pentest-whitebox-code-review

Purpose Perform systematic white-box source code security audit using Shannon's backward taint analysis methodology. Traces from dangerous sinks back to user-controlled sources, classifies injection contexts by slot type, verifies XSS render contexts, and produces a prioritized exploitation queue for downstream proof-driven exploitation.

| Slot Type | Sink Pattern | Sanitization Required |

| SQL-val | Query parameter value position | Parameterized query / prepared statement | | SQL-ident | Table name, column name, ORDER BY | Allowlist validation | | CMD-argument | Shell command argument | Argument escaping + allowlist | | FILE-path | File read/write path construction | Path canonicalization + allowlist |

역방향 오염 분석, 슬롯 유형 분류, 렌더링 컨텍스트 확인 및 악용 대기열을 생성하는 3단계 병렬 검토를 사용한 소스 코드 보안 감사입니다. 출처: jd-opensource/joysafeter.