New LaravelSecurityRule detects:
- Mass Assignment: Models without $fillable/$guarded
- Mass Assignment: Model::create($request->all())
- SQL Injection: DB::raw() with variables
- SQL Injection: whereRaw/selectRaw without bindings
- CSRF: Forms without @csrf directive
- File Upload: Validation with extensions only (no mimes)
- Auth Middleware: Sensitive routes without auth
- Rate Limiting: Auth routes without throttle
All detections include Japanese and English messages with
specific remediation recommendations.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
