvdRpXh9xvbr9kleVPjAc",1782316489340]