Skip to content

docs: update security.md to adhere to repository rules #15

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
beginwebdev2002 merged 1 commit into from
Mar 26, 2026
Merged

docs: update security.md to adhere to repository rules #15

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 18 additions & 14 deletions .jules/rules/security.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ tags:
---
# 🛡️ System Security & Hardening Rules for Jules

## 🎯 1. Context & Scope
## 📝 1. Context & Scope
- **Primary Goal:** Protect application data and user privacy by strictly enforcing **secure coding** practices and preventing common **OWASP Top 10** vulnerabilities.
- **Target Tooling:** Jules AI agent (Security Audits, Authentication Logic Generation).
- **Tech Stack Version:** Agnostic (Cybersecurity Best Practices).
Expand All @@ -20,21 +20,21 @@ tags:

---

## 🌐 2. Global Threat Mitigation Protocols
## 🌍 2. Global Threat Mitigation Protocols

> [!WARNING]
> **Secret Leakage:** Never hardcode secrets, API keys, passwords, or tokens in the codebase. Always load sensitive data via environment variables (`process.env`) and inject them securely.

### 🛑 OWASP Top 10 Prevention
### 🛡️ OWASP Top 10 Prevention
1. **Injection (SQLi, NoSQLi, Command):** Never directly concatenate user input into database queries or shell commands. Always use parameterized queries (Prepared Statements) or an approved ORM/Query Builder.
2. **Cross-Site Scripting (XSS):** Automatically escape or sanitize all untrusted user content before rendering it in the browser. Do not use dangerously permissive innerHTML setters without a strict HTML sanitizer (like DOMPurify).
2. **Cross-Site Scripting (XSS):** Automatically escape or sanitize all untrusted user content before rendering it in the browser. Do not use unsafe innerHTML setters without a strict HTML sanitizer (like DOMPurify).
3. **Cross-Site Request Forgery (CSRF):** State-changing endpoints must require modern CSRF mitigation, such as SameSite cookies or Anti-CSRF tokens.

### 🔐 Identity & Access Management (IAM)
### 🔑 Identity & Access Management (IAM)
1. **Authentication:** Passwords must be hashed using strong, salted algorithms (e.g., Argon2, bcrypt). Plaintext passwords must never hit the database or logs.
2. **Authorization:** Implement Principle of Least Privilege (PoLP). Role-Based Access Control (RBAC) or Attribute-Based Access Control (ABAC) must be checked at the *server level*, not just hidden on the client UI.

### 🏛️ Security Architecture
### 🏰 Security Architecture

```mermaid
graph TD
Expand All @@ -45,18 +45,19 @@ graph TD
D -->|Sanitized Payload| F[(Database)]
D -.->|No PII Logged| G[Logs: PII Masking]

style A fill:#f9f,stroke:#333,stroke-width:2px
style B fill:#bbf,stroke:#333,stroke-width:2px
style C fill:#fbb,stroke:#333,stroke-width:2px
style D fill:#bfb,stroke:#333,stroke-width:2px
style E fill:#f00,stroke:#333,stroke-width:2px,color:#fff
style F fill:#ccc,stroke:#333,stroke-width:2px
style G fill:#ddd,stroke:#333,stroke-width:2px,stroke-dasharray: 5 5
%% Added Design Token Styles for Mermaid Diagrams
classDef default fill:#e1f5fe,stroke:#03a9f4,stroke-width:2px,color:#000;
classDef component fill:#e8f5e9,stroke:#4caf50,stroke-width:2px,color:#000;
classDef layout fill:#f3e5f5,stroke:#9c27b0,stroke-width:2px,color:#000;

class A default;
class B layout;
class C component;
class D layout;
class E component;
class F default;
class G default;

```

| Security Layer | Pattern/Standard | Jules Requirement |
Expand All @@ -68,10 +69,13 @@ graph TD

---

## 3. Checklist for Jules Agent
## 📋 3. Checklist for Jules Agent

When generating new backend endpoints, architectures, or frontend forms:
- [ ] Validate and sanitize all incoming payload data against a strict schema (e.g., Zod, Class-Validator).
- [ ] Ensure authentication tokens (JWT, Session IDs) are stored securely (HttpOnly, Secure, SameSite cookies).
- [ ] Confirm no sensitive system stack traces or error details are returned to the client in HTTP responses.
- [ ] Verify that updating or fetching a resource confirms the requesting user actually owns that resource (Insecure Direct Object Reference prevention).

## ❓ 4. Frequently Asked Questions
- If the file is already ready, then change it according to the repository rules.
Loading