Add documentation for Laravel-specific security detection
- Add section 8 to DETECTION_RULES.md covering: - Mass Assignment detection patterns - Raw SQL injection detection - CSRF protection checks - File upload validation rules - Route authentication middleware - Rate limiting detection - Update README.md with Laravel-specific security in detectable vulnerabilities section (ja/en) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
18
README.md
18
README.md
@@ -194,6 +194,15 @@ Place `.security-lint.json` in your project root to persist settings:
|
||||
- Insecure unserialize
|
||||
- Sensitive information logging
|
||||
|
||||
#### Laravel-Specific Security
|
||||
|
||||
- Mass Assignment (missing $fillable/$guarded, using $request->all())
|
||||
- Raw SQL injection (DB::raw, whereRaw without bindings)
|
||||
- CSRF protection (forms without @csrf)
|
||||
- File upload validation (extensions-only without mimes)
|
||||
- Route authentication (sensitive routes without auth middleware)
|
||||
- Rate limiting (auth routes without throttle middleware)
|
||||
|
||||
### Output Example
|
||||
|
||||
```
|
||||
@@ -493,6 +502,15 @@ php bin/security-lint app/ -l en
|
||||
- 安全でない unserialize
|
||||
- 機密情報のログ出力
|
||||
|
||||
#### Laravel特有のセキュリティ
|
||||
|
||||
- Mass Assignment ($fillable/$guarded の欠落、$request->all() の使用)
|
||||
- Raw SQL インジェクション (DB::raw、バインディングなしの whereRaw)
|
||||
- CSRF 保護 (@csrf のないフォーム)
|
||||
- ファイルアップロード検証 (mimes なしの extensions のみ)
|
||||
- ルート認証 (auth ミドルウェアのないセンシティブなルート)
|
||||
- レート制限 (throttle ミドルウェアのない認証ルート)
|
||||
|
||||
### 出力例
|
||||
|
||||
```
|
||||
|
||||
Reference in New Issue
Block a user