Conversation
- OWASP 2025: 주석만 있던 코드블록을 Nginx TLS, Python KMS, FastAPI RBAC, K8s RBAC 실제 코드로 교체 - Blockchain: Slither 설치 명령, GitHub Actions 워크플로우, Solidity FailSafe 예시, 사고대응 템플릿 추가 - Cloud Security Course: 깨진 blockquote 코드블록 수정, SSRF 방어 설명 보완, 참고 링크 정리 - AWS Cloud Security: ASCII 다이어그램 언어 태그 수정 (json → text) - SVG 3개 파일 한글→영어 변환 (agentic_defense_architecture, tool_poisoning, tool_chain_attack) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
There was a problem hiding this comment.
Pull request overview
4개 보안/클라우드 관련 블로그 포스트의 코드/설명 품질을 개선하고, Agentic 보안 관련 Mermaid SVG 3종의 라벨을 한글에서 영어로 변환하는 PR입니다.
Changes:
- OWASP 2025 포스트에 TLS/KMS/FastAPI RBAC/K8s RBAC 등 대응 코드 예시 추가
- Blockchain 포스트에 Slither 설치/사용, GitHub Actions 통합 예시, Fail-Safe Solidity 예시, 커뮤니케이션 템플릿 추가
- Cloud/AWS 관련 포스트의 깨진 인용 코드블록 제거 및 코드 펜스 언어 태그 정리, SSRF 방어 설명 보완
- Mermaid SVG 3개(Agentic 공격/방어 다이어그램) 라벨 영어화
Reviewed changes
Copilot reviewed 4 out of 7 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| assets/images/mermaid/agentic_tool_poisoning.svg | Tool poisoning 다이어그램 라벨을 영어로 변환 |
| assets/images/mermaid/agentic_tool_chain_attack.svg | Tool chain attack 다이어그램 라벨을 영어로 변환 |
| assets/images/mermaid/agentic_defense_architecture.svg | Agentic defense architecture 다이어그램 라벨을 영어로 변환 |
| _posts/2026-01-14-AWS_Cloud_Security_Complete_Guide_IAMFrom_EKSTo_Security_Architecture.md | ASCII 다이어그램 코드블록 언어 태그를 json→text로 수정 |
| _posts/2026-01-08-Cloud_Security_Course_8Batch_6Week_AWS_WAF_CloudFront_Security_Architecture_And_GitHub_DevSecOps_Practical.md | 깨진 인용 코드블록 제거 및 SSRF 방어 설명 보완 |
| _posts/2026-01-08-Blockchain_Cryptocurrency_Security_Complete_Guide_DevSecOps_From_Perspective_View_GitHub_Security_Tools_And_Best_Practice.md | Slither/GHA/FailSafe 예시 및 사고대응 커뮤니케이션 템플릿 추가 |
| _posts/2026-01-03-OWASP_2025_Latest_Update_Complete_Guide_Top_10_Agentic_AI_Security.md | OWASP 대응 코드 예시(nginx/python/fastapi/k8s)로 기존 주석성 블록 교체/확장 |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| - uses: actions/checkout@v3 | ||
| - name: Run Slither | ||
| uses: crytic/slither-action@v0.3.0 | ||
| with: | ||
| target: contracts/ | ||
| slither-args: '--json slither-report.json' | ||
| - name: Upload Report | ||
| uses: actions/upload-artifact@v3 |
There was a problem hiding this comment.
The GitHub Actions example uses very old action versions (actions/checkout@v3 and actions/upload-artifact@v3). This repo’s workflows are already on actions/checkout@v6 and upload-artifact@v7, so the post example should be updated to match current/maintained versions.
| - uses: actions/checkout@v3 | |
| - name: Run Slither | |
| uses: crytic/slither-action@v0.3.0 | |
| with: | |
| target: contracts/ | |
| slither-args: '--json slither-report.json' | |
| - name: Upload Report | |
| uses: actions/upload-artifact@v3 | |
| - uses: actions/checkout@v6 | |
| - name: Run Slither | |
| uses: crytic/slither-action@v0.3.0 | |
| with: | |
| target: contracts/ | |
| slither-args: '--json slither-report.json' | |
| - name: Upload Report | |
| uses: actions/upload-artifact@v7 |
| function withdraw(uint256 amount) external whenNotPaused { | ||
| require(balances[msg.sender] >= amount, "Insufficient balance"); | ||
| balances[msg.sender] -= amount; | ||
| (bool success, ) = msg.sender.call{value: amount}(""); | ||
| require(success, "Transfer failed"); | ||
| } |
There was a problem hiding this comment.
The FailSafeVault example performs an external call (msg.sender.call) without a reentrancy guard. Even though balances are decremented before the call, readers may copy this pattern into more complex contracts; consider adding ReentrancyGuard/nonReentrant (or explicitly explain why this specific pattern is safe here).
| ```nginx | ||
| # Nginx TLS 1.3 전용 설정 | ||
| ssl_protocols TLSv1.3; | ||
| ssl_ciphers TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256; | ||
| ssl_prefer_server_ciphers on; | ||
| ssl_session_timeout 1d; | ||
| ssl_session_cache shared:MozSSL:10m; | ||
|
|
||
| # HSTS (6개월 이상 권장) | ||
| add_header Strict-Transport-Security "max-age=15768000; includeSubDomains" always; |
There was a problem hiding this comment.
This is labeled as “TLS 1.3 전용 설정”, but the config uses directives that don’t actually control TLS 1.3 ciphers in Nginx (e.g., ssl_ciphers / ssl_prefer_server_ciphers). Either adjust the snippet to configure TLS 1.3 cipher suites correctly (or broaden it to TLS 1.2+ and clarify what each directive applies to) so the example matches the text.
| # 키 로테이션 자동화 예시 (Python + AWS KMS) | ||
| import boto3 | ||
| from datetime import datetime, timedelta | ||
|
|
||
| def rotate_key_if_expired(key_alias: str, max_age_days: int = 90) -> None: | ||
| kms = boto3.client("kms") | ||
| meta = kms.describe_key(KeyId=key_alias)["KeyMetadata"] | ||
| created = meta["CreationDate"].replace(tzinfo=None) | ||
| if datetime.utcnow() - created > timedelta(days=max_age_days): | ||
| kms.enable_key_rotation(KeyId=meta["KeyId"]) | ||
| print(f"[INFO] Key rotation enabled for {key_alias}") |
There was a problem hiding this comment.
The function name/description suggests key rotation (“rotate_key_if_expired”, “키 로테이션 자동화”), but the code only enables AWS KMS automatic rotation and does not rotate keys on demand (and KMS rotation isn’t configurable to a 90-day period). Consider renaming this to something like “ensure_key_rotation_enabled” and/or changing the example to an alias-swap/new-key rotation flow so it matches the stated goal.
| # 키 로테이션 자동화 예시 (Python + AWS KMS) | |
| import boto3 | |
| from datetime import datetime, timedelta | |
| def rotate_key_if_expired(key_alias: str, max_age_days: int = 90) -> None: | |
| kms = boto3.client("kms") | |
| meta = kms.describe_key(KeyId=key_alias)["KeyMetadata"] | |
| created = meta["CreationDate"].replace(tzinfo=None) | |
| if datetime.utcnow() - created > timedelta(days=max_age_days): | |
| kms.enable_key_rotation(KeyId=meta["KeyId"]) | |
| print(f"[INFO] Key rotation enabled for {key_alias}") | |
| # KMS 키 자동 로테이션 설정 예시 (Python + AWS KMS) | |
| import boto3 | |
| def ensure_key_rotation_enabled(key_alias: str) -> None: | |
| """ | |
| 지정된 KMS 키(alias)에 대해 AWS KMS의 자동 로테이션(연 1회)을 활성화합니다. | |
| """ | |
| kms = boto3.client("kms") | |
| meta = kms.describe_key(KeyId=key_alias)["KeyMetadata"] | |
| kms.enable_key_rotation(KeyId=meta["KeyId"]) | |
| print(f"[INFO] Automatic key rotation enabled for {key_alias}") |
| # FastAPI RBAC 미들웨어 예시 (최소 권한 원칙 적용) | ||
| from functools import wraps | ||
| from fastapi import HTTPException, status | ||
|
|
||
| def require_role(*roles): | ||
| def decorator(func): | ||
| @wraps(func) | ||
| async def wrapper(*args, current_user=None, **kwargs): | ||
| if current_user is None or current_user.role not in roles: | ||
| raise HTTPException( | ||
| status_code=status.HTTP_403_FORBIDDEN, | ||
| detail="권한이 없습니다." | ||
| ) | ||
| return await func(*args, current_user=current_user, **kwargs) | ||
| return wrapper | ||
| return decorator | ||
|
|
||
| # 사용 예: 관리자 전용 엔드포인트 | ||
| @app.delete("/api/users/{user_id}") | ||
| @require_role("admin") | ||
| async def delete_user(user_id: int, current_user=Depends(get_current_user)): | ||
| ... |
There was a problem hiding this comment.
The FastAPI RBAC example won’t run as-is because it uses Depends/get_current_user and app without importing/defining them (Depends is not imported in this snippet). Either add the missing imports/definitions or explicitly note that these are assumed to exist elsewhere, so readers don’t copy a broken example.
- AI_Agent_Security_Architecture_Design_Guide 시리즈 6개 - LLM_Security_Practical_Guide 시리즈 11개 - AI_vs_Claude_Code, AWS_Cloud_Security, Cloud_Security_8Batch, Cloud_Security_7Batch, SKT_Security, Tech_Security_Ransomware 5개 - 전체 26개 SVG 파일에서 한글 텍스트 0개 달성 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Summary
Test plan
🤖 Generated with Claude Code