[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"skill-ff73f82c-dc76-4a6b-94eb-7f165e9e4720":3,"$fB9BakN7i07blGagJNJqAhNEq8LHgvcOzRJ6PP4zX5TA":43},{"id":4,"title":5,"description":6,"categoryId":7,"moduleId":8,"tags":9,"prompt":10,"icon":11,"source":12,"sourceUrl":13,"authorId":14,"authorName":15,"isPublic":16,"stars":17,"runs":18,"createdAt":19,"updatedAt":19,"module":20,"category":27,"packages":34},"ff73f82c-dc76-4a6b-94eb-7f165e9e4720","sharp-edges","锐利边缘","cat_life_career","mod_other","sickn33,other","---\nname: sharp-edges\ndescription: sharp-edges\nrisk: unknown\nsource: community\n---\n\n---\nname: sharp-edges\ndescription: \"Identifies error-prone APIs, dangerous configurations, and footgun designs that enable security mistakes. Use when reviewing API designs, configuration schemas, cryptographic library ergonomics, or evaluating whether code follows 'secure by...\n---\n\n# Sharp Edges Analysis\n\nEvaluates whether APIs, configurations, and interfaces are resistant to developer misuse. Identifies designs where the \"easy path\" leads to insecurity.\n\n## When to Use\n- Reviewing API or library design decisions\n- Auditing configuration schemas for dangerous options\n- Evaluating cryptographic API ergonomics\n- Assessing authentication\u002Fauthorization interfaces\n- Reviewing any code that exposes security-relevant choices to developers\n\n## When NOT to Use\n\n- Implementation bugs (use standard code review)\n- Business logic flaws (use domain-specific analysis)\n- Performance optimization (different concern)\n\n## Core Principle\n\n**The pit of success**: Secure usage should be the path of least resistance. If developers must understand cryptography, read documentation carefully, or remember special rules to avoid vulnerabilities, the API has failed.\n\n## Rationalizations to Reject\n\n| Rationalization | Why It's Wrong | Required Action |\n|-----------------|----------------|-----------------|\n| \"It's documented\" | Developers don't read docs under deadline pressure | Make the secure choice the default or only option |\n| \"Advanced users need flexibility\" | Flexibility creates footguns; most \"advanced\" usage is copy-paste | Provide safe high-level APIs; hide primitives |\n| \"It's the developer's responsibility\" | Blame-shifting; you designed the footgun | Remove the footgun or make it impossible to misuse |\n| \"Nobody would actually do that\" | Developers do everything imaginable under pressure | Assume maximum developer confusion |\n| \"It's just a configuration option\" | Config is code; wrong configs ship to production | Validate configs; reject dangerous combinations |\n| \"We need backwards compatibility\" | Insecure defaults can't be grandfather-claused | Deprecate loudly; force migration |\n\n## Sharp Edge Categories\n\n### 1. Algorithm\u002FMode Selection Footguns\n\nAPIs that let developers choose algorithms invite choosing wrong ones.\n\n**The JWT Pattern** (canonical example):\n- Header specifies algorithm: attacker can set `\"alg\": \"none\"` to bypass signatures\n- Algorithm confusion: RSA public key used as HMAC secret when switching RS256→HS256\n- Root cause: Letting untrusted input control security-critical decisions\n\n**Detection patterns:**\n- Function parameters like `algorithm`, `mode`, `cipher`, `hash_type`\n- Enums\u002Fstrings selecting cryptographic primitives\n- Configuration options for security mechanisms\n\n**Example - PHP password_hash allowing weak algorithms:**\n```php\n\u002F\u002F DANGEROUS: allows crc32, md5, sha1\npassword_hash($password, PASSWORD_DEFAULT); \u002F\u002F Good - no choice\nhash($algorithm, $password); \u002F\u002F BAD: accepts \"crc32\"\n```\n\n### 2. Dangerous Defaults\n\nDefaults that are insecure, or zero\u002Fempty values that disable security.\n\n**The OTP Lifetime Pattern:**\n```python\n# What happens when lifetime=0?\ndef verify_otp(code, lifetime=300):  # 300 seconds default\n    if lifetime == 0:\n        return True  # OOPS: 0 means \"accept all\"?\n        # Or does it mean \"expired immediately\"?\n```\n\n**Detection patterns:**\n- Timeouts\u002Flifetimes that accept 0 (infinite? immediate expiry?)\n- Empty strings that bypass checks\n- Null values that skip validation\n- Boolean defaults that disable security features\n- Negative values with undefined semantics\n\n**Questions to ask:**\n- What happens with `timeout=0`? `max_attempts=0`? `key=\"\"`?\n- Is the default the most secure option?\n- Can any default value disable security entirely?\n\n### 3. Primitive vs. Semantic APIs\n\nAPIs that expose raw bytes instead of meaningful types invite type confusion.\n\n**The Libsodium vs. Halite Pattern:**\n\n```php\n\u002F\u002F Libsodium (primitives): bytes are bytes\nsodium_crypto_box($message, $nonce, $keypair);\n\u002F\u002F Easy to: swap nonce\u002Fkeypair, reuse nonces, use wrong key type\n\n\u002F\u002F Halite (semantic): types enforce correct usage\nCrypto::seal($message, new EncryptionPublicKey($key));\n\u002F\u002F Wrong key type = type error, not silent failure\n```\n\n**Detection patterns:**\n- Functions taking `bytes`, `string`, `[]byte` for distinct security concepts\n- Parameters that could be swapped without type errors\n- Same type used for keys, nonces, ciphertexts, signatures\n\n**The comparison footgun:**\n```go\n\u002F\u002F Timing-safe comparison looks identical to unsafe\nif hmac == expected { }           \u002F\u002F BAD: timing attack\nif hmac.Equal(mac, expected) { }  \u002F\u002F Good: constant-time\n\u002F\u002F Same types, different security properties\n```\n\n### 4. Configuration Cliffs\n\nOne wrong setting creates catastrophic failure, with no warning.\n\n**Detection patterns:**\n- Boolean flags that disable security entirely\n- String configs that aren't validated\n- Combinations of settings that interact dangerously\n- Environment variables that override security settings\n- Constructor parameters with sensible defaults but no validation (callers can override with insecure values)\n\n**Examples:**\n```yaml\n# One typo = disaster\nverify_ssl: fasle  # Typo silently accepted as truthy?\n\n# Magic values\nsession_timeout: -1  # Does this mean \"never expire\"?\n\n# Dangerous combinations accepted silently\nauth_required: true\nbypass_auth_for_health_checks: true\nhealth_check_path: \"\u002F\"  # Oops\n```\n\n```php\n\u002F\u002F Sensible default doesn't protect against bad callers\npublic function __construct(\n    public string $hashAlgo = 'sha256',  \u002F\u002F Good default...\n    public int $otpLifetime = 120,       \u002F\u002F ...but accepts md5, 0, etc.\n) {}\n```\n\nSee config-patterns.md for detailed patterns.\n\n### 5. Silent Failures\n\nErrors that don't surface, or success that masks failure.\n\n**Detection patterns:**\n- Functions returning booleans instead of throwing on security failures\n- Empty catch blocks around security operations\n- Default values substituted on parse errors\n- Verification functions that \"succeed\" on malformed input\n\n**Examples:**\n```python\n# Silent bypass\ndef verify_signature(sig, data, key):\n    if not key:\n        return True  # No key = skip verification?!\n\n# Return value ignored\nsignature.verify(data, sig)  # Throws on failure\ncrypto.verify(data, sig)     # Returns False on failure\n# Developer forgets to check return value\n```\n\n### 6. Stringly-Typed Security\n\nSecurity-critical values as plain strings enable injection and confusion.\n\n**Detection patterns:**\n- SQL\u002Fcommands built from string concatenation\n- Permissions as comma-separated strings\n- Roles\u002Fscopes as arbitrary strings instead of enums\n- URLs constructed by joining strings\n\n**The permission accumulation footgun:**\n```python\npermissions = \"read,write\"\npermissions += \",admin\"  # Too easy to escalate\n\n# vs. type-safe\npermissions = {Permission.READ, Permission.WRITE}\npermissions.add(Permission.ADMIN)  # At least it's explicit\n```\n\n## Analysis Workflow\n\n### Phase 1: Surface Identification\n\n1. **Map security-relevant APIs**: authentication, authorization, cryptography, session management, input validation\n2. **Identify developer choice points**: Where can developers select algorithms, configure timeouts, choose modes?\n3. **Find configuration schemas**: Environment variables, config files, constructor parameters\n\n### Phase 2: Edge Case Probing\n\nFor each choice point, ask:\n- **Zero\u002Fempty\u002Fnull**: What happens with `0`, `\"\"`, `null`, `[]`?\n- **Negative values**: What does `-1` mean? Infinite? Error?\n- **Type confusion**: Can different security concepts be swapped?\n- **Default values**: Is the default secure? Is it documented?\n- **Error paths**: What happens on invalid input? Silent acceptance?\n\n### Phase 3: Threat Modeling\n\nConsider three adversaries:\n\n1. **The Scoundrel**: Actively malicious developer or attacker controlling config\n   - Can they disable security via configuration?\n   - Can they downgrade algorithms?\n   - Can they inject malicious values?\n\n2. **The Lazy Developer**: Copy-pastes examples, skips documentation\n   - Will the first example they find be secure?\n   - Is the path of least resistance secure?\n   - Do error messages guide toward secure usage?\n\n3. **The Confused Developer**: Misunderstands the API\n   - Can they swap parameters without type errors?\n   - Can they use the wrong key\u002Falgorithm\u002Fmode by accident?\n   - Are failure modes obvious or silent?\n\n### Phase 4: Validate Findings\n\nFor each identified sharp edge:\n\n1. **Reproduce the misuse**: Write minimal code demonstrating the footgun\n2. **Verify exploitability**: Does the misuse create a real vulnerability?\n3. **Check documentation**: Is the danger documented? (Documentation doesn't excuse bad design, but affects severity)\n4. **Test mitigations**: Can the API be used safely with reasonable effort?\n\nIf a finding seems questionable, return to Phase 2 and probe more edge cases.\n\n## Severity Classification\n\n| Severity | Criteria | Examples |\n|----------|----------|----------|\n| Critical | Default or obvious usage is insecure | `verify: false` default; empty password allowed |\n| High | Easy misconfiguration breaks security | Algorithm parameter accepts \"none\" |\n| Medium | Unusual but possible misconfiguration | Negative timeout has unexpected meaning |\n| Low | Requires deliberate misuse | Obscure parameter combination |\n\n## References\n\n**By category:**\n\n- **Cryptographic APIs**: See references\u002Fcrypto-apis.md\n- **Configuration Patterns**: See references\u002Fconfig-patterns.md\n- **Authentication\u002FSession**: See references\u002Fauth-patterns.md\n- **Real-World Case Studies**: See references\u002Fcase-studies.md (OpenSSL, GMP, etc.)\n\n**By language** (general footguns, not crypto-specific):\n\n| Language | Guide |\n|----------|-------|\n| C\u002FC++ | references\u002Flang-c.md |\n| Go | references\u002Flang-go.md |\n| Rust | references\u002Flang-rust.md |\n| Swift | references\u002Flang-swift.md |\n| Java | references\u002Flang-java.md |\n| Kotlin | references\u002Flang-kotlin.md |\n| C# | references\u002Flang-csharp.md |\n| PHP | references\u002Flang-php.md |\n| JavaScript\u002FTypeScript | references\u002Flang-javascript.md |\n| Python | references\u002Flang-python.md |\n| Ruby | references\u002Flang-ruby.md |\n\nSee also references\u002Flanguage-specific.md for a combined quick reference.\n\n## Quality Checklist\n\nBefore concluding analysis:\n\n- [ ] Probed all zero\u002Fempty\u002Fnull edge cases\n- [ ] Verified defaults are secure\n- [ ] Checked for algorithm\u002Fmode selection footguns\n- [ ] Tested type confusion between security concepts\n- [ ] Considered all three adversary types\n- [ ] Verified error paths don't bypass security\n- [ ] Checked configuration validation\n- [ ] Constructor params validated (not just defaulted) - see config-patterns.md\n\n## Limitations\n- Use this skill only when the task clearly matches the scope described above.\n- Do not treat the output as a substitute for environment-specific validation, testing, or expert review.\n- Stop and ask for clarification if required inputs, permissions, safety boundaries, or success criteria are missing.\n","","imported","https:\u002F\u002Fgithub.com\u002Fsickn33\u002Fantigravity-awesome-skills","user_system_seed","SkillOPIC",true,162,921,"2026-05-16 13:40:15",{"id":8,"name":21,"slug":22,"icon":23,"description":24,"sort":25,"createdAt":26},"其他","other","mdi-page-next-outline","其他类型Skill",5,"2026-05-16 12:53:40",{"id":7,"name":28,"slug":29,"icon":30,"description":31,"moduleId":8,"sort":32,"skillCount":33,"createdAt":26},"职场发展","career","mdi-briefcase-outline","面试准备、简历优化、职业规划",4,575,[35],{"id":36,"skillId":4,"version":37,"fileName":38,"fileSize":39,"filePath":40,"fileHash":41,"manifest":42,"createdAt":19},"b50c28ab-bf8e-409e-92cd-738d6344302e","1.0.0","sharp-edges.zip",4748,"uploads\u002Fskills\u002Fff73f82c-dc76-4a6b-94eb-7f165e9e4720\u002Fsharp-edges.zip","64f0b31b574bddf453ac7f607e2163032635bc5bf830dba8e7ac1c0cfce0d102","[{\"path\":\"SKILL.md\",\"isDirectory\":false,\"size\":11054}]",{"code":44,"message":45,"data":46},200,"success",{"items":47,"stats":48,"page":51},[],{"averageRating":49,"totalRatings":49,"ratingCounts":50},0,[49,49,49,49,49],{"limit":52,"offset":49,"hasMore":53,"nextOffset":52,"ratedOnly":16},15,false]