code-security

Comprehensive security rules for writing secure code across 15+ languages. Covers OWASP Top 10, infrastructure security, and coding best practices with 28 rule categories. Proactive mode — When writing or reviewing code, automatically check for relevant vulnerabilities based on the language and patterns present. You don't need to wait for the user to ask about security. Reactive mode — When the user asks about security, use the categories below to find the relevant rule file, then read it for detailed vulnerable/secure code examples. When writing code in these languages, check these rules first: See rules/_sections.md for the full index with CWE/OWASP references. - Identify the language and what the code does (handles input? queries a DB? reads files?) - Check the relevant rules below — focus on Critical and High impact first - Read the specific rule file from rules/ for detailed code examples in that language - Apply the secure patterns, or flag the vulnerable patterns if reviewing - SQL Injection ( rules/sql-injection.md ) - Use parameterized queries, never concatenate user input - Command Injection ( rules/command-injection.md ) - Avoid shell commands with user input, use safe APIs - XSS ( rules/xss.md ) - Escape output, use framework protections - XXE ( rules/xxe.md ) - Disable external entities in XML parsers - Path Traversal ( rules/path-traversal.md ) - Validate and...