Tag: security

Categoria: Security & AppSec

These rules apply to all code that parses or processes XML, regardless of language or framework, including AI-generated code.

Categoria: Security & AppSec

These rules apply to all code that performs outbound network requests, regardless of language or framework, including generated code.

Categoria: Security & AppSec

These rules apply to all code that interacts with SQL databases, regardless of language or framework, including generated code.

Categoria: Security & AppSec

These rules apply to all code and systems integrating with MCP (Model Context Protocol), including generated actions, scripts, and agentic behavior.

Categoria: Security & AppSec

These rules define essential practices for writing and generating secure code. They apply universally — to manual development, automated tooling, and AI-generated code.

Categoria: Security & AppSec

These rules apply to all Rust code in the repository and aim to prevent common security risks through disciplined use of memory safety, input validation, error handling, and safe APIs.

Categoria: Security & AppSec

These rules apply to all Ruby code in the repository (including Rails apps, scripts, and gems) and aim to prevent common security vulnerabilities through safe coding patterns, input validation, and proper use of the Ruby standard library.

Categoria: Security & AppSec

These rules apply to all Python code in the repository and aim to prevent common security risks through disciplined use of input validation, output encoding, and safe APIs.

Categoria: Security & AppSec

These rules apply to all PHP code in the repository and aim to prevent common security vulnerabilities through strict handling of input, output, and execution.

Categoria: Security & AppSec

These rules apply to all Node.js code in the repository and aim to prevent common security risks through disciplined use of input validation, output encoding, and safe APIs.

Categoria: Security & AppSec

These rules apply to all Java code in the repository (including Spring, Jakarta EE, and standalone apps) and aim to prevent common security risks through disciplined use of input validation, safe APIs, and secure coding patterns.

Categoria: Security & AppSec

--- description: This rule contains important information about secure coding globs: /.go alwaysApply: false --- These rules apply to all Go code in the repository (CLI tools, services, handlers, back

Categoria: Security & AppSec

These rules apply to all C source and header files in the repository and aim to prevent memory corruption, code injection, and unsafe system behavior.

Categoria: Security & AppSec

These rules apply to all C#/.NET code in the repository and aim to prevent common security risks through disciplined use of input validation and deserialization, output encoding, and safe APIs.

Categoria: Security & AppSec

Path traversal attacks occur when user-controlled input is used to construct file paths, allowing attackers to access files outside the intended directory. This can lead to unauthorized file access, data leakage, or system compromise.

Categoria: Security & AppSec

A Dangerous Flow occurs when user input—or data derived from it—is used in a way that introduces vulnerabilities, undefined behavior, or unwanted system interactions. This can range from command injection, SSRF, and path traversal to logic bugs and broken access controls. The goal is to trace the lifecycle of untrusted inputs and assess whether their use is safe.