# vulnerability-patterns

標記為「vulnerability-patterns」的 6 篇文章

CWE Mapping for AI-Generated Vulnerabilities

Common AI-generated vulnerabilities mapped to CWE identifiers with real examples: SQL injection (CWE-89), XSS (CWE-79), path traversal (CWE-22), command injection (CWE-78), and hardcoded credentials (CWE-798).

cwesql-injectionxsspath-traversalcommand-injectionhardcoded-credentialsvulnerability-patterns

中級

AI-Generated Vulnerability Patterns

Overview of common vulnerability patterns in AI-generated code, including why models produce insecure code and how these patterns differ from human-introduced vulnerabilities.

vulnerability-patternsai-generated-codecwecode-qualitysecurity-analysis

中級

Language-Specific Risks in AI-Generated Code

Language-specific security risks in AI-generated code: Python (pickle, eval, subprocess), JavaScript (prototype pollution, eval), Rust (unsafe blocks), and Go (SQL injection in string formatting).

pythonjavascriptrustgolanguage-specificvulnerability-patternsai-generated-code

中級

AI 生成漏洞之 CWE 對映

常見 AI 生成漏洞對映至 CWE 識別碼——附真實範例：SQL 注入（CWE-89）、XSS（CWE-79）、路徑穿越（CWE-22）、命令注入（CWE-78）與硬編碼憑證（CWE-798）。

cwesql-injectionxsspath-traversalcommand-injectionhardcoded-credentialsvulnerability-patterns

中級

AI 生成漏洞模式

AI 生成程式碼中常見漏洞模式的概覽，包含模型為何產生不安全程式碼，以及這些模式如何與人類引入的漏洞不同。

vulnerability-patternsai-generated-codecwecode-qualitysecurity-analysis

中級

AI 生成程式碼中之語言特定風險

AI 生成程式碼中之語言特定安全風險：Python（pickle、eval、subprocess）、JavaScript（prototype pollution、eval）、Rust（unsafe 區塊），與 Go（字串格式化中之 SQL 注入）。

pythonjavascriptrustgolanguage-specificvulnerability-patternsai-generated-code

中級