一键导入
security-owasp
OWASP Top 10:2025 kodenivå-mønstre for Kotlin, Go, Java og Node.js — tilgangskontroll, forsyningskjede, injeksjon og feilhåndtering
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
OWASP Top 10:2025 kodenivå-mønstre for Kotlin, Go, Java og Node.js — tilgangskontroll, forsyningskjede, injeksjon og feilhåndtering
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
| name | security-owasp |
| description | OWASP Top 10:2025 kodenivå-mønstre for Kotlin, Go, Java og Node.js — tilgangskontroll, forsyningskjede, injeksjon og feilhåndtering |
| license | MIT |
| metadata | {"domain":"auth","tags":"security owasp kotlin go java nodejs nais supply-chain"} |
Tactical security patterns for Kotlin, Go, Java, and Node.js on NAIS, aligned with the 2025 OWASP Top 10.
Complements @security-champion-agent (architecture-level threat modeling) and the security-review skill (scanning tools).
Full code examples for each category: see
examples.mdin this skill directory.
// ❌ IDOR — trusts user-supplied ID without ownership check
get("/api/vedtak/{id}") {
val vedtak = vedtakRepository.findById(call.parameters["id"]!!.toLong())
call.respond(vedtak)
}
// ✅ Verify ownership before returning resource
get("/api/vedtak/{id}") {
val bruker = call.hentBruker()
val vedtak = vedtakRepository.findById(call.parameters["id"]!!.toLong())
?: return@get call.respond(HttpStatusCode.NotFound)
if (vedtak.brukerId != bruker.id) return@get call.respond(HttpStatusCode.Forbidden)
call.respond(vedtak.toDTO())
}
// ✅ SSRF prevention — validate outbound URL against allowlist
func fetchExternal(targetURL string) error {
parsed, err := url.Parse(targetURL)
if err != nil { return err }
if !isAllowedHost(parsed.Host) { return fmt.Errorf("host not allowed: %s", parsed.Host) }
// proceed with request
}
azp claim against AZURE_APP_PRE_AUTHORIZED_APPSaccessPolicy.outbound as defense-in-depth// ❌ Open CORS
install(CORS) { anyHost() }
// ✅ Restrict to known origins
install(CORS) { allowHost("my-app.intern.nav.no", schemes = listOf("https")) }
// ❌ Debug endpoint exposed on public ingress
mux.HandleFunc("/debug/pprof/", pprof.Index)
// ✅ Debug endpoints on separate internal-only port (Nais handles this)
internalMux := http.NewServeMux()
internalMux.HandleFunc("/debug/pprof/", pprof.Index)
go http.ListenAndServe(":9090", internalMux) // not exposed via ingress
* or anyHost()accessPolicy — explicit inbound/outbound only// go.sum provides integrity verification — always commit it
// Use govulncheck for known vulnerabilities
// $ govulncheck ./...
// ✅ Pin dependencies to exact versions in go.mod
require (
golang.org/x/crypto v0.31.0
github.com/jackc/pgx/v5 v5.7.2
)
// build.gradle.kts — use dependency locking and BOM
dependencyLocking { lockAllConfigurations() }
dependencyManagement {
imports { mavenBom("org.springframework.boot:spring-boot-dependencies:3.4.1") }
}
// Run: ./gradlew dependencies --write-locks
# ✅ GitHub Actions — pin to full SHA, never @main or floating tags
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
# ❌ Vulnerable to supply chain attack
- uses: actions/checkout@main
govulncheck ./..., trivy repo ., ./gradlew dependencyCheckAnalyze// ❌ Disabling TLS verification
client := &http.Client{
Transport: &http.Transport{
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
},
}
// ✅ Default TLS config (Go enforces TLS 1.2+ by default)
client := &http.Client{}
// ❌ Weak hashing for passwords
val hash = MessageDigest.getInstance("MD5").digest(password.toByteArray())
// ✅ bcrypt for password hashing
val hashed = BCrypt.hashpw(password, BCrypt.gensalt(12))
InsecureSkipVerify: true// ❌ SQL injection via string template
session.run(queryOf("SELECT * FROM vedtak WHERE status = '$status'").map { ... }.asList)
// ✅ Parameterized query (Kotliquery)
session.run(queryOf("SELECT * FROM vedtak WHERE status = ?", status).map { ... }.asList)
// ❌ Command injection via shell
exec.Command("sh", "-c", fmt.Sprintf("process %s", userInput)).Run()
// ✅ Pass arguments directly (no shell interpretation)
exec.Command("process", userInput).Run()
? / $1) — never string concatenation// ✅ Structured logging with correlation ID, no PII
log.info("Vedtak opprettet", kv("vedtakId", vedtak.id), kv("sakId", sak.id))
// ❌ PII in logs — GDPR violation
log.info("Vedtak for bruker ${bruker.fnr}")
// ❌ Panic leaks to caller, crashes service
func processRequest(data []byte) Result {
var req Request
json.Unmarshal(data, &req) // ignores error, req may be zero-value
return handle(req)
}
// ✅ Handle errors explicitly, fail safely
func processRequest(data []byte) (Result, error) {
var req Request
if err := json.Unmarshal(data, &req); err != nil {
return Result{}, fmt.Errorf("invalid request payload: %w", err)
}
return handle(req)
}
// ❌ Swallowing exceptions silently
fun process(data: String): Result {
try { return parse(data) }
catch (e: Exception) { return Result.empty() } // silent failure, no logging
}
// ✅ Log, wrap, and surface errors appropriately
fun process(data: String): Result {
return try { parse(data) }
catch (e: Exception) {
log.error("Parsing failed", kv("error", e.message))
throw ServiceException("Could not process input", e)
}
}
azp against pre-authorized appsgovulncheck / trivy repo . pass without HIGH/CRITICALInsecureSkipVerify? / $1)exp, iss, aud, and algorithm| Resource | Use For |
|---|---|
security-review skill | Pre-commit scanning (trivy, zizmor, govulncheck) |
@security-champion-agent | Threat modeling, compliance, Nav security architecture |
@auth-agent | JWT validation, TokenX, ID-porten implementation |
threat-model skill | STRIDE-A analysis for new services |
| OWASP Top 10:2025 | Official category descriptions |
| OWASP Go SCP | Go-specific secure coding guide |
| OWASP CI/CD Top 10 | Pipeline security risks |
| sikkerhet.nav.no | Nav Golden Path |
InsecureSkipVerify: true in production* / anyHost())@main, @v3) for GitHub ActionsLag responsive layouts med Aksel Design System (v8+) - spacing tokens, layout primitives (Box, HStack, VStack, HGrid, Page, Bleed) og ResponsiveProp
Generer conventional commit-meldinger med Nav-relevante scopes og breaking change-format
Arkitekturplanlegging med beslutningstrær for auth, kommunikasjon, database og Nais-konfigurasjon
Generer og kjør Playwright E2E-tester for webapplikasjoner med page objects, auth fixtures og tilgjengelighetstester
Strukturell gjennomgang og generering av README-er tilpasset prosjekttype — tjeneste, bibliotek, monorepo eller naisjob
Kompakt output-stil som kutter fyllord og beholder teknisk substans — spar output-tokens uten å miste nøyaktighet.