CtrlK
BlogDocsLog inGet started
Tessl Logo

dryrunsecurity/remediation

Helps fix security vulnerabilities identified by DryRunSecurity. Activates when the user shares a DryRunSecurity comment (from a GitHub PR or GitLab MR) or asks for help fixing any security finding including SQL injection, XSS, CSRF, SSRF, path traversal, command injection, authentication bypass, authorization flaws, and prompt injection. Researches authoritative sources and applies fixes grounded in the user's specific codebase context.

99

Quality

99%

Does it follow best practices?

Impact

Pending

No eval scenarios have been run

Overview
Skills
Evals
Files

VULNERABILITY_TYPES.md

Vulnerability Types Reference

CWE References

When researching fixes, these CWE references provide formal vulnerability definitions:

VulnerabilityCWEDescription
SQL InjectionCWE-89Improper Neutralization of Special Elements used in an SQL Command
Cross-Site Scripting (XSS)CWE-79Improper Neutralization of Input During Web Page Generation
Server-Side Request Forgery (SSRF)CWE-918Server-Side Request Forgery
Missing AuthorizationCWE-862Missing Authorization
Incorrect AuthorizationCWE-863Incorrect Authorization
Cross-Site Request Forgery (CSRF)CWE-352Cross-Site Request Forgery
Path TraversalCWE-22Improper Limitation of a Pathname to a Restricted Directory
Command InjectionCWE-78Improper Neutralization of Special Elements used in an OS Command

Supported Vulnerability Categories

DryRunSecurity detects a wide range of vulnerabilities. The remediation process works for all types:

Traditional Web Vulnerabilities

  • SQL Injection (SQLi)
  • Cross-Site Scripting (XSS)
  • Cross-Site Request Forgery (CSRF)
  • Server-Side Request Forgery (SSRF)
  • Path Traversal
  • Command Injection

API Security Issues

  • Insecure Direct Object Reference (IDOR)
  • Mass Assignment
  • Authentication Bypass
  • Authorization Bypass

Modern Concerns

  • Prompt Injection
  • LLM Security Issues

Language-Specific Issues

  • Deserialization Vulnerabilities
  • Type Confusion

Concurrency Issues

  • Race Conditions
  • Time-of-Check to Time-of-Use (TOCTOU)

Cryptographic Issues

  • Weak Algorithms
  • Key Management Problems

Install with Tessl CLI

npx tessl i dryrunsecurity/remediation@0.1.0

DRYRUN_FILTERING.md

FINDING_FORMAT.md

SKILL.md

tile.json

VULNERABILITY_TYPES.md