rodin/security-patterns
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
1 Commit 2 Branches 0 Tags
647928a0a1bb9d0ef96ea649f80d21c8dd7a0441
T
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Rodin 647928a0a1 Initial commit: 9 security patterns for code review 
Fundamentals: secure-defaults, input-validation, credential-handling, audit-logging
Identity: authentication, authorization
Attack Prevention: injection-prevention, dos-prevention, prompt-injection
2026-05-10 22:45:03 -07:00
audit-logging.md
Initial commit: 9 security patterns for code review
2026-05-10 22:45:03 -07:00
authentication.md
Initial commit: 9 security patterns for code review
2026-05-10 22:45:03 -07:00
authorization.md
Initial commit: 9 security patterns for code review
2026-05-10 22:45:03 -07:00
credential-handling.md
Initial commit: 9 security patterns for code review
2026-05-10 22:45:03 -07:00
dos-prevention.md
Initial commit: 9 security patterns for code review
2026-05-10 22:45:03 -07:00
injection-prevention.md
Initial commit: 9 security patterns for code review
2026-05-10 22:45:03 -07:00
input-validation.md
Initial commit: 9 security patterns for code review
2026-05-10 22:45:03 -07:00
prompt-injection.md
Initial commit: 9 security patterns for code review
2026-05-10 22:45:03 -07:00
README.md
Initial commit: 9 security patterns for code review
2026-05-10 22:45:03 -07:00
secure-defaults.md
Initial commit: 9 security patterns for code review
2026-05-10 22:45:03 -07:00

README.md

Security Patterns

Scannable patterns for security code review. Each file has:

  • Rule — what to do
  • Correct Pattern — code that works (Python)
  • Incorrect Pattern — common mistakes
  • Edge Cases — gotchas

Patterns

Fundamentals

File Topic
secure-defaults.md Fail closed, deny by default, defense in depth
input-validation.md Allowlist > blocklist, validate at boundaries
credential-handling.md No hardcoded secrets, environment/secret manager
audit-logging.md What to log, what not to log

Identity

File Topic
authentication.md Passwords, tokens, MFA, brute force protection
authorization.md Permission checks, IDOR prevention, privilege escalation

Attack Prevention

File Topic
injection-prevention.md SQL, command, template, path traversal
dos-prevention.md Rate limiting, resource bounds, algorithmic complexity
prompt-injection.md LLM security, data/instruction separation

Sources

Usage

Reference these patterns when building or reviewing systems. Code examples are in Python for universal model comprehension; concepts apply to any language.

Reference in New Issue View Git Blame Copy Permalink
S
Description
Security patterns for code review — credentials, validation, injection, DOS, prompt injection
Readme 88 KiB
Languages
Markdown 100%