2dc5cf1102
意図的な設計判断をレビュアーが誤検知(FP)しないよう、全 review-*.md に
{report:coder-decisions.md} の参照セクションを追加。ただし設計判断自体の
妥当性も評価する指示を含め、盲目的な通過を防ぐ。
19 lines
849 B
Markdown
19 lines
849 B
Markdown
Review the changes from a security perspective. Check for the following vulnerabilities:
|
|
- Injection attacks (SQL, command, XSS)
|
|
- Authentication and authorization flaws
|
|
- Data exposure risks
|
|
- Cryptographic weaknesses
|
|
|
|
|
|
**Design decisions reference:**
|
|
Review {report:coder-decisions.md} to understand the recorded design decisions.
|
|
- Do not flag intentionally documented decisions as FP
|
|
- However, also evaluate whether the design decisions themselves are sound, and flag any problems
|
|
|
|
## Judgment Procedure
|
|
|
|
1. Review the change diff and detect issues based on the security criteria above
|
|
- Cross-check changes against REJECT criteria tables defined in knowledge
|
|
2. For each detected issue, classify as blocking/non-blocking based on Policy's scope determination table and judgment rules
|
|
3. If there is even one blocking issue, judge as REJECT
|