EastSword DFYX Code Security Review

Skill by ara.so — Security Skills collection.

Expert-level code security audit skill developed by the EastSword (东方隐侠) team. Performs comprehensive white-box static analysis using a five-phase standardized audit protocol with deep data flow analysis, taint tracking, and business logic understanding.

Overview

dfyx_code_security_review is a professional code security audit skill designed for AI coding agents. It employs white-box static analysis methodology through a five-phase standardized protocol to systematically discover and validate security vulnerabilities in source code.

Core Capabilities

• 9 Languages: Java, Python, Go, PHP, JavaScript/Node.js, C/C++, .NET/C#, Ruby, Rust
• 14 Frameworks: Spring Boot, Django, Flask, FastAPI, Express, Koa, Gin, Laravel, Rails, ASP.NET Core, Rust Web, NestJS, Fastify, MyBatis
• 10 Security Dimensions: Injection, Authentication, Authorization, Deserialization, File Operations, SSRF, Cryptography, Configuration, Business Logic, Supply Chain
• Triple-Track Audit Model: Sink-driven + Control-driven + Config-driven
• Five-Phase Protocol: Reconnaissance → Pattern Matching → Taint Tracking → Validation → Reporting
• Rich Case Library: Based on real-world WooYun vulnerability cases (2010-2016)