$ loading_
帮助你在数据流经各层时建立分层校验,提前阻断缺陷与安全风险。
复制安装指令,让 AI 自动完成配置 · 推荐新手
请帮我安装 askskill 上的 "Defense-in-Depth Validation" 技能: 1. 下载 https://raw.githubusercontent.com/obra/clank/main/skills/debugging/defense-in-depth/SKILL.md 2. 保存为 ~/.claude/skills/defense-in-depth/SKILL.md 3. 装好后重载技能,告诉我可以用了
请为一个用户注册接口设计 defense-in-depth validation 方案,覆盖前端表单、API 网关、后端服务、数据库四层。请列出每层要校验的字段、规则、错误处理方式,以及如何避免重复与遗漏。
一份分层校验设计清单,明确各层职责、校验规则与异常处理建议。
我们现在只有后端做参数校验。请帮我审查一个订单创建流程在前端、接口层、服务层、数据库层可能遗漏的校验点,并按风险高低排序,给出补强建议。
一份按风险排序的校验缺口报告,并附带可执行的补强方案。
基于 defense-in-depth validation 思路,为支付请求生成测试用例,覆盖合法输入、边界值、恶意输入、类型错误、重复请求和数据库约束冲突,并说明每层应如何响应。
一套覆盖多层校验场景的测试用例列表,包含预期响应与失败处理方式。
When you fix a bug caused by invalid data, adding validation at one place feels sufficient. But that single check can be bypassed by different code paths, refactoring, or mocks.
Core principle: Validate at EVERY layer data passes through. Make the bug structurally impossible.
Single validation: "We fixed the bug" Multiple layers: "We made the bug impossible"
Different layers catch different cases:
Purpose: Reject obviously invalid input at API boundary
function createProject(name: string, workingDirectory: string) {
if (!workingDirectory || workingDirectory.trim() === '') {
throw new Error('workingDirectory cannot be empty');
}
if (!existsSync(workingDirectory)) {
throw new Error(`workingDirectory does not exist: ${workingDirectory}`);
}
if (!statSync(workingDirectory).isDirectory()) {
throw new Error(`workingDirectory is not a directory: ${workingDirectory}`);
}
// ... proceed
}
Purpose: Ensure data makes sense for this operation
function initializeWorkspace(projectDir: string, sessionId: string) {
if (!projectDir) {
throw new Error('projectDir required for workspace initialization');
}
// ... proceed
}
Purpose: Prevent dangerous operations in specific contexts
async function gitInit(directory: string) {
// In tests, refuse git init outside temp directories
if (process.env.NODE_ENV === 'test') {
const normalized = normalize(resolve(directory));
const tmpDir = normalize(resolve(tmpdir()));
if (!normalized.startsWith(tmpDir)) {
throw new Error(
`Refusing git init outside temp dir during tests: ${directory}`
);
}
}
// ... proceed
}
Purpose: Capture context for forensics
async function gitInit(directory: string) {
const stack = new Error().stack;
logger.debug('About to git init', {
directory,
cwd: process.cwd(),
stack,
});
// ... proceed
}
When you find a bug:
Bug: Empty projectDir caused git init in source code
Data flow:
Project.create(name, '')WorkspaceManager.createWorkspace('')git init runs in process.cwd()Four layers added:
Project.create() validates not empty/exists/writableWorkspaceManager validates projectDir not emptyWorktreeManager refuses git init outside tmpdir in testsResult: All 1847 tests passed, bug impossible to reproduce
All four layers were necessary. During testing, each layer caught bugs the others missed:
Don't stop at one validation point. Add checks at every layer.
帮助你为变量选择清晰准确、易维护的命名,提升代码可读性。
在部署前深度检查 Azure 配置、权限与基础设施就绪情况,提前发现风险。