Tampering with Data Analysis

Analyze source code for tampering threats where attackers can modify data, code, or configuration without detection. Maps to STRIDE T -- violations of the Integrity security property.

Supported Flags

Read ../../shared/schemas/flags.md for the full flag specification. This skill supports all cross-cutting flags including --scope, --depth, --severity, --format, --fix, --quiet, and --explain.

Framework Context

Read ../../shared/frameworks/stride.md, specifically the T - Tampering with Data section, for the threat model backing this analysis. Key concerns: SQL injection, parameter tampering, man-in-the-middle, file modification, configuration tampering, code injection.

Workflow

1. Determine Scope

Parse flags and resolve the target file list per the flags spec. Filter to files likely relevant to data handling:

• Database query builders and ORM usage