feat: add unified code quality dashboard with multiple validators

- Add validator_type field to scans and violations (architecture, security, performance) - Create security validator with SEC-xxx rules - Create performance validator with PERF-xxx rules - Add base validator class for shared functionality - Add validate_all.py script to run all validators - Update code quality service with validator type filtering - Add validator type tabs to dashboard UI - Add validator type filter to violations list - Update stats response with per-validator breakdown - Add security and performance rules documentation - Add chat-bubble icons to icon library 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-21 20:57:47 +01:00
parent 6a903e16c6
commit 26b3dc9e3b
27 changed files with 5270 additions and 119 deletions
--- a/.security-rules/injection.yaml
+++ b/.security-rules/injection.yaml
@@ -0,0 +1,70 @@
+# Injection Prevention Rules
+# ==========================
+
+injection_rules:
+  - id: SEC-011
+    name: No raw SQL queries
+    severity: error
+    description: >
+      Use SQLAlchemy ORM or parameterized queries only.
+      Never concatenate user input into SQL strings.
+
+  - id: SEC-012
+    name: No shell command injection
+    severity: error
+    description: >
+      Never use shell=True with subprocess.
+      Use subprocess with list arguments.
+
+  - id: SEC-013
+    name: No code execution
+    severity: error
+    description: >
+      Never use eval() or exec() with user input.
+
+  - id: SEC-014
+    name: Path traversal prevention
+    severity: error
+    description: >
+      Validate file paths to prevent directory traversal.
+      Use secure_filename() for uploads.
+
+  - id: SEC-015
+    name: XSS prevention in templates
+    severity: error
+    description: >
+      Use safe output methods in templates.
+      Prefer x-text over x-html.
+
+  - id: SEC-016
+    name: LDAP injection prevention
+    severity: error
+    description: >
+      Escape special characters in LDAP queries.
+
+  - id: SEC-017
+    name: XML external entity prevention
+    severity: error
+    description: >
+      Disable external entities when parsing XML.
+      Use defusedxml.
+
+  - id: SEC-018
+    name: Template injection prevention
+    severity: error
+    description: >
+      Never render user input as template code.
+
+  - id: SEC-019
+    name: SSRF prevention
+    severity: warning
+    description: >
+      Validate URLs before making external requests.
+      Whitelist allowed domains.
+
+  - id: SEC-020
+    name: Deserialization safety
+    severity: error
+    description: >
+      Never deserialize untrusted data with pickle.
+      Use yaml.safe_load() instead of yaml.load().