From 89a39db7e25588da9fd232d34e38ed607c6b7d8f Mon Sep 17 00:00:00 2001 From: madgerm Date: Sat, 25 Apr 2026 10:45:32 +0200 Subject: [PATCH] Add .opencode/rules/security.md --- .opencode/rules/security.md | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 .opencode/rules/security.md diff --git a/.opencode/rules/security.md b/.opencode/rules/security.md new file mode 100644 index 0000000..a96803d --- /dev/null +++ b/.opencode/rules/security.md @@ -0,0 +1,22 @@ +# Security Rules + +## Generell + +- Nie Secrets in Git +- Input immer validieren +- Output immer escapen + +## XSS + +- HTML specialchars() für User-Input in HTML +- Content-Security-Policy Header setzen + +## CSRF + +- CSRF Token bei Forms +- SameSite=Cookie + +## SQL Injection + +- Prepared Statements immer nutzen +- Nie User-Input direkt in SQL