vuln-scanlisted

# Vuln Scan — Systematic Vulnerability Scanner ## Iron Law Code you haven't scanned for vulnerabilities has vulnerabilities you haven't found. ## Process ### Step 0: Load Engagement Context Check for `.harness/engagement.md`. If present, load scope constraints — only scan in-scope paths and respect exclusions. Check for `THREAT_MODEL.md` from a previous `/threat-model` run. If present, use its threat scenarios as scan targets. If absent, run full-surface scan. ### Step 1: Scope the Scan ```bash # Gather changed files (for incremental scans) git diff --name-only $(git merge-base HEAD main) # Or scan entire codebase find . -type f \( -name "*.rs" -o -name "*.ts" -o -name "*.js" -o -name "*.py" -o -name "*.go" \) \ | grep -v node_modules | grep -v target | grep -v vendor ``` ### Step 2: Run Scan Dimensions (Parallel) Launch all dimensions concurrently: #### Dimension 1: Injection Scan Search patterns: ``` eval( exec( system( string concat SQL format!.*query raw_query innerHTML dangerouslySetInnerHTML ``` For each match: - File, line number, surrounding context (5 lines) - Severity: CRITICAL (eval/exec), HIGH (SQL concat), MEDIUM (DOM injection) #### Dimension 2: Auth & Session Scan Search patterns: ``` password secret api_key token credential private_key Bearer Authorization session cookie ``` For each match: - Check: hardcoded value vs. config/env referen