policy(review): block sequential-int ids and require compound identifier names#313
Merged
Conversation
…ier names Add two review-policy rules to the ci-review, code-reviewer, and template prompts (existing asserted phrases kept intact): 1. Identifier exposure / enumeration safety is a security blocker. A primary key or any identifier exposed via API/URL/redirect/filename/cache key that is a sequential auto-increment integer (SERIAL, AUTO_INCREMENT, IDENTITY, ORM id) → REQUEST_CHANGES; require a non-sequential, non-guessable id (random UUIDv4 or random token) at every exposed boundary. Sequential ids enable IDOR / enumeration (the Coupang breach exploited guessable sequential ids). Internal -only auto-increment keys allowed only when never exposed. 2. Every new/renamed identifier must be two or more meaningful words in the file language's idiomatic case (snake_case Python/Ruby/Rust/SQL, camelCase JS/TS/Java/Kotlin/Swift, PascalCase types/Go exports, SCREAMING_SNAKE_CASE constants) — per-language, never forcing one language's casing on another. Bare single-word/reserved names are blockers; loop indices and idiomatic single-letter math vars are exempt. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01RTAMs4bpSZS77Xe3RQjv9P
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
목적 (사용자 요청)
리뷰/보안 정책에 두 규칙 추가:
변경 (LLM 리뷰어 프롬프트 3종)
ci-review-prompt.md,code-reviewer-prompt.md,scripts/ci/opencode_review_prompt_template.md에 규칙 추가(기존 검증 문구는 유지):규칙 1 — 식별자 노출/열거 안전 = 보안 블로커
API 응답·URL·redirect·filename·cache key 등 클라이언트 노출면에 나오는 PK/식별자가 순차 auto-increment 정수(SERIAL/AUTO_INCREMENT/IDENTITY/ORM
id)면 REQUEST_CHANGES. 노출 경계마다 비순차·추측불가 식별자(random UUIDv4/random token) 요구. 시간순 ULID/UUIDv7은 생성순서 누출이 무해할 때만 허용. 내부 전용 auto-increment는 절대 노출 안 되고 외부 경계마다 별도 opaque id를 쓸 때만 허용. 쿠팡 순차-id 침해 사례 인용.규칙 2 — 복합어 네이밍(2단어+), 언어별
신규/이름변경 식별자(테이블·컬럼·키·API 필드·라우트·클래스·함수·메서드·변수·파일 등)는 2단어 이상 의미 조합. 파일 언어의 관용 케이스 사용 — snake_case(Python/Ruby/Rust/SQL/DB 컬럼), camelCase(JS/TS/Java/Kotlin/Swift), PascalCase(타입/클래스/Go export), SCREAMING_SNAKE_CASE(상수). 한 언어의 케이스를 다른 언어에 강요 금지. bare 단일어/예약어는 블로커. 단, 짧은 루프 인덱스·관용적 단문자 수학 변수는 예외.
참고
test_opencode_agent_contract.py의 2개 실패는 #295발 기존 불일치(timeout-minutes 구조)로 이 PR과 무관하며 필수 CI가 아님. 네이밍/프롬프트 관련 가드는 전부 통과.🤖 Generated with Claude Code