The latest articles on Forem by SystAgProject (@systagproject). https://forem.com/systagproject https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3887886%2Feefa192c-4431-46de-9678-d0ea084f2a5e.png https://forem.com/systagproject en SystAgProject Mon, 20 Apr 2026 09:56:50 +0000 https://forem.com/systagproject/i-audited-21-public-vibe-coded-apps-in-48-hours-here-are-the-5-patterns-that-keep-showing-up-1chk https://forem.com/systagproject/i-audited-21-public-vibe-coded-apps-in-48-hours-here-are-the-5-patterns-that-keep-showing-up-1chk <p>Over the last 48 hours I've run <a href="https://systag.gumroad.com/l/vibescan" rel="noopener noreferrer">VibeScan</a> — my LLM-powered security audit for AI-generated SaaS — against <strong>21 public apps</strong> built on Lovable, Bolt, v0, Cursor, Replit, and Windsurf. I wanted to check whether <a href="https://dev.to/systagproject/i-audited-9-vibe-coded-apps-in-24-hours-here-are-the-5-patterns-that-show-up-every-single-time-ebk">the 5 patterns I found in 9 apps earlier this week</a> were a small-sample fluke or a real signal.</p> <p>At 21 apps the signal is unmistakable.</p> <p><strong>Total findings across the corpus: 20 critical + 84 high + 58 medium = 162 real issues.</strong> Every single app had at least one. The most egregious had 13 (1 critical / 8 high / 4 medium). The "cleanest" still had 3 mediums.</p> <p>Here's the ranked list of what keeps showing up — hit rate as <strong>unique codebases affected out of 21</strong>, not total finding count. So "9/21" means that pattern appeared in 9 distinct apps, which is basically half.</p> <h2> 1. Missing authentication / auth bypass on serverless endpoints </h2> <p><strong>Hit rate: 9/21 codebases (43%).</strong> Most common severity: critical / high.</p> <p>The defining pattern: the app's server-side code (Supabase Edge Function, Next.js API route, Express route, Cloudflare Worker) trusts whatever the client says without verifying a JWT. Real finding titles from the corpus:</p> <ul> <li> <em>"Every API and WebSocket endpoint is completely unauthenticated"</em> (<code>backend-mock/server.js</code>)</li> <li> <em>"Phone OTP verify accepts any Firebase UID without verification"</em> (<code>supabase/functions/auth-phone-otp/index.ts</code>)</li> <li><em>"Sensitive Supabase Edge Functions have JWT verification disabled"</em></li> <li><em>"Calling, contacts, and notification routes accept any user ID with no auth"</em></li> <li><em>"send-daily-email edge function has JWT verification disabled"</em></li> </ul> <p>The scariest sub-class I saw: a function that accepts <code>user_id</code> from the request body and uses it with a service-role DB client (which bypasses Row-Level Security). Net effect: one <code>curl</code> command lets anyone impersonate any user.</p> <p><strong>Fix</strong>: every sensitive function needs ~20 lines of <code>supabase.auth.getUser()</code> at the top — verify the <code>Authorization</code> header, reject if invalid, use the verified <code>user.id</code> (not the request body) as identity. I wrote <a href="https://dev.to/systagproject/your-supabase-edge-function-probably-has-no-auth-8-out-of-9-vibe-coded-apps-i-scanned-this-week-4lb1">the full pattern + curl test vectors here</a>.</p> <h2> 2. No rate limiting on sensitive endpoints </h2> <p><strong>Hit rate: 9/21 codebases (43%).</strong> Most common severity: high.</p> <p>Every endpoint that touches email (<code>/api/contact</code>), authentication (<code>/api/signup</code>, <code>/api/forgot-password</code>), LLM calls (<code>/api/scan</code>, <code>/api/chat</code>), or any mutable action takes unlimited requests. Real finding titles:</p> <ul> <li><em>"No rate limiting on message send or any endpoint"</em></li> <li><em>"No input validation or rate limiting on QR login endpoint"</em></li> <li> <em>"No rate limiting on /api/scan endpoint"</em> (LLM call — direct cost exposure)</li> <li><em>"Public stats endpoint has no rate limit"</em></li> <li><em>"No rate limiting on signup endpoint"</em></li> </ul> <p>A single script with 10 parallel connections can exhaust your Supabase egress, SendGrid credits, OpenAI quota, or Stripe webhook window in under 60 seconds. The attacker doesn't even need a bug — just availability.</p> <p><strong>Fix</strong>: <a href="https://upstash.com/docs/redis/sdks/ratelimit-ts/overview" rel="noopener noreferrer">Upstash Ratelimit</a> is 5 lines per endpoint. <code>Ratelimit.slidingWindow(20, "60 s")</code> keyed on IP (or <code>user.id</code> after auth is added). Their free tier covers most side projects.</p> <h2> 3. Dangerous CORS / wildcard origin </h2> <p><strong>Hit rate: 7/21 codebases (33%).</strong> Most common severity: high.</p> <p>Either <code>Access-Control-Allow-Origin: *</code> with credentials (browsers will silently ignore the wildcard but the intent is to allow everything), OR a localhost+production origin list that includes dev-server origins in prod. Real findings:</p> <ul> <li><em>"CORS wide-open on all API and WebSocket endpoints"</em></li> <li><em>"Wide-open CORS on all API endpoints"</em></li> <li><em>"Local API server accepts requests from any website (wildcard CORS)"</em></li> </ul> <p>The common scaffolding pattern: CORS gets turned on loose during dev (because it's annoying), then never tightened before deploy. The <code>cors({origin: '*'})</code> line survives into production.</p> <p><strong>Fix</strong>: replace the wildcard with an allowlist of your actual production domain(s) + <code>localhost</code> for dev. If you genuinely need public API access, don't send credentials with the requests.</p> <h2> 4. Client-side trust / admin-by-flag </h2> <p><strong>Hit rate: 6/21 codebases (32%).</strong> Most common severity: high / medium.</p> <p>The pattern: the client reads a <code>profiles.is_admin</code> column (or equivalent) and toggles admin UI based on it. The backend then trusts that same flag for gatekeeping admin actions — but because the profile row is user-writable (via an insufficiently restrictive RLS policy), the user can flip their own flag and become admin.</p> <p>Real finding titles:</p> <ul> <li><em>"Admin status determined by client-side profile read"</em></li> <li><em>"Client trusts is_admin flag from profiles table"</em></li> <li><em>"Users can set their own order total and status"</em></li> <li><em>"Admin 'list all sessions' endpoint called from browser with no auth check"</em></li> </ul> <p><strong>Fix</strong>: admin state lives in a separate table users can't write to, OR in a Supabase JWT custom claim set by a trusted admin-grant function. Never read admin status from a column the user's session can update.</p> <h2> 5. Unsafe file upload (missing MIME check / size cap) </h2> <p><strong>Hit rate: 3/21 codebases (14%).</strong> Most common severity: medium / high.</p> <p>User-uploaded files (profile photos, document attachments, product images) land in a public storage bucket with no MIME-type whitelist, no size cap beyond the default 50 MB, and often no path-sanitization. Real findings:</p> <ul> <li><em>"plant-images storage bucket is public with no file-type or size restrictions"</em></li> <li><em>"Product image uploads have no MIME type or size restrictions"</em></li> <li><em>"Request body parsed as JSON with no size limit or schema validation"</em></li> </ul> <p>The attack: upload a 4 GB file disguised as a PNG. Exhaust storage quota, inflate your bill, maybe get the file served with the wrong MIME type (if Supabase Storage trusts the upload extension) and use it as a vector.</p> <p><strong>Fix</strong>: whitelist MIME types explicitly in the Supabase storage policy. Cap file size at the use-case-realistic upper bound (500 KB for profile photos, 5 MB for attachments). Validate the magic bytes server-side, don't trust the extension.</p> <h2> The remainder </h2> <p>Lower-hit-rate patterns that still showed up in the corpus:</p> <ul> <li> <strong>Weak password / credential handling</strong> — 3/21 (14%) — plain SHA-256, minimum length 6 chars, password derived from phone number.</li> <li> <strong>Permissive or missing RLS</strong> — 2/21 (10%) — <code>world-readable</code> tables, rate-limit tables with no RLS.</li> <li> <strong>Missing input validation / no schema</strong> — 2/21 (10%).</li> <li> <strong>Environment / debug / error leak</strong> — 2/21 (10%) — stack traces in prod, <code>console.log</code> with secrets.</li> <li> <strong>Committed secrets</strong> — 1/21 (5%) — service-role key in the client bundle.</li> <li> <strong>SQL injection / query construction risk</strong> — 1/21 (5%) — ILIKE wildcard injection allowing data exfil.</li> <li> <strong>Secret in URL query-param</strong> — 1/21 (5%) — yes, caught this in my own tool before I shipped it.</li> </ul> <p>Every single app had at least three patterns from the above list. The average was <strong>7.7 findings per app</strong>, the worst was <strong>21 findings in a single codebase</strong>.</p> <h2> What to do this week </h2> <p>If your app was scaffolded by Lovable, Bolt, v0, Cursor, Replit, or Windsurf in the last 6 months, the odds that at least one of the top-5 patterns above applies to you are high — the #1 and #2 patterns alone cover 43% of codebases each, and the top 4 collectively hit 85%+ of the corpus at least once.</p> <p>Three ways to check:</p> <ol> <li> <strong>Free preview scan.</strong> Email <code>mike.j.kaplan+scan@gmail.com</code> with your GitHub repo URL. Subject line <code>VibeScan preview</code>, body the URL. I'll run a preview scan (~25% of your code, highest-risk files) and reply with the top finding within ~5 minutes. No signup, no catch, no upsell unless the scan finds something.</li> <li> <strong>Full audit.</strong> $49 one-time at <a href="https://systag.gumroad.com/l/vibescan?utm_source=devto_post_7&amp;utm_medium=web&amp;utm_campaign=research_21_apps" rel="noopener noreferrer">systag.gumroad.com/l/vibescan</a>. Every finding severity-graded, every finding with the exact file + line + copy-paste fix. PDF delivered in ~10 minutes. 7-day refund, no questions.</li> <li> <strong>Do the top-5 yourself.</strong> Links above to detailed writeups on patterns #1 (edge function auth) and the broader <a href="https://dev.to/systagproject/the-12-security-issues-i-keep-finding-in-vibe-coded-apps-lovable-bolt-v0-786">12-issue checklist</a>. Budget 30-60 minutes and you're in the top decile of vibe-coded apps.</li> </ol> <h2> Methodology (for the skeptics) </h2> <ul> <li>21 public apps from GitHub search for <code>"Built with Lovable"</code>, <code>"Made with bolt.new"</code>, <code>"v0.dev"</code>, <code>"Built with Cursor"</code>, <code>"Built with Replit Agent"</code>, <code>"built with Windsurf"</code> in README.</li> <li>Cloned each to a disposable sandbox. Audited via Claude Opus 4.7 against a tuned system prompt (12 failure categories: leaked secrets / missing auth / SQL injection / unvalidated input / unsafe file handling / CORS gaps / rate limits / race conditions / weak hashing / env leaks / logging gaps / client-trust bugs).</li> <li>8 preview-tier audits (1 batch, ~12 files each, ~$0.15/run). 13 full-tier audits (up to 4 batches, ~50 files each, ~$1/run). Total corpus cost: $12.</li> <li>Severity bar: <code>critical</code> = auth bypass / secrets exposure / SQL injection with user-controlled input / arbitrary file read-write. <code>high</code> = missing rate limit on sensitive endpoint / unvalidated persisted input / dangerous CORS / admin-by-client-flag. <code>medium</code> = weak error handling / theoretical but plausible attack paths / cryptographic oddities.</li> <li>Findings clustered into pattern buckets via substring matching on titles. Some findings didn't match any bucket ("Other" category, excluded from the top-5 table).</li> <li>No repo was cherry-picked. First 21 results from the queries that passed the size-and-star filters (size 100 KB - 30 MB, stars &lt; 800) were audited in order. One clone failed with no scannable files (excluded).</li> <li>Pattern bucket definitions + the full pipeline code are public in the VibeScan repo under <code>scripts/bulk_research_audit.py</code> and <code>scripts/research_aggregate.py</code> — run them yourself if you want to verify or expand the corpus.</li> </ul> <p>— Michael</p> security webdev supabase ai SystAgProject Mon, 20 Apr 2026 09:48:27 +0000 https://forem.com/systagproject/i-ran-my-own-security-audit-tool-against-my-own-codebase-it-caught-a-bug-id-shipped-to-main-5ah9 https://forem.com/systagproject/i-ran-my-own-security-audit-tool-against-my-own-codebase-it-caught-a-bug-id-shipped-to-main-5ah9 <p>I built <a href="https://systag.gumroad.com/l/vibescan" rel="noopener noreferrer">VibeScan</a> — an LLM-powered security audit for AI-generated SaaS apps. It's $49, it produces a PDF, it's for founders shipping on Lovable / Bolt / v0 / Cursor.</p> <p>Today I pointed it at its own codebase. The tool's author is me. The repo is the same Python + Claude Agent orchestration layer I use to run the audits. If the tool works, it should find real bugs in any codebase — including mine. If it doesn't find anything in mine, either my code is unusually clean (it isn't) or the tool is a placebo.</p> <p>It found <strong>2 HIGH findings.</strong> 0 critical, 0 medium. One was mitigated. One was a real leak I'd shipped to <code>main</code>. Here's the receipt.</p> <h2> The finding </h2> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="p">[</span><span class="n">HIGH</span><span class="p">]</span> <span class="n">Apify</span> <span class="n">API</span> <span class="n">token</span> <span class="n">passed</span> <span class="k">as</span> <span class="n">URL</span> <span class="n">query</span> <span class="nf">parameter </span><span class="p">(</span><span class="n">leaks</span> <span class="n">into</span> <span class="n">logs</span><span class="p">)</span> <span class="err">→</span> <span class="n">scripts</span><span class="o">/</span><span class="n">crawl_apify_reviews</span><span class="p">.</span><span class="n">py</span><span class="p">:</span><span class="mi">165</span> <span class="n">The</span> <span class="n">Apify</span> <span class="n">token</span> <span class="ow">is</span> <span class="n">appended</span> <span class="n">to</span> <span class="n">every</span> <span class="n">request</span> <span class="n">URL</span> <span class="k">as</span> <span class="err">?</span><span class="n">token</span><span class="o">=</span><span class="p">.</span><span class="bp">...</span> <span class="n">URLs</span> <span class="n">routinely</span> <span class="n">get</span> <span class="n">captured</span> <span class="ow">in</span> <span class="n">HTTP</span> <span class="n">server</span> <span class="n">logs</span><span class="p">,</span> <span class="n">proxy</span> <span class="n">logs</span><span class="p">,</span> <span class="ow">and</span> <span class="n">error</span> <span class="n">stack</span> <span class="n">traces</span> <span class="err">—</span> <span class="n">anyone</span> <span class="n">who</span> <span class="n">sees</span> <span class="n">those</span> <span class="n">logs</span> <span class="n">can</span> <span class="n">use</span> <span class="n">the</span> <span class="n">token</span> <span class="n">to</span> <span class="n">run</span> <span class="n">paid</span> <span class="n">Apify</span> <span class="n">actors</span> <span class="n">on</span> <span class="n">your</span> <span class="n">account</span> <span class="ow">and</span> <span class="n">rack</span> <span class="n">up</span> <span class="n">charges</span><span class="p">.</span> <span class="n">Fix</span><span class="p">:</span> <span class="n">In</span> <span class="nf">_api_call</span><span class="p">(),</span> <span class="k">pass</span> <span class="n">the</span> <span class="n">token</span> <span class="n">via</span> <span class="n">the</span> <span class="n">Authorization</span> <span class="n">header</span> <span class="n">instead</span> <span class="n">of</span> <span class="n">appending</span> <span class="n">it</span> <span class="n">to</span> <span class="n">the</span> <span class="n">URL</span><span class="p">,</span> <span class="n">per</span> <span class="n">Apify</span><span class="sh">'</span><span class="s">s documented auth options. </span></code></pre> </div> <p>I opened the file. The function looked like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">_api_call</span><span class="p">(</span><span class="n">method</span><span class="p">,</span> <span class="n">path</span><span class="p">,</span> <span class="n">body</span><span class="o">=</span><span class="bp">None</span><span class="p">,</span> <span class="n">token</span><span class="o">=</span><span class="bp">None</span><span class="p">):</span> <span class="n">url</span> <span class="o">=</span> <span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">APIFY_API_BASE</span><span class="si">}{</span><span class="n">path</span><span class="si">}</span><span class="sh">"</span> <span class="k">if</span> <span class="n">token</span><span class="p">:</span> <span class="n">sep</span> <span class="o">=</span> <span class="sh">"</span><span class="s">&amp;</span><span class="sh">"</span> <span class="k">if</span> <span class="sh">"</span><span class="s">?</span><span class="sh">"</span> <span class="ow">in</span> <span class="n">url</span> <span class="k">else</span> <span class="sh">"</span><span class="s">?</span><span class="sh">"</span> <span class="n">url</span> <span class="o">=</span> <span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">url</span><span class="si">}{</span><span class="n">sep</span><span class="si">}</span><span class="s">token=</span><span class="si">{</span><span class="n">urllib</span><span class="p">.</span><span class="n">parse</span><span class="p">.</span><span class="nf">quote</span><span class="p">(</span><span class="n">token</span><span class="p">)</span><span class="si">}</span><span class="sh">"</span> <span class="n">headers</span> <span class="o">=</span> <span class="p">{</span><span class="sh">"</span><span class="s">Accept</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">application/json</span><span class="sh">"</span><span class="p">}</span> <span class="c1"># ... send the request ... </span></code></pre> </div> <p>The URL ends up looking like <code>https://api.apify.com/v2/acts/&lt;actor-id&gt;/runs?token=apify_api_&lt;60char_secret&gt;</code>.</p> <p>That URL hits the wire. My HTTP client doesn't log it, but any corporate proxy, any reverse proxy, any Python stack trace that includes the request URL — they all capture the token. If any of those logs leak (or if I share a stack trace in a bug report), the token leaks. The token in question runs paid Apify actors on my account. Somebody with it can burn my budget faster than I can rotate.</p> <p><strong>How did I ship this?</strong> Probably the same way anyone ships it: the Apify quickstart docs show <code>?token=...</code> as the first example. I copied the pattern during a session where the goal was "get the API working", not "secure the token flow." The code worked, the tests passed, I moved on. Classic velocity-over-security.</p> <h2> The fix </h2> <p>Apify documents both <code>?token=...</code> and <code>Authorization: Bearer &lt;token&gt;</code> as supported auth forms. The header is strictly safer — no URL logging, no referrer leak, no stack-trace capture.</p> <p>Before:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">url</span> <span class="o">=</span> <span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">APIFY_API_BASE</span><span class="si">}{</span><span class="n">path</span><span class="si">}</span><span class="sh">"</span> <span class="k">if</span> <span class="n">token</span><span class="p">:</span> <span class="n">sep</span> <span class="o">=</span> <span class="sh">"</span><span class="s">&amp;</span><span class="sh">"</span> <span class="k">if</span> <span class="sh">"</span><span class="s">?</span><span class="sh">"</span> <span class="ow">in</span> <span class="n">url</span> <span class="k">else</span> <span class="sh">"</span><span class="s">?</span><span class="sh">"</span> <span class="n">url</span> <span class="o">=</span> <span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">url</span><span class="si">}{</span><span class="n">sep</span><span class="si">}</span><span class="s">token=</span><span class="si">{</span><span class="n">urllib</span><span class="p">.</span><span class="n">parse</span><span class="p">.</span><span class="nf">quote</span><span class="p">(</span><span class="n">token</span><span class="p">)</span><span class="si">}</span><span class="sh">"</span> <span class="n">headers</span> <span class="o">=</span> <span class="p">{</span><span class="sh">"</span><span class="s">Accept</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">application/json</span><span class="sh">"</span><span class="p">}</span> </code></pre> </div> <p>After:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">url</span> <span class="o">=</span> <span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">APIFY_API_BASE</span><span class="si">}{</span><span class="n">path</span><span class="si">}</span><span class="sh">"</span> <span class="n">headers</span> <span class="o">=</span> <span class="p">{</span><span class="sh">"</span><span class="s">Accept</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">application/json</span><span class="sh">"</span><span class="p">}</span> <span class="k">if</span> <span class="n">token</span><span class="p">:</span> <span class="n">headers</span><span class="p">[</span><span class="sh">"</span><span class="s">Authorization</span><span class="sh">"</span><span class="p">]</span> <span class="o">=</span> <span class="sa">f</span><span class="sh">"</span><span class="s">Bearer </span><span class="si">{</span><span class="n">token</span><span class="si">}</span><span class="sh">"</span> </code></pre> </div> <p>Three fewer lines. One fewer import (<code>urllib.parse.quote</code> no longer needed). One fewer leak surface.</p> <p>I committed the fix, re-ran the smoke tests, and pushed to <code>main</code> — 14 minutes from finding to fix.</p> <h2> The other finding (already mitigated) </h2> <p>VibeScan also flagged this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="p">[</span><span class="n">HIGH</span><span class="p">]</span> <span class="n">Gmail</span> <span class="n">OAuth</span> <span class="n">refresh</span> <span class="n">token</span> <span class="n">stored</span> <span class="ow">in</span> <span class="n">repo</span> <span class="n">credentials</span><span class="o">/</span> <span class="n">directory</span> <span class="err">→</span> <span class="n">hub</span><span class="o">/</span><span class="n">gmail_api</span><span class="p">.</span><span class="n">py</span><span class="p">:</span><span class="mi">37</span> </code></pre> </div> <p>The Gmail refresh token for my automation lives in <code>credentials/gmail_oauth_token.json</code>. If someone got that file, they could read and send email from my account until I revoke the token manually — refresh tokens don't expire.</p> <p><strong>This one I'd already mitigated</strong>, but only by convention:</p> <ol> <li> <code>credentials/</code> is in <code>.gitignore</code>, so the token has never been committed.</li> <li>The hub repo is private.</li> </ol> <p>Those two together mean an attacker would need to compromise my Windows box to get the token. That's a real threat model (see: every malware-infected dev box in existence), but it's not the same class as "anyone with proxy logs can read the token." VibeScan was right to flag it; the severity in my specific setup is lower than in the default threat model the finding assumes.</p> <p>The cleaner long-term fix is to move the token to the OS keychain (Windows Credential Manager) and load it from there. I've filed that as a backlog item rather than chasing it this week — the mitigation bar is already higher than most security findings I've seen in customers' codebases.</p> <h2> Why this matters more than a clean audit </h2> <p>If VibeScan had found nothing, I would have been suspicious — not proud. Every non-trivial codebase has some security debt. Mine does. The question isn't whether the tool finds issues; it's whether it finds <strong>real</strong> issues (not noise), explains them <strong>clearly</strong> (not CVE-jargon), and gives <strong>specific</strong> fixes (not "review this").</p> <p>The findings above: one real bug, one over-reported but accurate concern. Both had concrete file paths and line numbers. Both had copy-paste fixes. Both took under 15 minutes to validate + address or triage.</p> <p>That's the experience I promise buyers. Running it against my own code is the most honest unit test of that promise I can run.</p> <h2> The wider pattern </h2> <p>If you ship AI-scaffolded code and you're worried there's a leaky URL token, a committed secret, an unauthenticated function, or a misconfigured RLS policy in there — there probably is. Every codebase has some. The question is whether you know where, and whether you've prioritized the ones that actually matter.</p> <p>If you want the same treatment for your app, VibeScan is $49 one-time at <a href="https://systag.gumroad.com/l/vibescan" rel="noopener noreferrer">systag.gumroad.com/l/vibescan</a>. PDF in ~10 minutes, 7-day refund if the report isn't useful. Or there's a <a href="https://systagproject.github.io/vibescan-landing/SAMPLE_REPORT.pdf" rel="noopener noreferrer">public sample</a> if you want to see the format before committing.</p> <p>Either way — check your own token-passing code today. <code>?token=</code> in a URL is the kind of bug that sits quietly for years until the logs leak.</p> <p>— Michael</p> security selfreview webdev ai SystAgProject Mon, 20 Apr 2026 06:50:37 +0000 https://forem.com/systagproject/your-supabase-edge-function-probably-has-no-auth-8-out-of-9-vibe-coded-apps-i-scanned-this-week-4lb1 https://forem.com/systagproject/your-supabase-edge-function-probably-has-no-auth-8-out-of-9-vibe-coded-apps-i-scanned-this-week-4lb1 <p>I've been running <a href="https://systag.gumroad.com/l/vibescan" rel="noopener noreferrer">VibeScan</a> — my security audit for AI-generated SaaS — against public Lovable / Bolt / v0 apps all week. I wrote up <a href="https://dev.to/systagproject/i-audited-9-vibe-coded-apps-in-24-hours-here-are-the-5-patterns-that-show-up-every-single-time-ebk">the 5 patterns I keep finding</a> yesterday.</p> <p>This post is about the <strong>single most common one</strong>: Supabase Edge Functions (or Vercel Functions, or Cloudflare Workers — the pattern is identical) deployed without any auth verification.</p> <p>Hit rate in my corpus: <strong>8 out of 9.</strong></p> <p>This is not "the app is missing MFA". It's not "the password policy is weak". It is: <strong>anyone on the internet who finds or guesses your function's URL can invoke it as if they were a logged-in user.</strong> With your service-role permissions. For as long as they want.</p> <p>Here's why it happens, what the blast radius looks like, and the ~20 lines of code that fix it.</p> <h2> Quick refresher: what Edge Functions actually are </h2> <p>If you've only touched client-side React in Lovable or Bolt, you may not have thought much about what happens when you call <code>supabase.functions.invoke('process-payment', ...)</code>.</p> <p>What happens is: Supabase proxies the call to a <strong>public HTTPS endpoint</strong> — something like <code>https://&lt;project-ref&gt;.supabase.co/functions/v1/process-payment</code>. That URL is reachable from anywhere. Your React app hits it with a <code>fetch()</code> behind the scenes. The function executes in a Deno runtime, with access to your service-role key and your whole Postgres database.</p> <p>Same shape for Vercel (<code>/api/whatever.ts</code>), Cloudflare Workers, Netlify Functions. Public URL → server-side code → your secrets.</p> <p><strong>The only thing standing between an attacker and that URL is whatever auth check your function code performs before doing work.</strong></p> <p>That's what's missing in 8 out of 9 AI-scaffolded apps.</p> <h2> The failure mode </h2> <p>Here's the kind of code I keep finding. This is anonymized but structurally identical to what I saw in a healthcare patient-intake app, a payments-adjacent app, and an AI-generation app all this week:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// supabase/functions/process-payment/index.ts</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">serve</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">https://deno.land/std@0.190.0/http/server.ts</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">createClient</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">npm:@supabase/supabase-js@2</span><span class="dl">"</span><span class="p">;</span> <span class="nf">serve</span><span class="p">(</span><span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">user_id</span><span class="p">,</span> <span class="nx">amount</span><span class="p">,</span> <span class="nx">card_token</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">req</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">supabase</span> <span class="o">=</span> <span class="nf">createClient</span><span class="p">(</span> <span class="nx">Deno</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">SUPABASE_URL</span><span class="dl">"</span><span class="p">)</span><span class="o">!</span><span class="p">,</span> <span class="nx">Deno</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">SUPABASE_SERVICE_ROLE_KEY</span><span class="dl">"</span><span class="p">)</span><span class="o">!</span><span class="p">,</span> <span class="c1">// full DB access</span> <span class="p">);</span> <span class="c1">// ... charges card via Stripe, inserts into orders, etc.</span> <span class="k">await</span> <span class="nx">supabase</span><span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="dl">"</span><span class="s2">orders</span><span class="dl">"</span><span class="p">).</span><span class="nf">insert</span><span class="p">({</span> <span class="nx">user_id</span><span class="p">,</span> <span class="nx">amount</span> <span class="p">});</span> <span class="k">return</span> <span class="k">new</span> <span class="nc">Response</span><span class="p">(</span><span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">({</span> <span class="na">ok</span><span class="p">:</span> <span class="kc">true</span> <span class="p">}));</span> <span class="p">});</span> </code></pre> </div> <p>Read the first line carefully: <code>const { user_id, amount } = await req.json()</code>.</p> <p><strong>The user_id is coming from the request body.</strong> Not from an authenticated session. Not verified against anything. I — a random person on the internet with <code>curl</code> — can POST to this endpoint with any <code>user_id</code> I want and any <code>amount</code> I want, and the function will insert an order for that user at that amount, using the service-role key which bypasses RLS entirely.</p> <p>I can insert fake orders in other users' names. I can set amount to $0 and run the function a million times and exhaust your Supabase egress quota. I can set amount to $1,000,000 and corrupt your accounting. If the function calls Stripe — I can spam Stripe until your account is flagged.</p> <p><strong>The function runs. No auth. Full access.</strong></p> <h2> Why AI scaffolding misses it </h2> <p>Three reasons, all fixable:</p> <ol> <li><p><strong>Supabase's function template.</strong> <code>supabase functions new</code> scaffolds a bare handler. It doesn't include an auth block. The "Hello World" in the docs doesn't either. If an AI model was trained on the template or the Hello World, it will copy that pattern — and the pattern has no auth.</p></li> <li><p><strong>The Row-Level Security illusion.</strong> If the developer has RLS policies on tables, they (reasonably) think "the database handles auth". It does — but only when you query it with the <em>anonymous</em> key and the user's JWT. The moment you use the service-role key (which Edge Functions do by default, because you often need to do admin work), <strong>RLS is bypassed.</strong> The DB no longer checks who the caller is. The function has to.</p></li> <li><p><strong>Client-side auth looks enough.</strong> The React app requires login before it even shows the "pay" button. So in the developer's head, the flow is "logged-in user → click button → call function → done". They forget that the function's URL is a public artifact and anyone with it can skip the React app entirely.</p></li> </ol> <h2> The fix — about 20 lines </h2> <p>You need two things in every single Edge Function that isn't a public webhook:</p> <ol> <li> <strong>Verify the caller's JWT</strong> — extract it from the <code>Authorization</code> header, ask Supabase to validate it, get back a <code>user</code> object (or reject).</li> <li> <strong>Use that <code>user.id</code> as the authoritative source</strong> for any identity the function does work on — not the request body.</li> </ol> <p>Here's the minimal pattern:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// supabase/functions/process-payment/index.ts</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">serve</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">https://deno.land/std@0.190.0/http/server.ts</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">createClient</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">npm:@supabase/supabase-js@2</span><span class="dl">"</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">corsHeaders</span> <span class="o">=</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">Access-Control-Allow-Origin</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">*</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">Access-Control-Allow-Headers</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">authorization, x-client-info, apikey, content-type</span><span class="dl">"</span><span class="p">,</span> <span class="p">};</span> <span class="nf">serve</span><span class="p">(</span><span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">method</span> <span class="o">===</span> <span class="dl">"</span><span class="s2">OPTIONS</span><span class="dl">"</span><span class="p">)</span> <span class="k">return</span> <span class="k">new</span> <span class="nc">Response</span><span class="p">(</span><span class="dl">"</span><span class="s2">ok</span><span class="dl">"</span><span class="p">,</span> <span class="p">{</span> <span class="na">headers</span><span class="p">:</span> <span class="nx">corsHeaders</span> <span class="p">});</span> <span class="c1">// 1. Verify the caller's JWT. The Authorization header is forwarded by</span> <span class="c1">// supabase.functions.invoke() automatically; we just need to validate it.</span> <span class="kd">const</span> <span class="nx">authHeader</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">headers</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">Authorization</span><span class="dl">"</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">authHeader</span><span class="p">)</span> <span class="k">return</span> <span class="k">new</span> <span class="nc">Response</span><span class="p">(</span><span class="dl">"</span><span class="s2">missing auth</span><span class="dl">"</span><span class="p">,</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="mi">401</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="nx">corsHeaders</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">supabaseUserClient</span> <span class="o">=</span> <span class="nf">createClient</span><span class="p">(</span> <span class="nx">Deno</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">SUPABASE_URL</span><span class="dl">"</span><span class="p">)</span><span class="o">!</span><span class="p">,</span> <span class="nx">Deno</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">SUPABASE_ANON_KEY</span><span class="dl">"</span><span class="p">)</span><span class="o">!</span><span class="p">,</span> <span class="c1">// anon key, with user's JWT attached</span> <span class="p">{</span> <span class="na">global</span><span class="p">:</span> <span class="p">{</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="na">Authorization</span><span class="p">:</span> <span class="nx">authHeader</span> <span class="p">}</span> <span class="p">}</span> <span class="p">},</span> <span class="p">);</span> <span class="kd">const</span> <span class="p">{</span> <span class="na">data</span><span class="p">:</span> <span class="p">{</span> <span class="nx">user</span> <span class="p">},</span> <span class="nx">error</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">supabaseUserClient</span><span class="p">.</span><span class="nx">auth</span><span class="p">.</span><span class="nf">getUser</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="nx">error</span> <span class="o">||</span> <span class="o">!</span><span class="nx">user</span><span class="p">)</span> <span class="k">return</span> <span class="k">new</span> <span class="nc">Response</span><span class="p">(</span><span class="dl">"</span><span class="s2">invalid token</span><span class="dl">"</span><span class="p">,</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="mi">401</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="nx">corsHeaders</span> <span class="p">});</span> <span class="c1">// 2. Now you can trust user.id. Do NOT trust request-body user_id.</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">amount</span><span class="p">,</span> <span class="nx">card_token</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">req</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="c1">// deliberately ignoring any user_id in body</span> <span class="kd">const</span> <span class="nx">userId</span> <span class="o">=</span> <span class="nx">user</span><span class="p">.</span><span class="nx">id</span><span class="p">;</span> <span class="c1">// 3. For the actual write, decide: admin work (service role) or user-scoped (anon + JWT)?</span> <span class="c1">// Inserting an order FOR the verified user is fine either way, but service-role</span> <span class="c1">// is the safe choice if you also need to write to admin-only tables.</span> <span class="kd">const</span> <span class="nx">supabaseAdmin</span> <span class="o">=</span> <span class="nf">createClient</span><span class="p">(</span> <span class="nx">Deno</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">SUPABASE_URL</span><span class="dl">"</span><span class="p">)</span><span class="o">!</span><span class="p">,</span> <span class="nx">Deno</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">SUPABASE_SERVICE_ROLE_KEY</span><span class="dl">"</span><span class="p">)</span><span class="o">!</span><span class="p">,</span> <span class="p">);</span> <span class="k">await</span> <span class="nx">supabaseAdmin</span><span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="dl">"</span><span class="s2">orders</span><span class="dl">"</span><span class="p">).</span><span class="nf">insert</span><span class="p">({</span> <span class="na">user_id</span><span class="p">:</span> <span class="nx">userId</span><span class="p">,</span> <span class="nx">amount</span> <span class="p">});</span> <span class="k">return</span> <span class="k">new</span> <span class="nc">Response</span><span class="p">(</span><span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">({</span> <span class="na">ok</span><span class="p">:</span> <span class="kc">true</span> <span class="p">}),</span> <span class="p">{</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="p">...</span><span class="nx">corsHeaders</span><span class="p">,</span> <span class="dl">"</span><span class="s2">content-type</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">application/json</span><span class="dl">"</span> <span class="p">}</span> <span class="p">});</span> <span class="p">});</span> </code></pre> </div> <p>That's it. About 20 lines of added logic. <code>supabase.functions.invoke</code> on the client automatically forwards the user's <code>Authorization</code> header, so you don't have to change your React code at all.</p> <p><strong>Key things to notice:</strong></p> <ul> <li>We use two clients: one with the <strong>anon key + user's JWT</strong> for identity verification (<code>getUser()</code> call), another with the <strong>service-role key</strong> for the actual DB write.</li> <li>We ignore any <code>user_id</code> in the request body. The authoritative identity is <code>user.id</code> from the verified token.</li> <li>The function returns 401 for missing or invalid auth. No information leakage about whether a user exists.</li> </ul> <h2> Testing the fix </h2> <p>Before you ship, verify the fix actually works with three <code>curl</code> calls:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># 1. No auth header → should return 401</span> curl <span class="nt">-X</span> POST <span class="s1">'https://&lt;project-ref&gt;.supabase.co/functions/v1/process-payment'</span> <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"Content-Type: application/json"</span> <span class="se">\</span> <span class="nt">-d</span> <span class="s1">'{"amount": 50}'</span> <span class="c"># → 401 "missing auth"</span> <span class="c"># 2. Bogus token → should return 401</span> curl <span class="nt">-X</span> POST <span class="s1">'https://&lt;project-ref&gt;.supabase.co/functions/v1/process-payment'</span> <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"Authorization: Bearer not-a-real-jwt"</span> <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"Content-Type: application/json"</span> <span class="se">\</span> <span class="nt">-d</span> <span class="s1">'{"amount": 50}'</span> <span class="c"># → 401 "invalid token"</span> <span class="c"># 3. Valid token (get one by logging in on your React app and copying the access_token from localStorage)</span> curl <span class="nt">-X</span> POST <span class="s1">'https://&lt;project-ref&gt;.supabase.co/functions/v1/process-payment'</span> <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"Authorization: Bearer &lt;real-jwt&gt;"</span> <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"Content-Type: application/json"</span> <span class="se">\</span> <span class="nt">-d</span> <span class="s1">'{"amount": 50}'</span> <span class="c"># → 200 {"ok": true}</span> </code></pre> </div> <p>Do this before deploying. If test 1 or 2 return 200, the auth block is misplaced and the function is still open.</p> <h2> Bonus: the other things you want on public functions </h2> <p>Once auth is in place, two more cheap upgrades are worth doing the same afternoon:</p> <p><strong>Rate limiting.</strong> Even with auth, a malicious (or simply buggy) authenticated user can spam your function. A 5-line Upstash Redis check:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">Ratelimit</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">npm:@upstash/ratelimit</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Redis</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">npm:@upstash/redis</span><span class="dl">"</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">ratelimit</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Ratelimit</span><span class="p">({</span> <span class="na">redis</span><span class="p">:</span> <span class="nx">Redis</span><span class="p">.</span><span class="nf">fromEnv</span><span class="p">(),</span> <span class="na">limiter</span><span class="p">:</span> <span class="nx">Ratelimit</span><span class="p">.</span><span class="nf">slidingWindow</span><span class="p">(</span><span class="mi">20</span><span class="p">,</span> <span class="dl">"</span><span class="s2">60 s</span><span class="dl">"</span><span class="p">),</span> <span class="c1">// 20 requests per minute per user</span> <span class="p">});</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">success</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">ratelimit</span><span class="p">.</span><span class="nf">limit</span><span class="p">(</span><span class="nx">userId</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">success</span><span class="p">)</span> <span class="k">return</span> <span class="k">new</span> <span class="nc">Response</span><span class="p">(</span><span class="dl">"</span><span class="s2">rate limit</span><span class="dl">"</span><span class="p">,</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="mi">429</span> <span class="p">});</span> </code></pre> </div> <p>Upstash's free tier is plenty for most side projects.</p> <p><strong>Cron-only functions.</strong> If a function is meant to run only from a scheduled job (e.g. <code>daily-cleanup</code>), don't require JWT auth — require a specific secret header instead, so the cron job can call it but random authenticated users cannot:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">cronSecret</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">headers</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">X-Cron-Secret</span><span class="dl">"</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">cronSecret</span> <span class="o">!==</span> <span class="nx">Deno</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">CRON_SECRET</span><span class="dl">"</span><span class="p">))</span> <span class="p">{</span> <span class="k">return</span> <span class="k">new</span> <span class="nc">Response</span><span class="p">(</span><span class="dl">"</span><span class="s2">forbidden</span><span class="dl">"</span><span class="p">,</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="mi">403</span> <span class="p">});</span> <span class="p">}</span> </code></pre> </div> <p>Set <code>X-Cron-Secret</code> on your Supabase cron job, and you have a scoped-access function that users can't invoke at all.</p> <h2> The meta point </h2> <p>Every one of these fixes is <strong>cheap</strong>. Adding JWT verification is 20 lines. Rate limiting is 5 more. A cron-secret check is 3. Total: under 30 lines of code per function.</p> <p>The problem isn't the difficulty. It's the invisibility. The function works fine without these blocks — your React app happily calls it, orders get inserted, payments go through. Nothing looks broken until someone curls your endpoint and discovers they have superuser access.</p> <p>AI scaffolding won't add these for you by default. If you're shipping on Lovable, Bolt, v0, or anything else that scaffolds Supabase + Edge Functions for you — <strong>every function you deploy needs this pattern manually added.</strong></p> <h2> If you want your whole stack checked </h2> <p>This is one of 150+ patterns I scan for. If you have a Supabase + Vercel/Netlify AI-coded app and you'd rather I grep every single function + policy + endpoint for this class of issue, VibeScan is $49 one-time at <a href="https://systag.gumroad.com/l/vibescan" rel="noopener noreferrer">systag.gumroad.com/l/vibescan</a>. PDF delivered in ~10 minutes, severity-graded, every finding with the exact file, line, and copy-paste fix. 7-day refund if the report isn't useful.</p> <p>Otherwise — the snippet above is the highest-impact thing you can add to a vibe-coded SaaS tonight. Harden every function, and you've removed the single most common attack surface in the AI-scaffolded stack.</p> <p>— Michael</p> security supabase webdev ai SystAgProject Mon, 20 Apr 2026 00:34:55 +0000 https://forem.com/systagproject/i-audited-9-vibe-coded-apps-in-24-hours-here-are-the-5-patterns-that-show-up-every-single-time-ebk https://forem.com/systagproject/i-audited-9-vibe-coded-apps-in-24-hours-here-are-the-5-patterns-that-show-up-every-single-time-ebk <p>Yesterday I ran <a href="https://systag.gumroad.com/l/vibescan" rel="noopener noreferrer">VibeScan</a> — my security-audit tool for AI-generated SaaS — against <strong>9 public apps built on Lovable / Bolt / v0 / Cursor.</strong> Different verticals: healthcare (patient records), finance (AI script-for-sale platform), productivity (logic/notes tools), crypto (CELO transfers), gym management, blockchain auditing.</p> <p>Total: <strong>145 findings, 9 critical, 75 high, 61 medium.</strong></p> <p>Five patterns showed up in basically every single one. Not "I saw them occasionally" — I saw them in 8-9 out of 9. If you're shipping an AI-coded SaaS right now, these are the ones to fix tonight, before anyone signs up.</p> <h2> 1. RLS policies with <code>USING (true)</code> — "looks secure, isn't" </h2> <p>Hit rate: <strong>8 / 9 codebases.</strong></p> <p>Every single app I scanned had Supabase RLS enabled on its core tables. That looks fine — RLS is on. Until you read the policies:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="n">POLICY</span> <span class="nv">"authenticated users can read"</span> <span class="k">ON</span> <span class="k">public</span><span class="p">.</span><span class="n">cases</span> <span class="k">FOR</span> <span class="k">SELECT</span> <span class="k">TO</span> <span class="n">authenticated</span> <span class="k">USING</span> <span class="p">(</span><span class="k">true</span><span class="p">);</span> </code></pre> </div> <p>If <code>cases</code> stores per-user data and your app has open signup, this is a fancy way of saying: "anyone who creates a throwaway Gmail account reads every other user's records." I saw this on medical case files, on AI generation history, on gym-member workout logs. On one healthcare app, any signed-in user could read AND modify every patient record + physician note + uploaded file in the database.</p> <p><strong>Fix:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">USING</span> <span class="p">(</span><span class="n">user_id</span> <span class="o">=</span> <span class="n">auth</span><span class="p">.</span><span class="n">uid</span><span class="p">())</span> </code></pre> </div> <p>For UPDATE policies, add <code>WITH CHECK (user_id = auth.uid())</code> too, or users can flip the <code>user_id</code> column during their update and steal other people's rows.</p> <p>I wrote <a href="https://dev.to/systagproject/your-first-supabase-rls-policy-without-exposing-your-whole-database-4jam">a full tutorial on getting RLS right</a> earlier today — it's the single highest-impact thing you can fix this week.</p> <h2> 2. Unauthenticated edge functions — "verify_jwt = false" </h2> <p>Hit rate: <strong>9 / 9 codebases.</strong></p> <p>Every single app had at least one edge function with <code>verify_jwt = false</code> in <code>supabase/config.toml</code>. Sometimes a half-dozen. Most of them were AI endpoints (calls to OpenAI, Gemini, Claude) or payment webhooks.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight toml"><code><span class="nn">[functions.payment-webhook]</span> <span class="py">verify_jwt</span> <span class="p">=</span> <span class="kc">false</span> </code></pre> </div> <p>Payment webhooks <em>need</em> this — Stripe has to be able to call you without a user JWT. But the fix is then to verify the <strong>signature</strong> inside the function:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">event</span> <span class="o">=</span> <span class="nx">stripe</span><span class="p">.</span><span class="nx">webhooks</span><span class="p">.</span><span class="nf">constructEvent</span><span class="p">(</span> <span class="nx">body</span><span class="p">,</span> <span class="nx">req</span><span class="p">.</span><span class="nx">headers</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">stripe-signature</span><span class="dl">"</span><span class="p">),</span> <span class="nx">Deno</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">STRIPE_WEBHOOK_SECRET</span><span class="dl">"</span><span class="p">),</span> <span class="p">);</span> </code></pre> </div> <p>On 7 of the 9 apps, that verification was missing or replaced by a shared secret sent in a custom header (which is worse — the secret travels over the wire on every request and leaks into logs).</p> <p>On AI endpoints with <code>verify_jwt = false</code>, the function is world-callable. Anyone can hit it in a <code>while(true)</code> loop and drain your OpenAI credits in an hour. On one app the LLM endpoint would happily accept 2MB request bodies. Attacker math: $X credits per request × unlimited requests → bye bye balance.</p> <p><strong>Fix:</strong> turn <code>verify_jwt = true</code> back on for anything that isn't a payment webhook, then verify auth inside the function. For the webhook exceptions, verify the provider signature.</p> <h2> 3. No rate limit on AI / generation / contact / signup endpoints </h2> <p>Hit rate: <strong>9 / 9 codebases.</strong></p> <p>None of the 9 apps had rate limiting in front of their expensive endpoints. Not on AI generation. Not on contact forms. Not on signup. Not on password reset.</p> <p>This matters in two flavors:</p> <ul> <li> <strong>Credit drain</strong>: the AI-generation endpoint on one app would gladly take a 50,000-character prompt and call GPT-4 on it. No cap on requests per user, no cap on input size. A single compromised account runs up a $500 bill overnight.</li> <li> <strong>Signup / spam flood</strong>: one app had open signup with no captcha and no rate limit. Combined with the <code>USING (true)</code> RLS issue, that means an attacker can spin up 10,000 fake accounts and each one gets read access to all the real users' data.</li> </ul> <p><strong>Fix</strong> (Supabase edge functions):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">Ratelimit</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@upstash/ratelimit</span><span class="dl">"</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">ratelimit</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Ratelimit</span><span class="p">({</span> <span class="na">redis</span><span class="p">:</span> <span class="p">...,</span> <span class="na">limiter</span><span class="p">:</span> <span class="nx">Ratelimit</span><span class="p">.</span><span class="nf">slidingWindow</span><span class="p">(</span><span class="mi">10</span><span class="p">,</span> <span class="dl">"</span><span class="s2">1 m</span><span class="dl">"</span><span class="p">),</span> <span class="p">});</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">success</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">ratelimit</span><span class="p">.</span><span class="nf">limit</span><span class="p">(</span><span class="nx">userId</span> <span class="o">??</span> <span class="nx">ip</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">success</span><span class="p">)</span> <span class="k">return</span> <span class="k">new</span> <span class="nc">Response</span><span class="p">(</span><span class="dl">"</span><span class="s2">rate limited</span><span class="dl">"</span><span class="p">,</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="mi">429</span> <span class="p">});</span> </code></pre> </div> <p>For signup, Supabase has a native rate-limit toggle in Auth → Policies. <strong>Turn it on.</strong> Also enable Turnstile / hCaptcha — <code>supabase-js</code> supports it natively now on <code>signUp</code>.</p> <h2> 4. CORS wide open — <code>Access-Control-Allow-Origin: *</code> </h2> <p>Hit rate: <strong>9 / 9 codebases.</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">corsHeaders</span> <span class="o">=</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">Access-Control-Allow-Origin</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">*</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">Access-Control-Allow-Headers</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">authorization, x-client-info, apikey, content-type</span><span class="dl">"</span><span class="p">,</span> <span class="p">};</span> </code></pre> </div> <p>Every AI coding assistant ships this snippet as the default. On its own, on a public static endpoint, fine. But when you have:</p> <ul> <li> <code>CORS: *</code> +</li> <li>An authenticated edge function that accepts the <code>Authorization</code> header +</li> <li>A logged-in user visiting a malicious page —</li> </ul> <p>…then the malicious page can trigger authenticated calls on behalf of the user. They browse to <code>funny-cat-memes.xyz</code>; in the background their browser fires a DM delete, a subscription upgrade, an AI-credit burn against your app.</p> <p><strong>Fix</strong>: replace <code>*</code> with your app's actual origin (or an allow-list):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">ALLOWED</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Set</span><span class="p">([</span> <span class="dl">"</span><span class="s2">https://myapp.com</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">https://myapp.vercel.app</span><span class="dl">"</span><span class="p">,</span> <span class="p">]);</span> <span class="kd">const</span> <span class="nx">origin</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">headers</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">Origin</span><span class="dl">"</span><span class="p">)</span> <span class="o">??</span> <span class="dl">""</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">corsHeaders</span> <span class="o">=</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">Access-Control-Allow-Origin</span><span class="dl">"</span><span class="p">:</span> <span class="nx">ALLOWED</span><span class="p">.</span><span class="nf">has</span><span class="p">(</span><span class="nx">origin</span><span class="p">)</span> <span class="p">?</span> <span class="nx">origin</span> <span class="p">:</span> <span class="dl">"</span><span class="s2">null</span><span class="dl">"</span><span class="p">,</span> <span class="p">...</span> <span class="p">};</span> </code></pre> </div> <h2> 5. Race conditions on balance / credits / usage counters </h2> <p>Hit rate: <strong>6 / 9 codebases</strong> (but 100% of codebases that had any billing / free-tier concept).</p> <p>Classic pattern:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="p">{</span> <span class="na">data</span><span class="p">:</span> <span class="nx">usage</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">supabase</span> <span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="dl">"</span><span class="s2">usage_tracking</span><span class="dl">"</span><span class="p">)</span> <span class="p">.</span><span class="nf">select</span><span class="p">(</span><span class="dl">"</span><span class="s2">generation_count</span><span class="dl">"</span><span class="p">)</span> <span class="p">.</span><span class="nf">eq</span><span class="p">(</span><span class="dl">"</span><span class="s2">user_id</span><span class="dl">"</span><span class="p">,</span> <span class="nx">userId</span><span class="p">)</span> <span class="p">.</span><span class="nf">single</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="nx">usage</span><span class="p">.</span><span class="nx">generation_count</span> <span class="o">&gt;=</span> <span class="mi">5</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="k">new</span> <span class="nc">Response</span><span class="p">(</span><span class="dl">"</span><span class="s2">quota exceeded</span><span class="dl">"</span><span class="p">,</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="mi">429</span> <span class="p">});</span> <span class="p">}</span> <span class="c1">// ... do the expensive AI call ...</span> <span class="k">await</span> <span class="nx">supabase</span> <span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="dl">"</span><span class="s2">usage_tracking</span><span class="dl">"</span><span class="p">)</span> <span class="p">.</span><span class="nf">update</span><span class="p">({</span> <span class="na">generation_count</span><span class="p">:</span> <span class="nx">usage</span><span class="p">.</span><span class="nx">generation_count</span> <span class="o">+</span> <span class="mi">1</span> <span class="p">})</span> <span class="p">.</span><span class="nf">eq</span><span class="p">(</span><span class="dl">"</span><span class="s2">user_id</span><span class="dl">"</span><span class="p">,</span> <span class="nx">userId</span><span class="p">);</span> </code></pre> </div> <p>A user fires 10 requests simultaneously. All 10 read <code>generation_count = 0</code>. All 10 pass the <code>&lt; 5</code> check. All 10 increment. The user got 10 free AI calls on your dime.</p> <p>Same pattern shows up on:</p> <ul> <li>Inventory decrements (oversell — sold 10 units, only had 5)</li> <li>Balance transfers (fire 5 parallel withdrawals of $100 from a $100 account)</li> <li>Discount code usage (single-use code used 20 times)</li> </ul> <p><strong>Fix</strong>: do the check-and-increment <strong>atomically</strong> in one SQL statement:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">UPDATE</span> <span class="n">usage_tracking</span> <span class="k">SET</span> <span class="n">generation_count</span> <span class="o">=</span> <span class="n">generation_count</span> <span class="o">+</span> <span class="mi">1</span> <span class="k">WHERE</span> <span class="n">user_id</span> <span class="o">=</span> <span class="err">$</span><span class="mi">1</span> <span class="k">AND</span> <span class="n">generation_count</span> <span class="o">&lt;</span> <span class="mi">5</span> <span class="n">RETURNING</span> <span class="n">generation_count</span><span class="p">;</span> </code></pre> </div> <p>If the row isn't updated (no rows returned), the user hit their cap. Either use a Postgres function like this called via <code>rpc()</code>, or an <code>UPDATE ... WHERE</code> guard in the edge function. Don't do the check and the update as separate operations.</p> <h2> Why this matters </h2> <p>Each of these issues is not a theoretical risk. On <strong>every</strong> codebase I audited, at least one of these was exploitable by anyone on the internet today — no special tools, no privileged access. A curious user with a browser console can:</p> <ul> <li>Read all other users' records (pattern 1)</li> <li>Upgrade their own account to a paid tier without paying (pattern 2)</li> <li>Drain your AI credits in an afternoon (pattern 3)</li> <li>Get other users to unknowingly perform actions (pattern 4)</li> <li>Bypass every usage limit you've tried to enforce (pattern 5)</li> </ul> <p>If you're shipping AI-coded apps, these five are the first pass. They take 2-4 hours to fix if you know what you're looking for.</p> <p>If you want the list for <em>your</em> codebase specifically — which findings, which files, which lines, with copy-paste fixes for each — that's <a href="https://systag.gumroad.com/l/vibescan" rel="noopener noreferrer">what VibeScan does</a>. $49, runs on a public GitHub repo, PDF report back in the hour. Most first-time scans on a Lovable/Bolt/v0/Cursor app come back with 1 critical + 5-10 high severity findings, roughly half of which are the patterns above.</p> <p>Either way: if one of these five rang a bell, go check that code before you close this tab.</p> security webdev supabase ai SystAgProject Sun, 19 Apr 2026 23:35:43 +0000 https://forem.com/systagproject/your-first-supabase-rls-policy-without-exposing-your-whole-database-4jam https://forem.com/systagproject/your-first-supabase-rls-policy-without-exposing-your-whole-database-4jam <p>Every week I audit a handful of AI-generated apps (<a href="https://systag.gumroad.com/l/vibescan" rel="noopener noreferrer">VibeScan</a> is the service behind this). The single most common "how is this in production" finding is a broken Row Level Security policy. Usually it's one of:</p> <ul> <li>RLS is disabled and the table is just public</li> <li>RLS is enabled but every policy is <code>USING (true)</code> — so it's <em>still</em> public, it just looks secure</li> <li>The policy scopes reads correctly, but the UPDATE policy lets users rewrite their own <code>role = 'admin'</code> column</li> </ul> <p>This post is the RLS primer I wish I could hand to every Lovable / Bolt / v0 user on day one. By the end you'll have a correct policy for a "notes" table where each user sees only their own rows, you'll know how to verify it, and you'll recognize the three patterns that break it.</p> <h2> The model </h2> <p>You have a <code>notes</code> table. Each row belongs to one user. Your app should let a signed-in user:</p> <ol> <li>Read only their own notes</li> <li>Create new notes <em>for themselves</em> </li> <li>Edit / delete only their own notes</li> </ol> <p>Nobody should be able to read, create for, edit, or delete anyone else's notes. Not even anonymous users. Not even signed-in users who know how to open DevTools.</p> <p>Here's the schema:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="k">TABLE</span> <span class="k">public</span><span class="p">.</span><span class="n">notes</span> <span class="p">(</span> <span class="n">id</span> <span class="n">uuid</span> <span class="k">PRIMARY</span> <span class="k">KEY</span> <span class="k">DEFAULT</span> <span class="n">gen_random_uuid</span><span class="p">(),</span> <span class="n">user_id</span> <span class="n">uuid</span> <span class="k">NOT</span> <span class="k">NULL</span> <span class="k">REFERENCES</span> <span class="n">auth</span><span class="p">.</span><span class="n">users</span><span class="p">(</span><span class="n">id</span><span class="p">)</span> <span class="k">ON</span> <span class="k">DELETE</span> <span class="k">CASCADE</span><span class="p">,</span> <span class="n">body</span> <span class="nb">text</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="n">created_at</span> <span class="n">timestamptz</span> <span class="k">NOT</span> <span class="k">NULL</span> <span class="k">DEFAULT</span> <span class="n">now</span><span class="p">()</span> <span class="p">);</span> </code></pre> </div> <h2> Step 1 — turn RLS on </h2> <p>RLS is off by default. Turn it on explicitly:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">ALTER</span> <span class="k">TABLE</span> <span class="k">public</span><span class="p">.</span><span class="n">notes</span> <span class="n">ENABLE</span> <span class="k">ROW</span> <span class="k">LEVEL</span> <span class="k">SECURITY</span><span class="p">;</span> </code></pre> </div> <p>The moment you run this, <em>all</em> queries against the table return zero rows — for every user, including <code>authenticated</code>. RLS is deny-by-default; you add policies to carve out what each role can do.</p> <p>This is a good thing. If you turn RLS on and your app breaks, you now know exactly which tables need policies.</p> <h2> Step 2 — the four policies </h2> <p>One policy per CRUD verb. Each scopes the rows a user can touch.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="c1">-- READ: a user sees only their own notes.</span> <span class="k">CREATE</span> <span class="n">POLICY</span> <span class="nv">"notes_select_own"</span> <span class="k">ON</span> <span class="k">public</span><span class="p">.</span><span class="n">notes</span> <span class="k">FOR</span> <span class="k">SELECT</span> <span class="k">TO</span> <span class="n">authenticated</span> <span class="k">USING</span> <span class="p">(</span><span class="n">user_id</span> <span class="o">=</span> <span class="n">auth</span><span class="p">.</span><span class="n">uid</span><span class="p">());</span> <span class="c1">-- INSERT: a user can only create rows under their own user_id.</span> <span class="k">CREATE</span> <span class="n">POLICY</span> <span class="nv">"notes_insert_own"</span> <span class="k">ON</span> <span class="k">public</span><span class="p">.</span><span class="n">notes</span> <span class="k">FOR</span> <span class="k">INSERT</span> <span class="k">TO</span> <span class="n">authenticated</span> <span class="k">WITH</span> <span class="k">CHECK</span> <span class="p">(</span><span class="n">user_id</span> <span class="o">=</span> <span class="n">auth</span><span class="p">.</span><span class="n">uid</span><span class="p">());</span> <span class="c1">-- UPDATE: a user can edit only their own notes, and can't change the owner.</span> <span class="k">CREATE</span> <span class="n">POLICY</span> <span class="nv">"notes_update_own"</span> <span class="k">ON</span> <span class="k">public</span><span class="p">.</span><span class="n">notes</span> <span class="k">FOR</span> <span class="k">UPDATE</span> <span class="k">TO</span> <span class="n">authenticated</span> <span class="k">USING</span> <span class="p">(</span><span class="n">user_id</span> <span class="o">=</span> <span class="n">auth</span><span class="p">.</span><span class="n">uid</span><span class="p">())</span> <span class="k">WITH</span> <span class="k">CHECK</span> <span class="p">(</span><span class="n">user_id</span> <span class="o">=</span> <span class="n">auth</span><span class="p">.</span><span class="n">uid</span><span class="p">());</span> <span class="c1">-- DELETE: a user can delete only their own notes.</span> <span class="k">CREATE</span> <span class="n">POLICY</span> <span class="nv">"notes_delete_own"</span> <span class="k">ON</span> <span class="k">public</span><span class="p">.</span><span class="n">notes</span> <span class="k">FOR</span> <span class="k">DELETE</span> <span class="k">TO</span> <span class="n">authenticated</span> <span class="k">USING</span> <span class="p">(</span><span class="n">user_id</span> <span class="o">=</span> <span class="n">auth</span><span class="p">.</span><span class="n">uid</span><span class="p">());</span> </code></pre> </div> <p>The difference between <code>USING</code> and <code>WITH CHECK</code> is the subtle part:</p> <ul> <li> <code>USING</code> filters rows you can <em>see</em> for the operation (the "before" predicate).</li> <li> <code>WITH CHECK</code> validates rows you're trying to <em>write</em> (the "after" predicate).</li> </ul> <p>On UPDATE you need both: <code>USING</code> to decide which rows you can target, <code>WITH CHECK</code> to stop you from flipping <code>user_id</code> to someone else's uid mid-update.</p> <h2> Step 3 — verify the policy actually works </h2> <p>Writing policies is easy. Verifying them is the step most people skip. Supabase ships <code>set role</code> — use it.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="c1">-- Pretend to be user A and insert a row</span> <span class="k">SET</span> <span class="k">LOCAL</span> <span class="k">ROLE</span> <span class="n">authenticated</span><span class="p">;</span> <span class="k">SET</span> <span class="k">LOCAL</span> <span class="nv">"request.jwt.claims"</span> <span class="o">=</span> <span class="s1">'{"sub": "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa", "role": "authenticated"}'</span><span class="p">;</span> <span class="k">INSERT</span> <span class="k">INTO</span> <span class="k">public</span><span class="p">.</span><span class="n">notes</span> <span class="p">(</span><span class="n">user_id</span><span class="p">,</span> <span class="n">body</span><span class="p">)</span> <span class="k">VALUES</span> <span class="p">(</span><span class="s1">'aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa'</span><span class="p">,</span> <span class="s1">'hello from A'</span><span class="p">);</span> <span class="c1">-- ✅ succeeds</span> <span class="k">INSERT</span> <span class="k">INTO</span> <span class="k">public</span><span class="p">.</span><span class="n">notes</span> <span class="p">(</span><span class="n">user_id</span><span class="p">,</span> <span class="n">body</span><span class="p">)</span> <span class="k">VALUES</span> <span class="p">(</span><span class="s1">'bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb'</span><span class="p">,</span> <span class="s1">'malicious row for B'</span><span class="p">);</span> <span class="c1">-- ❌ fails with: "new row violates row-level security policy"</span> <span class="k">SELECT</span> <span class="o">*</span> <span class="k">FROM</span> <span class="k">public</span><span class="p">.</span><span class="n">notes</span><span class="p">;</span> <span class="c1">-- returns only A's rows, not B's</span> </code></pre> </div> <p>If you skip verification, you're trusting your mental model. The mental model is wrong more often than you'd think.</p> <h2> The three patterns I keep seeing break </h2> <h3> ❌ 1. <code>USING (true)</code> — "looks like RLS, isn't RLS" </h3> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="n">POLICY</span> <span class="nv">"authenticated users can read"</span> <span class="k">ON</span> <span class="k">public</span><span class="p">.</span><span class="n">notes</span> <span class="k">FOR</span> <span class="k">SELECT</span> <span class="k">TO</span> <span class="n">authenticated</span> <span class="k">USING</span> <span class="p">(</span><span class="k">true</span><span class="p">);</span> </code></pre> </div> <p>This is RLS-in-name-only. It lets every signed-in user read every row. If your app has open signup, every visitor can sign up with a throwaway email and read every other user's data.</p> <p><strong>Fix</strong>: <code>USING (user_id = auth.uid())</code>.</p> <h3> ❌ 2. UPDATE policy without <code>WITH CHECK</code> </h3> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="n">POLICY</span> <span class="nv">"notes_update_own"</span> <span class="k">ON</span> <span class="k">public</span><span class="p">.</span><span class="n">notes</span> <span class="k">FOR</span> <span class="k">UPDATE</span> <span class="k">TO</span> <span class="n">authenticated</span> <span class="k">USING</span> <span class="p">(</span><span class="n">user_id</span> <span class="o">=</span> <span class="n">auth</span><span class="p">.</span><span class="n">uid</span><span class="p">());</span> <span class="c1">-- no WITH CHECK</span> </code></pre> </div> <p>The user can update their own row (<code>USING</code> passes), and inside that update flip <code>user_id</code> to another user's id. Now that note belongs to someone else.</p> <p>Same pattern bites harder on a <code>profiles</code> table that has a <code>role</code> or <code>subscription_tier</code> column. The user can UPDATE their own profile and set <code>role = 'admin'</code>.</p> <p><strong>Fix</strong>: add <code>WITH CHECK (user_id = auth.uid())</code>. On sensitive columns like <code>role</code> or <code>subscription_tier</code>, go further — split them into a separate table that only <code>service_role</code> can write.</p> <h3> ❌ 3. Admin actions done from the client </h3> <p>The third pattern isn't an RLS mistake directly — it's a consequence of trying to get around RLS. Someone needs to be able to do something "admin-ish" (mark a payment as completed, promote a user), so they write a policy that lets any authenticated user do the write. Then everyone can.</p> <p><strong>Fix</strong>: keep the RLS policy strict, and move admin actions into a Supabase Edge Function that uses the <code>service_role</code> key. The <code>service_role</code> bypasses RLS by design — that's its job. Just make sure the function itself verifies the caller has the right permission before doing the write.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// edge function</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">createClient</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">npm:@supabase/supabase-js</span><span class="dl">"</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">supabase</span> <span class="o">=</span> <span class="nf">createClient</span><span class="p">(</span> <span class="nx">Deno</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">SUPABASE_URL</span><span class="dl">"</span><span class="p">)</span><span class="o">!</span><span class="p">,</span> <span class="nx">Deno</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">SUPABASE_SERVICE_ROLE_KEY</span><span class="dl">"</span><span class="p">)</span><span class="o">!</span> <span class="c1">// bypasses RLS</span> <span class="p">);</span> <span class="c1">// verify the caller is authenticated *and* has admin role</span> <span class="kd">const</span> <span class="nx">jwt</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">headers</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">Authorization</span><span class="dl">"</span><span class="p">)?.</span><span class="nf">replace</span><span class="p">(</span><span class="dl">"</span><span class="s2">Bearer </span><span class="dl">"</span><span class="p">,</span> <span class="dl">""</span><span class="p">);</span> <span class="kd">const</span> <span class="p">{</span> <span class="na">data</span><span class="p">:</span> <span class="p">{</span> <span class="nx">user</span> <span class="p">}</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">supabase</span><span class="p">.</span><span class="nx">auth</span><span class="p">.</span><span class="nf">getUser</span><span class="p">(</span><span class="nx">jwt</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">user</span><span class="p">)</span> <span class="k">return</span> <span class="k">new</span> <span class="nc">Response</span><span class="p">(</span><span class="dl">"</span><span class="s2">unauthorized</span><span class="dl">"</span><span class="p">,</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="mi">401</span> <span class="p">});</span> <span class="c1">// check user.app_metadata.role === "admin" or a user_roles table lookup</span> <span class="c1">// now you can do the write that regular authenticated users can't</span> <span class="k">await</span> <span class="nx">supabase</span><span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="dl">"</span><span class="s2">payments</span><span class="dl">"</span><span class="p">).</span><span class="nf">update</span><span class="p">({</span> <span class="na">status</span><span class="p">:</span> <span class="dl">"</span><span class="s2">completed</span><span class="dl">"</span> <span class="p">}).</span><span class="nf">eq</span><span class="p">(</span><span class="dl">"</span><span class="s2">id</span><span class="dl">"</span><span class="p">,</span> <span class="nx">paymentId</span><span class="p">);</span> </code></pre> </div> <h2> The 10-minute self-audit </h2> <p>Run this against your own Supabase project before you ship:</p> <ol> <li>For every public table, is RLS enabled? (<code>SELECT tablename FROM pg_tables WHERE schemaname = 'public'</code> and check each.)</li> <li>For every enabled table, are there policies for <code>SELECT / INSERT / UPDATE / DELETE</code>?</li> <li>Do any policies use <code>USING (true)</code> or <code>WITH CHECK (true)</code>?</li> <li>On every UPDATE policy, is there a <code>WITH CHECK</code> that prevents ownership / role flipping?</li> <li>Are there any columns on public-readable tables that shouldn't be readable (Stripe customer IDs, internal notes, moderator flags)? Columns with <code>SELECT</code> granted to <code>authenticated</code> are readable by <em>every</em> signed-in user whose policy match returns a row.</li> </ol> <p>If you want this done automatically on your full codebase — including the 40 other security patterns that show up in AI-generated apps — that's what I built <a href="https://systag.gumroad.com/l/vibescan" rel="noopener noreferrer">VibeScan</a> for. $49, runs on your public GitHub repo, PDF report with severity-graded findings and copy-paste fixes. Most Lovable / Bolt / v0 / Cursor-built apps come back with 1 critical + 5-10 high severity findings on first scan, and roughly half of them are RLS patterns like the ones above.</p> <p>Either way — if you've read this far and your app has a <code>USING (true)</code> policy somewhere, go fix it before you close this tab.</p> supabase security webdev tutorial SystAgProject Sun, 19 Apr 2026 22:12:29 +0000 https://forem.com/systagproject/the-12-security-issues-i-keep-finding-in-vibe-coded-apps-lovable-bolt-v0-786 https://forem.com/systagproject/the-12-security-issues-i-keep-finding-in-vibe-coded-apps-lovable-bolt-v0-786 <p>Over the last few weeks I've been running <a href="https://systag.gumroad.com/l/vibescan" rel="noopener noreferrer"><strong>VibeScan</strong></a> — a security audit tool for AI-generated codebases — against a small set of public Lovable / Bolt / v0 / Cursor apps. Same dozen issues keep surfacing.</p> <p>If you're shipping a vibe-coded SaaS, run through this list before launch. It'll take you 30 minutes and save you from the most common self-own patterns.</p> <h2> 1. Payment webhook has <code>verify_jwt = false</code> and no signature check </h2> <p><strong>What you'll find in your repo</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight toml"><code><span class="c"># supabase/config.toml</span> <span class="nn">[functions.payment-webhook]</span> <span class="py">verify_jwt</span> <span class="p">=</span> <span class="kc">false</span> </code></pre> </div> <p>And inside the function, no <code>stripe.webhooks.constructEvent(...)</code> before trusting the event body.</p> <p><strong>Why it matters.</strong> The endpoint is world-reachable. Anyone can <code>curl</code> it with a fake <code>"type": "checkout.session.completed"</code> body and flip a row in your <code>profiles</code> table. Free Pro tier for everyone on the internet.</p> <p><strong>Fix (one line-change + one env var)</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">event</span> <span class="o">=</span> <span class="nx">stripe</span><span class="p">.</span><span class="nx">webhooks</span><span class="p">.</span><span class="nf">constructEvent</span><span class="p">(</span><span class="nx">body</span><span class="p">,</span> <span class="nx">signatureHeader</span><span class="p">,</span> <span class="nx">Deno</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">STRIPE_WEBHOOK_SECRET</span><span class="dl">"</span><span class="p">));</span> </code></pre> </div> <h2> 2. RLS policies using <code>USING (true)</code> </h2> <p><strong>What you'll find</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="n">POLICY</span> <span class="nv">"authenticated users can read"</span> <span class="k">ON</span> <span class="k">public</span><span class="p">.</span><span class="n">cases</span> <span class="k">FOR</span> <span class="k">SELECT</span> <span class="k">TO</span> <span class="n">authenticated</span> <span class="k">USING</span> <span class="p">(</span><span class="k">true</span><span class="p">);</span> </code></pre> </div> <p>If <code>cases</code> is "any record" — not "my records" — then any signed-in user reads all the data. Open signup + <code>USING (true)</code> + RLS enabled = a fancy way to display your entire database to any visitor who clicks "Sign up".</p> <p><strong>Fix</strong>: scope by ownership.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">USING</span> <span class="p">(</span><span class="n">user_id</span> <span class="o">=</span> <span class="n">auth</span><span class="p">.</span><span class="n">uid</span><span class="p">())</span> </code></pre> </div> <p>Then make sure you actually set <code>user_id = auth.uid()</code> on INSERT with a <code>WITH CHECK</code> clause.</p> <h2> 3. API keys prefixed with <code>VITE_</code> — shipped to every browser </h2> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// src/components/ResumeUpload.tsx</span> <span class="kd">const</span> <span class="nx">key</span> <span class="o">=</span> <span class="k">import</span><span class="p">.</span><span class="nx">meta</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">VITE_GEMINI_API_KEY</span><span class="p">;</span> </code></pre> </div> <p>Anything with <code>VITE_</code> / <code>NEXT_PUBLIC_</code> / <code>REACT_APP_</code> is in the client bundle. Open DevTools → Network tab → find any request with the key in Authorization → paste it into Postman.</p> <p><strong>Fix</strong>: move the API call to a Supabase Edge Function (or Next.js server route) that holds the key server-side. The browser calls <em>your</em> endpoint; your endpoint calls the vendor.</p> <h2> 4. No rate limit on the expensive LLM endpoint </h2> <p>Your <code>generate-something</code> endpoint runs an Opus / GPT-4 call. It accepts an arbitrary-length prompt. There's no cap on requests per user.</p> <p>Someone writes a <code>while(true)</code> loop in the console. Your monthly AI bill is now $4k.</p> <p><strong>Fix</strong>: two lines with Upstash.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="p">{</span> <span class="nx">success</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">ratelimit</span><span class="p">.</span><span class="nf">limit</span><span class="p">(</span><span class="nx">userId</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">success</span><span class="p">)</span> <span class="k">return</span> <span class="k">new</span> <span class="nc">Response</span><span class="p">(</span><span class="dl">"</span><span class="s2">rate limited</span><span class="dl">"</span><span class="p">,</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="mi">429</span> <span class="p">});</span> </code></pre> </div> <h2> 5. Profile row created from the client </h2> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// After signUp({ email, password })</span> <span class="k">await</span> <span class="nx">supabase</span><span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="dl">"</span><span class="s2">profiles</span><span class="dl">"</span><span class="p">).</span><span class="nf">insert</span><span class="p">({</span> <span class="na">id</span><span class="p">:</span> <span class="nx">user</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span> <span class="nx">name</span><span class="p">,</span> <span class="na">role</span><span class="p">:</span> <span class="dl">"</span><span class="s2">user</span><span class="dl">"</span> <span class="p">});</span> </code></pre> </div> <p>The problem isn't the insert. It's that any signed-in user can do an UPDATE with <code>role = "admin"</code> if your RLS policy lets the user write to their own row and the <code>role</code> column isn't excluded.</p> <p><strong>Fix</strong>: move profile creation to a Postgres trigger on <code>auth.users</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="k">TRIGGER</span> <span class="n">handle_new_user</span> <span class="k">AFTER</span> <span class="k">INSERT</span> <span class="k">ON</span> <span class="n">auth</span><span class="p">.</span><span class="n">users</span> <span class="p">...</span> </code></pre> </div> <p>And restrict the <code>profiles.role</code> column from client UPDATEs.</p> <h2> 6. Subscription tier writable from the client </h2> <p>This is the evil cousin of #5. You have a <code>profiles.subscription_tier</code> column. Your RLS allows <code>UPDATE FOR authenticated USING (user_id = auth.uid())</code>. Any user opens console, runs:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">await</span> <span class="nx">supabase</span><span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="dl">"</span><span class="s2">profiles</span><span class="dl">"</span><span class="p">).</span><span class="nf">update</span><span class="p">({</span> <span class="na">subscription_tier</span><span class="p">:</span> <span class="dl">"</span><span class="s2">pro</span><span class="dl">"</span> <span class="p">}).</span><span class="nf">eq</span><span class="p">(</span><span class="dl">"</span><span class="s2">id</span><span class="dl">"</span><span class="p">,</span> <span class="nx">myId</span><span class="p">);</span> </code></pre> </div> <p>Done. Lifetime Pro access.</p> <p><strong>Fix</strong>: <code>subscription_tier</code> is a server-only column. Update it in a trigger that fires from your payment webhook, and revoke <code>UPDATE</code> on that column from the <code>authenticated</code> role:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">REVOKE</span> <span class="k">UPDATE</span><span class="p">(</span><span class="n">subscription_tier</span><span class="p">)</span> <span class="k">ON</span> <span class="n">profiles</span> <span class="k">FROM</span> <span class="n">authenticated</span><span class="p">;</span> </code></pre> </div> <h2> 7. Uploaded files readable by any logged-in user </h2> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="n">POLICY</span> <span class="nv">"read uploads"</span> <span class="k">ON</span> <span class="k">storage</span><span class="p">.</span><span class="n">objects</span> <span class="k">FOR</span> <span class="k">SELECT</span> <span class="k">TO</span> <span class="n">authenticated</span> <span class="k">USING</span> <span class="p">(</span><span class="n">bucket_id</span> <span class="o">=</span> <span class="s1">'case-files'</span><span class="p">);</span> </code></pre> </div> <p>Anyone who signs up can download every file in the bucket. Particularly painful when the bucket has resumes, medical records, or passport scans.</p> <p><strong>Fix</strong>: encode the user ID in the path and check it in the policy.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">USING</span> <span class="p">(</span><span class="n">bucket_id</span> <span class="o">=</span> <span class="s1">'case-files'</span> <span class="k">AND</span> <span class="n">auth</span><span class="p">.</span><span class="n">uid</span><span class="p">()::</span><span class="nb">text</span> <span class="o">=</span> <span class="p">(</span><span class="k">storage</span><span class="p">.</span><span class="n">foldername</span><span class="p">(</span><span class="n">name</span><span class="p">))[</span><span class="mi">1</span><span class="p">])</span> </code></pre> </div> <h2> 8. Hardcoded <code>SUPABASE_URL</code> + anon key as fallbacks </h2> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">SUPABASE_URL</span> <span class="o">=</span> <span class="k">import</span><span class="p">.</span><span class="nx">meta</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">VITE_SUPABASE_URL</span> <span class="o">??</span> <span class="dl">"</span><span class="s2">https://abc123.supabase.co</span><span class="dl">"</span><span class="p">;</span> </code></pre> </div> <p>The anon key is <em>technically</em> public (it's designed to be shipped to browsers). But hardcoding it means:</p> <ul> <li>You can't rotate without shipping a new build.</li> <li>You can't use the same codebase for staging / prod.</li> <li>If someone ever adds the <strong>service_role</strong> key by mistake under the same pattern, it's game over.</li> </ul> <p><strong>Fix</strong>: <code>throw new Error("missing env var")</code> at build time if the var is missing. No fallback.</p> <h2> 9. Weak password policy </h2> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code><span class="p">&lt;</span><span class="nt">input</span> <span class="na">type</span><span class="p">=</span><span class="s">"password"</span> <span class="na">minLength</span><span class="p">=</span><span class="si">{</span><span class="mi">6</span><span class="si">}</span> <span class="p">/&gt;</span> </code></pre> </div> <p>Six characters is brute-forceable in under a second.</p> <p><strong>Fix</strong>: <code>minLength={10}</code> on the input, <em>and</em> enforce a floor in Supabase Auth settings → Policies → Password requirements. Also turn on the "leaked password check".</p> <h2> 10. CORS wide open on server actions </h2> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">corsHeaders</span> <span class="o">=</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">Access-Control-Allow-Origin</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">*</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">Access-Control-Allow-Methods</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">POST, OPTIONS</span><span class="dl">"</span><span class="p">,</span> <span class="p">};</span> </code></pre> </div> <p><code>*</code> is correct for static public endpoints. It's not correct for an endpoint that returns user-specific data or does a sensitive action on a cookie-authenticated session. Any site the victim visits can <code>fetch()</code> your API with their creds attached.</p> <p><strong>Fix</strong>: echo the <code>Origin</code> header back only if it matches an allowlist. Or just hardcode your app's domain.</p> <h2> 11. No input validation on write endpoints </h2> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="p">{</span> <span class="nx">topic</span><span class="p">,</span> <span class="nx">keyMessage</span><span class="p">,</span> <span class="nx">audience</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">req</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="c1">// straight into the LLM prompt</span> </code></pre> </div> <p>No <code>zod.parse(...)</code>. No length cap. Someone sends a 500 KB prompt. Your model call burns $3 and times out. Multiply by 10k loops.</p> <p><strong>Fix</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">schema</span> <span class="o">=</span> <span class="nx">z</span><span class="p">.</span><span class="nf">object</span><span class="p">({</span> <span class="na">topic</span><span class="p">:</span> <span class="nx">z</span><span class="p">.</span><span class="nf">string</span><span class="p">().</span><span class="nf">max</span><span class="p">(</span><span class="mi">500</span><span class="p">),</span> <span class="na">keyMessage</span><span class="p">:</span> <span class="nx">z</span><span class="p">.</span><span class="nf">string</span><span class="p">().</span><span class="nf">max</span><span class="p">(</span><span class="mi">500</span><span class="p">),</span> <span class="na">audience</span><span class="p">:</span> <span class="nx">z</span><span class="p">.</span><span class="nf">string</span><span class="p">().</span><span class="nf">max</span><span class="p">(</span><span class="mi">100</span><span class="p">),</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">parsed</span> <span class="o">=</span> <span class="nx">schema</span><span class="p">.</span><span class="nf">parse</span><span class="p">(</span><span class="k">await</span> <span class="nx">req</span><span class="p">.</span><span class="nf">json</span><span class="p">());</span> </code></pre> </div> <h2> 12. Credits / balance updates that aren't atomic </h2> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="p">{</span> <span class="nx">credits</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">supabase</span><span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="dl">"</span><span class="s2">users</span><span class="dl">"</span><span class="p">).</span><span class="nf">select</span><span class="p">(</span><span class="dl">"</span><span class="s2">credits</span><span class="dl">"</span><span class="p">).</span><span class="nf">eq</span><span class="p">(</span><span class="dl">"</span><span class="s2">id</span><span class="dl">"</span><span class="p">,</span> <span class="nx">userId</span><span class="p">).</span><span class="nf">single</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="nx">credits</span> <span class="o">&gt;</span> <span class="mi">0</span><span class="p">)</span> <span class="p">{</span> <span class="k">await</span> <span class="nf">doTheExpensiveThing</span><span class="p">();</span> <span class="k">await</span> <span class="nx">supabase</span><span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="dl">"</span><span class="s2">users</span><span class="dl">"</span><span class="p">).</span><span class="nf">update</span><span class="p">({</span> <span class="na">credits</span><span class="p">:</span> <span class="nx">credits</span> <span class="o">-</span> <span class="mi">1</span> <span class="p">}).</span><span class="nf">eq</span><span class="p">(</span><span class="dl">"</span><span class="s2">id</span><span class="dl">"</span><span class="p">,</span> <span class="nx">userId</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>Classic race. User fires two parallel requests, both read <code>credits = 1</code>, both proceed, both decrement. One free call. In the worst case, it's 50 parallel calls for one credit.</p> <p><strong>Fix</strong>: atomic decrement in a single statement (or a Postgres function):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">UPDATE</span> <span class="n">users</span> <span class="k">SET</span> <span class="n">credits</span> <span class="o">=</span> <span class="n">credits</span> <span class="o">-</span> <span class="mi">1</span> <span class="k">WHERE</span> <span class="n">id</span> <span class="o">=</span> <span class="err">$</span><span class="mi">1</span> <span class="k">AND</span> <span class="n">credits</span> <span class="o">&gt;</span> <span class="mi">0</span> <span class="n">RETURNING</span> <span class="n">credits</span><span class="p">;</span> </code></pre> </div> <p>If the returned row is empty, reject the request.</p> <h2> How to check your own repo in 5 minutes </h2> <p>Manual approach: grep the repo for these patterns.</p> <ul> <li> <code>verify_jwt = false</code> in <code>supabase/config.toml</code> </li> <li> <code>USING (true)</code> in <code>*.sql</code> </li> <li> <code>VITE_.*_KEY</code> / <code>NEXT_PUBLIC_.*_KEY</code> / <code>REACT_APP_.*_KEY</code> in source</li> <li> <code>minLength={6}</code> in auth forms</li> <li> <code>Access-Control-Allow-Origin: *</code> in server functions</li> <li> <code>corsHeaders</code> without an allowlist</li> </ul> <p>If you want a cleaner version of the above as a per-repo PDF with every finding graded and a copy-paste fix for each, that's what <a href="https://systag.gumroad.com/l/vibescan" rel="noopener noreferrer">VibeScan</a> is. It clones your repo, runs a multi-batch audit with Claude Opus 4.7, and spits out a severity-graded report. $49 one-time. Typical finding count for a 3-month-old vibe-coded app is 6-15 issues, 1-2 of them critical.</p> <p>If you want me to run it on your repo for free in exchange for feedback, reply to me on <a href="https://x.com" rel="noopener noreferrer">Twitter/X</a> or send me the repo URL.</p> <p>Stay safe out there.</p> security webdev ai supabase SystAgProject Sun, 19 Apr 2026 21:35:06 +0000 https://forem.com/systagproject/i-ran-a-security-audit-on-my-own-python-codebase-with-an-llm-for-090-here-is-what-it-found-151c https://forem.com/systagproject/i-ran-a-security-audit-on-my-own-python-codebase-with-an-llm-for-090-here-is-what-it-found-151c <p>Last week I shipped a small product called VibeScan — a 49-dollar PDF security audit for apps built with Lovable / Bolt / Cursor / Replit / v0. Before I asked anyone to pay for it, I ran it on my own codebase as a smoke test.</p> <p>124 scannable Python files, 4 LLM batches, 22 seconds total wall time. Audit cost: $0.90 of Opus 4.7 with prompt caching. Output: 0 critical findings, 1 high, 2 medium. One of the findings was a real bug I fixed the same hour. The other two were legitimate risk flags I had not thought about.</p> <p>Here is the full report, with context on each finding.</p> <h2> [HIGH] Subprocess stdout/stderr written to the ledger without size cap </h2> <p>Location: — the function that spawns every scheduled job.</p> <blockquote> <p>A runaway script that prints megabytes of logs (for example a scraper dumping HTML) will push all of that into your SQLite ledger, potentially bloating the database and causing memory issues during capture. A single bad run could write hundreds of MB.</p> <p><strong>Fix</strong>: In , truncate stdout/stderr to the last ~10KB before returning (e.g., ) so oversized output cannot blow up the ledger or memory.</p> </blockquote> <h3> Why this matters </h3> <p>I was using Python subprocess.run with . That flag tells Python to hold the subprocess full stdout and stderr in memory until the child exits. Which is fine when a cron job prints 50 lines and exits. But if one of those jobs is a web scraper that dumps the HTML of every page it visits, or an ETL that prints a row per record processed on a million-row table, every byte of that output sits in the scheduler process RAM before being written to the SQLite ledger.</p> <p>I had never thought about it. The scheduler had run for weeks without hitting this because all the current jobs are well-behaved. But the next job anyone adds could be the one that dumps 500 MB on a bad day.</p> <p>The fix took four minutes: cap each stream at 50 KB before returning. If a security auditor had flagged this I would have paid $200. VibeScan cost $0.90 for the whole repo.</p> <h2> [MEDIUM] Gmail OAuth refresh token stored in plaintext </h2> <p>Location: line 30 — the function that loads Google OAuth credentials.</p> <blockquote> <p>The Gmail refresh token is saved as a plain JSON file on disk. Anyone who can read that file (backup, stolen laptop, server compromise) gains indefinite access to send and read email as the account owner — refresh tokens do not expire.</p> <p><strong>Fix</strong>: At minimum, ensure credentials/ is in .gitignore and file permissions are 0600; for stronger protection, encrypt the token at rest (for example via OS keyring or an encrypted env var) and document revocation via Google Account -&gt; Security -&gt; Third-party apps.</p> </blockquote> <p>Classic defense-in-depth issue. No immediate exploitation, but the kind of thing you kick yourself over if it ever leaks.</p> <h2> [MEDIUM] HTML email bodies stripped with naive regex </h2> <p>Location: line 215 — the function that normalizes inbound email.</p> <blockquote> <p>extract_plain_body uses a regex to strip HTML tags from inbound mail, which can leave script/style contents, encoded entities, or malformed markup in the plain text the classifier sees. If that text is later fed into an LLM prompt or surfaced to a user, attacker-crafted emails can smuggle content that was not visible as HTML.</p> </blockquote> <p>The inbound email pipeline feeds the plain text version into an LLM classifier (to route support emails). Because downstream is an LLM, this is a <strong>prompt injection surface</strong>. A sophisticated spammer who knows we route email via LLM can craft HTML with hidden content in style tags or HTML comments that appears empty to a human recipient but becomes visible instructions in the LLM input.</p> <p>Not exploited today. But it is the exact class of bug that becomes headline news in 18 months, and the fix is a 20-line swap to BeautifulSoup.</p> <h2> What this scan cost and what it missed </h2> <ul> <li> <strong>Input tokens</strong>: 176,364 with prompt caching across 4 batches</li> <li> <strong>Output tokens</strong>: 779</li> <li> <strong>Wall time</strong>: 22 seconds</li> <li> <strong>Direct infrastructure cost</strong>: $0.90</li> </ul> <p>Consultant equivalent would be 3-5 hours on a 124-file repo, billed $600-1500, producing a report that needs translation by an engineer to be actionable. The VibeScan report is in the language the buyer speaks and includes the exact line to change.</p> <h3> What the scan missed (honest limitations) </h3> <ol> <li> <strong>Business logic flaws</strong> like a checkout that trusts client-side prices.</li> <li> <strong>Concurrency issues</strong> in state updates (requires runtime tracing, not static read).</li> <li> <strong>Dependency vulnerabilities</strong> — we do not cross-reference package.json against CVE databases. Snyk does that better.</li> <li> <strong>Production infra</strong> — we scan the code, not deployed infrastructure.</li> </ol> <p>For a solo founder running an AI-coded app, the findings VibeScan catches are where the actual failures come from. For enterprise eng teams with dedicated security engineers, Snyk plus manual review plus threat modeling is the better playbook.</p> <h2> Try it on your own repo </h2> <p>If you shipped something with Lovable / Bolt / Cursor / Replit / v0 and you are about to take real money from real users — get a second set of eyes on the code first.</p> <p>$49, one-time, PDF in ~10 minutes: <a href="https://systag.gumroad.com/l/vibescan" rel="noopener noreferrer">systag.gumroad.com/l/vibescan</a></p> <p>First 10 readers of this post get it for free — DM me the repo URL and I will send the PDF back within the day.</p> security ai python showdev