zsp/everything-claude-code
1
0
Fork 0
mirror of https://github.com/affaan-m/everything-claude-code.git synced 2026-03-30 13:43:26 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
everything-claude-code/rules/csharp/security.md
Affaan Mustafa 40f18885b1 feat(rules): add C# language support (#704) 
* feat(rules): add C# language support

* feat: add everything-claude-code ECC bundle (#705)

* feat: add everything-claude-code ECC bundle (.claude/ecc-tools.json)

* feat: add everything-claude-code ECC bundle (.claude/skills/everything-claude-code/SKILL.md)

* feat: add everything-claude-code ECC bundle (.agents/skills/everything-claude-code/SKILL.md)

* feat: add everything-claude-code ECC bundle (.agents/skills/everything-claude-code/agents/openai.yaml)

* feat: add everything-claude-code ECC bundle (.claude/identity.json)

* feat: add everything-claude-code ECC bundle (.codex/agents/explorer.toml)

* feat: add everything-claude-code ECC bundle (.codex/agents/reviewer.toml)

* feat: add everything-claude-code ECC bundle (.codex/agents/docs-researcher.toml)

* feat: add everything-claude-code ECC bundle (.claude/rules/everything-claude-code-guardrails.md)

* feat: add everything-claude-code ECC bundle (.claude/research/everything-claude-code-research-playbook.md)

* feat: add everything-claude-code ECC bundle (.claude/team/everything-claude-code-team-config.json)

* feat: add everything-claude-code ECC bundle (.claude/enterprise/controls.md)

* feat: add everything-claude-code ECC bundle (.claude/commands/database-migration.md)

* feat: add everything-claude-code ECC bundle (.claude/commands/feature-development.md)

* feat: add everything-claude-code ECC bundle (.claude/commands/add-language-rules.md)

---------

Co-authored-by: ecc-tools[bot] <257055122+ecc-tools[bot]@users.noreply.github.com>

* ci: retrigger

---------

Co-authored-by: ecc-tools[bot] <257055122+ecc-tools[bot]@users.noreply.github.com>
2026-03-20 05:20:23 -07:00

1.7 KiB
Raw Permalink Blame History

paths
paths
**/*.cs
**/*.csx
**/*.csproj
**/appsettings*.json

C# Security

This file extends common/security.md with C#-specific content.

Secret Management

  • Never hardcode API keys, tokens, or connection strings in source code
  • Use environment variables, user secrets for local development, and a secret manager in production
  • Keep appsettings.*.json free of real credentials
// BAD
const string ApiKey = "sk-live-123";

// GOOD
var apiKey = builder.Configuration["OpenAI:ApiKey"]
    ?? throw new InvalidOperationException("OpenAI:ApiKey is not configured.");

SQL Injection Prevention

  • Always use parameterized queries with ADO.NET, Dapper, or EF Core
  • Never concatenate user input into SQL strings
  • Validate sort fields and filter operators before using dynamic query composition
const string sql = "SELECT * FROM Orders WHERE CustomerId = @customerId";
await connection.QueryAsync<Order>(sql, new { customerId });

Input Validation

  • Validate DTOs at the application boundary
  • Use data annotations, FluentValidation, or explicit guard clauses
  • Reject invalid model state before running business logic

Authentication and Authorization

  • Prefer framework auth handlers instead of custom token parsing
  • Enforce authorization policies at endpoint or handler boundaries
  • Never log raw tokens, passwords, or PII

Error Handling

  • Return safe client-facing messages
  • Log detailed exceptions with structured context server-side
  • Do not expose stack traces, SQL text, or filesystem paths in API responses

References

See skill: security-review for broader application security review checklists.

Reference in New Issue View Git Blame Copy Permalink