DEV Community: SystAgProject The latest articles on DEV Community by SystAgProject (@systagproject). https://dev.to/systagproject https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3887886%2Feefa192c-4431-46de-9678-d0ea084f2a5e.png DEV Community: SystAgProject https://dev.to/systagproject en I Audited 9 Vibe-Coded Apps in 24 Hours. Here Are the 5 Patterns That Show Up Every Single Time. SystAgProject Mon, 20 Apr 2026 00:34:55 +0000 https://dev.to/systagproject/i-audited-9-vibe-coded-apps-in-24-hours-here-are-the-5-patterns-that-show-up-every-single-time-ebk https://dev.to/systagproject/i-audited-9-vibe-coded-apps-in-24-hours-here-are-the-5-patterns-that-show-up-every-single-time-ebk <p>Yesterday I ran <a href="https://systag.gumroad.com/l/vibescan" rel="noopener noreferrer">VibeScan</a> — my security-audit tool for AI-generated SaaS — against <strong>9 public apps built on Lovable / Bolt / v0 / Cursor.</strong> Different verticals: healthcare (patient records), finance (AI script-for-sale platform), productivity (logic/notes tools), crypto (CELO transfers), gym management, blockchain auditing.</p> <p>Total: <strong>145 findings, 9 critical, 75 high, 61 medium.</strong></p> <p>Five patterns showed up in basically every single one. Not "I saw them occasionally" — I saw them in 8-9 out of 9. If you're shipping an AI-coded SaaS right now, these are the ones to fix tonight, before anyone signs up.</p> <h2> 1. RLS policies with <code>USING (true)</code> — "looks secure, isn't" </h2> <p>Hit rate: <strong>8 / 9 codebases.</strong></p> <p>Every single app I scanned had Supabase RLS enabled on its core tables. That looks fine — RLS is on. Until you read the policies:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="n">POLICY</span> <span class="nv">"authenticated users can read"</span> <span class="k">ON</span> <span class="k">public</span><span class="p">.</span><span class="n">cases</span> <span class="k">FOR</span> <span class="k">SELECT</span> <span class="k">TO</span> <span class="n">authenticated</span> <span class="k">USING</span> <span class="p">(</span><span class="k">true</span><span class="p">);</span> </code></pre> </div> <p>If <code>cases</code> stores per-user data and your app has open signup, this is a fancy way of saying: "anyone who creates a throwaway Gmail account reads every other user's records." I saw this on medical case files, on AI generation history, on gym-member workout logs. On one healthcare app, any signed-in user could read AND modify every patient record + physician note + uploaded file in the database.</p> <p><strong>Fix:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">USING</span> <span class="p">(</span><span class="n">user_id</span> <span class="o">=</span> <span class="n">auth</span><span class="p">.</span><span class="n">uid</span><span class="p">())</span> </code></pre> </div> <p>For UPDATE policies, add <code>WITH CHECK (user_id = auth.uid())</code> too, or users can flip the <code>user_id</code> column during their update and steal other people's rows.</p> <p>I wrote <a href="https://dev.to/systagproject/your-first-supabase-rls-policy-without-exposing-your-whole-database-4jam">a full tutorial on getting RLS right</a> earlier today — it's the single highest-impact thing you can fix this week.</p> <h2> 2. Unauthenticated edge functions — "verify_jwt = false" </h2> <p>Hit rate: <strong>9 / 9 codebases.</strong></p> <p>Every single app had at least one edge function with <code>verify_jwt = false</code> in <code>supabase/config.toml</code>. Sometimes a half-dozen. Most of them were AI endpoints (calls to OpenAI, Gemini, Claude) or payment webhooks.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight toml"><code><span class="nn">[functions.payment-webhook]</span> <span class="py">verify_jwt</span> <span class="p">=</span> <span class="kc">false</span> </code></pre> </div> <p>Payment webhooks <em>need</em> this — Stripe has to be able to call you without a user JWT. But the fix is then to verify the <strong>signature</strong> inside the function:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">event</span> <span class="o">=</span> <span class="nx">stripe</span><span class="p">.</span><span class="nx">webhooks</span><span class="p">.</span><span class="nf">constructEvent</span><span class="p">(</span> <span class="nx">body</span><span class="p">,</span> <span class="nx">req</span><span class="p">.</span><span class="nx">headers</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">stripe-signature</span><span class="dl">"</span><span class="p">),</span> <span class="nx">Deno</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">STRIPE_WEBHOOK_SECRET</span><span class="dl">"</span><span class="p">),</span> <span class="p">);</span> </code></pre> </div> <p>On 7 of the 9 apps, that verification was missing or replaced by a shared secret sent in a custom header (which is worse — the secret travels over the wire on every request and leaks into logs).</p> <p>On AI endpoints with <code>verify_jwt = false</code>, the function is world-callable. Anyone can hit it in a <code>while(true)</code> loop and drain your OpenAI credits in an hour. On one app the LLM endpoint would happily accept 2MB request bodies. Attacker math: $X credits per request × unlimited requests → bye bye balance.</p> <p><strong>Fix:</strong> turn <code>verify_jwt = true</code> back on for anything that isn't a payment webhook, then verify auth inside the function. For the webhook exceptions, verify the provider signature.</p> <h2> 3. No rate limit on AI / generation / contact / signup endpoints </h2> <p>Hit rate: <strong>9 / 9 codebases.</strong></p> <p>None of the 9 apps had rate limiting in front of their expensive endpoints. Not on AI generation. Not on contact forms. Not on signup. Not on password reset.</p> <p>This matters in two flavors:</p> <ul> <li> <strong>Credit drain</strong>: the AI-generation endpoint on one app would gladly take a 50,000-character prompt and call GPT-4 on it. No cap on requests per user, no cap on input size. A single compromised account runs up a $500 bill overnight.</li> <li> <strong>Signup / spam flood</strong>: one app had open signup with no captcha and no rate limit. Combined with the <code>USING (true)</code> RLS issue, that means an attacker can spin up 10,000 fake accounts and each one gets read access to all the real users' data.</li> </ul> <p><strong>Fix</strong> (Supabase edge functions):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">Ratelimit</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@upstash/ratelimit</span><span class="dl">"</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">ratelimit</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Ratelimit</span><span class="p">({</span> <span class="na">redis</span><span class="p">:</span> <span class="p">...,</span> <span class="na">limiter</span><span class="p">:</span> <span class="nx">Ratelimit</span><span class="p">.</span><span class="nf">slidingWindow</span><span class="p">(</span><span class="mi">10</span><span class="p">,</span> <span class="dl">"</span><span class="s2">1 m</span><span class="dl">"</span><span class="p">),</span> <span class="p">});</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">success</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">ratelimit</span><span class="p">.</span><span class="nf">limit</span><span class="p">(</span><span class="nx">userId</span> <span class="o">??</span> <span class="nx">ip</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">success</span><span class="p">)</span> <span class="k">return</span> <span class="k">new</span> <span class="nc">Response</span><span class="p">(</span><span class="dl">"</span><span class="s2">rate limited</span><span class="dl">"</span><span class="p">,</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="mi">429</span> <span class="p">});</span> </code></pre> </div> <p>For signup, Supabase has a native rate-limit toggle in Auth → Policies. <strong>Turn it on.</strong> Also enable Turnstile / hCaptcha — <code>supabase-js</code> supports it natively now on <code>signUp</code>.</p> <h2> 4. CORS wide open — <code>Access-Control-Allow-Origin: *</code> </h2> <p>Hit rate: <strong>9 / 9 codebases.</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">corsHeaders</span> <span class="o">=</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">Access-Control-Allow-Origin</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">*</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">Access-Control-Allow-Headers</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">authorization, x-client-info, apikey, content-type</span><span class="dl">"</span><span class="p">,</span> <span class="p">};</span> </code></pre> </div> <p>Every AI coding assistant ships this snippet as the default. On its own, on a public static endpoint, fine. But when you have:</p> <ul> <li> <code>CORS: *</code> +</li> <li>An authenticated edge function that accepts the <code>Authorization</code> header +</li> <li>A logged-in user visiting a malicious page —</li> </ul> <p>…then the malicious page can trigger authenticated calls on behalf of the user. They browse to <code>funny-cat-memes.xyz</code>; in the background their browser fires a DM delete, a subscription upgrade, an AI-credit burn against your app.</p> <p><strong>Fix</strong>: replace <code>*</code> with your app's actual origin (or an allow-list):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">ALLOWED</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Set</span><span class="p">([</span> <span class="dl">"</span><span class="s2">https://myapp.com</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">https://myapp.vercel.app</span><span class="dl">"</span><span class="p">,</span> <span class="p">]);</span> <span class="kd">const</span> <span class="nx">origin</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">headers</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">Origin</span><span class="dl">"</span><span class="p">)</span> <span class="o">??</span> <span class="dl">""</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">corsHeaders</span> <span class="o">=</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">Access-Control-Allow-Origin</span><span class="dl">"</span><span class="p">:</span> <span class="nx">ALLOWED</span><span class="p">.</span><span class="nf">has</span><span class="p">(</span><span class="nx">origin</span><span class="p">)</span> <span class="p">?</span> <span class="nx">origin</span> <span class="p">:</span> <span class="dl">"</span><span class="s2">null</span><span class="dl">"</span><span class="p">,</span> <span class="p">...</span> <span class="p">};</span> </code></pre> </div> <h2> 5. Race conditions on balance / credits / usage counters </h2> <p>Hit rate: <strong>6 / 9 codebases</strong> (but 100% of codebases that had any billing / free-tier concept).</p> <p>Classic pattern:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="p">{</span> <span class="na">data</span><span class="p">:</span> <span class="nx">usage</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">supabase</span> <span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="dl">"</span><span class="s2">usage_tracking</span><span class="dl">"</span><span class="p">)</span> <span class="p">.</span><span class="nf">select</span><span class="p">(</span><span class="dl">"</span><span class="s2">generation_count</span><span class="dl">"</span><span class="p">)</span> <span class="p">.</span><span class="nf">eq</span><span class="p">(</span><span class="dl">"</span><span class="s2">user_id</span><span class="dl">"</span><span class="p">,</span> <span class="nx">userId</span><span class="p">)</span> <span class="p">.</span><span class="nf">single</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="nx">usage</span><span class="p">.</span><span class="nx">generation_count</span> <span class="o">&gt;=</span> <span class="mi">5</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="k">new</span> <span class="nc">Response</span><span class="p">(</span><span class="dl">"</span><span class="s2">quota exceeded</span><span class="dl">"</span><span class="p">,</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="mi">429</span> <span class="p">});</span> <span class="p">}</span> <span class="c1">// ... do the expensive AI call ...</span> <span class="k">await</span> <span class="nx">supabase</span> <span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="dl">"</span><span class="s2">usage_tracking</span><span class="dl">"</span><span class="p">)</span> <span class="p">.</span><span class="nf">update</span><span class="p">({</span> <span class="na">generation_count</span><span class="p">:</span> <span class="nx">usage</span><span class="p">.</span><span class="nx">generation_count</span> <span class="o">+</span> <span class="mi">1</span> <span class="p">})</span> <span class="p">.</span><span class="nf">eq</span><span class="p">(</span><span class="dl">"</span><span class="s2">user_id</span><span class="dl">"</span><span class="p">,</span> <span class="nx">userId</span><span class="p">);</span> </code></pre> </div> <p>A user fires 10 requests simultaneously. All 10 read <code>generation_count = 0</code>. All 10 pass the <code>&lt; 5</code> check. All 10 increment. The user got 10 free AI calls on your dime.</p> <p>Same pattern shows up on:</p> <ul> <li>Inventory decrements (oversell — sold 10 units, only had 5)</li> <li>Balance transfers (fire 5 parallel withdrawals of $100 from a $100 account)</li> <li>Discount code usage (single-use code used 20 times)</li> </ul> <p><strong>Fix</strong>: do the check-and-increment <strong>atomically</strong> in one SQL statement:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">UPDATE</span> <span class="n">usage_tracking</span> <span class="k">SET</span> <span class="n">generation_count</span> <span class="o">=</span> <span class="n">generation_count</span> <span class="o">+</span> <span class="mi">1</span> <span class="k">WHERE</span> <span class="n">user_id</span> <span class="o">=</span> <span class="err">$</span><span class="mi">1</span> <span class="k">AND</span> <span class="n">generation_count</span> <span class="o">&lt;</span> <span class="mi">5</span> <span class="n">RETURNING</span> <span class="n">generation_count</span><span class="p">;</span> </code></pre> </div> <p>If the row isn't updated (no rows returned), the user hit their cap. Either use a Postgres function like this called via <code>rpc()</code>, or an <code>UPDATE ... WHERE</code> guard in the edge function. Don't do the check and the update as separate operations.</p> <h2> Why this matters </h2> <p>Each of these issues is not a theoretical risk. On <strong>every</strong> codebase I audited, at least one of these was exploitable by anyone on the internet today — no special tools, no privileged access. A curious user with a browser console can:</p> <ul> <li>Read all other users' records (pattern 1)</li> <li>Upgrade their own account to a paid tier without paying (pattern 2)</li> <li>Drain your AI credits in an afternoon (pattern 3)</li> <li>Get other users to unknowingly perform actions (pattern 4)</li> <li>Bypass every usage limit you've tried to enforce (pattern 5)</li> </ul> <p>If you're shipping AI-coded apps, these five are the first pass. They take 2-4 hours to fix if you know what you're looking for.</p> <p>If you want the list for <em>your</em> codebase specifically — which findings, which files, which lines, with copy-paste fixes for each — that's <a href="https://systag.gumroad.com/l/vibescan" rel="noopener noreferrer">what VibeScan does</a>. $49, runs on a public GitHub repo, PDF report back in the hour. Most first-time scans on a Lovable/Bolt/v0/Cursor app come back with 1 critical + 5-10 high severity findings, roughly half of which are the patterns above.</p> <p>Either way: if one of these five rang a bell, go check that code before you close this tab.</p> security webdev supabase ai Your First Supabase RLS Policy, Without Exposing Your Whole Database SystAgProject Sun, 19 Apr 2026 23:35:43 +0000 https://dev.to/systagproject/your-first-supabase-rls-policy-without-exposing-your-whole-database-4jam https://dev.to/systagproject/your-first-supabase-rls-policy-without-exposing-your-whole-database-4jam <p>Every week I audit a handful of AI-generated apps (<a href="https://systag.gumroad.com/l/vibescan" rel="noopener noreferrer">VibeScan</a> is the service behind this). The single most common "how is this in production" finding is a broken Row Level Security policy. Usually it's one of:</p> <ul> <li>RLS is disabled and the table is just public</li> <li>RLS is enabled but every policy is <code>USING (true)</code> — so it's <em>still</em> public, it just looks secure</li> <li>The policy scopes reads correctly, but the UPDATE policy lets users rewrite their own <code>role = 'admin'</code> column</li> </ul> <p>This post is the RLS primer I wish I could hand to every Lovable / Bolt / v0 user on day one. By the end you'll have a correct policy for a "notes" table where each user sees only their own rows, you'll know how to verify it, and you'll recognize the three patterns that break it.</p> <h2> The model </h2> <p>You have a <code>notes</code> table. Each row belongs to one user. Your app should let a signed-in user:</p> <ol> <li>Read only their own notes</li> <li>Create new notes <em>for themselves</em> </li> <li>Edit / delete only their own notes</li> </ol> <p>Nobody should be able to read, create for, edit, or delete anyone else's notes. Not even anonymous users. Not even signed-in users who know how to open DevTools.</p> <p>Here's the schema:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="k">TABLE</span> <span class="k">public</span><span class="p">.</span><span class="n">notes</span> <span class="p">(</span> <span class="n">id</span> <span class="n">uuid</span> <span class="k">PRIMARY</span> <span class="k">KEY</span> <span class="k">DEFAULT</span> <span class="n">gen_random_uuid</span><span class="p">(),</span> <span class="n">user_id</span> <span class="n">uuid</span> <span class="k">NOT</span> <span class="k">NULL</span> <span class="k">REFERENCES</span> <span class="n">auth</span><span class="p">.</span><span class="n">users</span><span class="p">(</span><span class="n">id</span><span class="p">)</span> <span class="k">ON</span> <span class="k">DELETE</span> <span class="k">CASCADE</span><span class="p">,</span> <span class="n">body</span> <span class="nb">text</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="n">created_at</span> <span class="n">timestamptz</span> <span class="k">NOT</span> <span class="k">NULL</span> <span class="k">DEFAULT</span> <span class="n">now</span><span class="p">()</span> <span class="p">);</span> </code></pre> </div> <h2> Step 1 — turn RLS on </h2> <p>RLS is off by default. Turn it on explicitly:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">ALTER</span> <span class="k">TABLE</span> <span class="k">public</span><span class="p">.</span><span class="n">notes</span> <span class="n">ENABLE</span> <span class="k">ROW</span> <span class="k">LEVEL</span> <span class="k">SECURITY</span><span class="p">;</span> </code></pre> </div> <p>The moment you run this, <em>all</em> queries against the table return zero rows — for every user, including <code>authenticated</code>. RLS is deny-by-default; you add policies to carve out what each role can do.</p> <p>This is a good thing. If you turn RLS on and your app breaks, you now know exactly which tables need policies.</p> <h2> Step 2 — the four policies </h2> <p>One policy per CRUD verb. Each scopes the rows a user can touch.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="c1">-- READ: a user sees only their own notes.</span> <span class="k">CREATE</span> <span class="n">POLICY</span> <span class="nv">"notes_select_own"</span> <span class="k">ON</span> <span class="k">public</span><span class="p">.</span><span class="n">notes</span> <span class="k">FOR</span> <span class="k">SELECT</span> <span class="k">TO</span> <span class="n">authenticated</span> <span class="k">USING</span> <span class="p">(</span><span class="n">user_id</span> <span class="o">=</span> <span class="n">auth</span><span class="p">.</span><span class="n">uid</span><span class="p">());</span> <span class="c1">-- INSERT: a user can only create rows under their own user_id.</span> <span class="k">CREATE</span> <span class="n">POLICY</span> <span class="nv">"notes_insert_own"</span> <span class="k">ON</span> <span class="k">public</span><span class="p">.</span><span class="n">notes</span> <span class="k">FOR</span> <span class="k">INSERT</span> <span class="k">TO</span> <span class="n">authenticated</span> <span class="k">WITH</span> <span class="k">CHECK</span> <span class="p">(</span><span class="n">user_id</span> <span class="o">=</span> <span class="n">auth</span><span class="p">.</span><span class="n">uid</span><span class="p">());</span> <span class="c1">-- UPDATE: a user can edit only their own notes, and can't change the owner.</span> <span class="k">CREATE</span> <span class="n">POLICY</span> <span class="nv">"notes_update_own"</span> <span class="k">ON</span> <span class="k">public</span><span class="p">.</span><span class="n">notes</span> <span class="k">FOR</span> <span class="k">UPDATE</span> <span class="k">TO</span> <span class="n">authenticated</span> <span class="k">USING</span> <span class="p">(</span><span class="n">user_id</span> <span class="o">=</span> <span class="n">auth</span><span class="p">.</span><span class="n">uid</span><span class="p">())</span> <span class="k">WITH</span> <span class="k">CHECK</span> <span class="p">(</span><span class="n">user_id</span> <span class="o">=</span> <span class="n">auth</span><span class="p">.</span><span class="n">uid</span><span class="p">());</span> <span class="c1">-- DELETE: a user can delete only their own notes.</span> <span class="k">CREATE</span> <span class="n">POLICY</span> <span class="nv">"notes_delete_own"</span> <span class="k">ON</span> <span class="k">public</span><span class="p">.</span><span class="n">notes</span> <span class="k">FOR</span> <span class="k">DELETE</span> <span class="k">TO</span> <span class="n">authenticated</span> <span class="k">USING</span> <span class="p">(</span><span class="n">user_id</span> <span class="o">=</span> <span class="n">auth</span><span class="p">.</span><span class="n">uid</span><span class="p">());</span> </code></pre> </div> <p>The difference between <code>USING</code> and <code>WITH CHECK</code> is the subtle part:</p> <ul> <li> <code>USING</code> filters rows you can <em>see</em> for the operation (the "before" predicate).</li> <li> <code>WITH CHECK</code> validates rows you're trying to <em>write</em> (the "after" predicate).</li> </ul> <p>On UPDATE you need both: <code>USING</code> to decide which rows you can target, <code>WITH CHECK</code> to stop you from flipping <code>user_id</code> to someone else's uid mid-update.</p> <h2> Step 3 — verify the policy actually works </h2> <p>Writing policies is easy. Verifying them is the step most people skip. Supabase ships <code>set role</code> — use it.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="c1">-- Pretend to be user A and insert a row</span> <span class="k">SET</span> <span class="k">LOCAL</span> <span class="k">ROLE</span> <span class="n">authenticated</span><span class="p">;</span> <span class="k">SET</span> <span class="k">LOCAL</span> <span class="nv">"request.jwt.claims"</span> <span class="o">=</span> <span class="s1">'{"sub": "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa", "role": "authenticated"}'</span><span class="p">;</span> <span class="k">INSERT</span> <span class="k">INTO</span> <span class="k">public</span><span class="p">.</span><span class="n">notes</span> <span class="p">(</span><span class="n">user_id</span><span class="p">,</span> <span class="n">body</span><span class="p">)</span> <span class="k">VALUES</span> <span class="p">(</span><span class="s1">'aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa'</span><span class="p">,</span> <span class="s1">'hello from A'</span><span class="p">);</span> <span class="c1">-- ✅ succeeds</span> <span class="k">INSERT</span> <span class="k">INTO</span> <span class="k">public</span><span class="p">.</span><span class="n">notes</span> <span class="p">(</span><span class="n">user_id</span><span class="p">,</span> <span class="n">body</span><span class="p">)</span> <span class="k">VALUES</span> <span class="p">(</span><span class="s1">'bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb'</span><span class="p">,</span> <span class="s1">'malicious row for B'</span><span class="p">);</span> <span class="c1">-- ❌ fails with: "new row violates row-level security policy"</span> <span class="k">SELECT</span> <span class="o">*</span> <span class="k">FROM</span> <span class="k">public</span><span class="p">.</span><span class="n">notes</span><span class="p">;</span> <span class="c1">-- returns only A's rows, not B's</span> </code></pre> </div> <p>If you skip verification, you're trusting your mental model. The mental model is wrong more often than you'd think.</p> <h2> The three patterns I keep seeing break </h2> <h3> ❌ 1. <code>USING (true)</code> — "looks like RLS, isn't RLS" </h3> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="n">POLICY</span> <span class="nv">"authenticated users can read"</span> <span class="k">ON</span> <span class="k">public</span><span class="p">.</span><span class="n">notes</span> <span class="k">FOR</span> <span class="k">SELECT</span> <span class="k">TO</span> <span class="n">authenticated</span> <span class="k">USING</span> <span class="p">(</span><span class="k">true</span><span class="p">);</span> </code></pre> </div> <p>This is RLS-in-name-only. It lets every signed-in user read every row. If your app has open signup, every visitor can sign up with a throwaway email and read every other user's data.</p> <p><strong>Fix</strong>: <code>USING (user_id = auth.uid())</code>.</p> <h3> ❌ 2. UPDATE policy without <code>WITH CHECK</code> </h3> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="n">POLICY</span> <span class="nv">"notes_update_own"</span> <span class="k">ON</span> <span class="k">public</span><span class="p">.</span><span class="n">notes</span> <span class="k">FOR</span> <span class="k">UPDATE</span> <span class="k">TO</span> <span class="n">authenticated</span> <span class="k">USING</span> <span class="p">(</span><span class="n">user_id</span> <span class="o">=</span> <span class="n">auth</span><span class="p">.</span><span class="n">uid</span><span class="p">());</span> <span class="c1">-- no WITH CHECK</span> </code></pre> </div> <p>The user can update their own row (<code>USING</code> passes), and inside that update flip <code>user_id</code> to another user's id. Now that note belongs to someone else.</p> <p>Same pattern bites harder on a <code>profiles</code> table that has a <code>role</code> or <code>subscription_tier</code> column. The user can UPDATE their own profile and set <code>role = 'admin'</code>.</p> <p><strong>Fix</strong>: add <code>WITH CHECK (user_id = auth.uid())</code>. On sensitive columns like <code>role</code> or <code>subscription_tier</code>, go further — split them into a separate table that only <code>service_role</code> can write.</p> <h3> ❌ 3. Admin actions done from the client </h3> <p>The third pattern isn't an RLS mistake directly — it's a consequence of trying to get around RLS. Someone needs to be able to do something "admin-ish" (mark a payment as completed, promote a user), so they write a policy that lets any authenticated user do the write. Then everyone can.</p> <p><strong>Fix</strong>: keep the RLS policy strict, and move admin actions into a Supabase Edge Function that uses the <code>service_role</code> key. The <code>service_role</code> bypasses RLS by design — that's its job. Just make sure the function itself verifies the caller has the right permission before doing the write.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// edge function</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">createClient</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">npm:@supabase/supabase-js</span><span class="dl">"</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">supabase</span> <span class="o">=</span> <span class="nf">createClient</span><span class="p">(</span> <span class="nx">Deno</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">SUPABASE_URL</span><span class="dl">"</span><span class="p">)</span><span class="o">!</span><span class="p">,</span> <span class="nx">Deno</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">SUPABASE_SERVICE_ROLE_KEY</span><span class="dl">"</span><span class="p">)</span><span class="o">!</span> <span class="c1">// bypasses RLS</span> <span class="p">);</span> <span class="c1">// verify the caller is authenticated *and* has admin role</span> <span class="kd">const</span> <span class="nx">jwt</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">headers</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">Authorization</span><span class="dl">"</span><span class="p">)?.</span><span class="nf">replace</span><span class="p">(</span><span class="dl">"</span><span class="s2">Bearer </span><span class="dl">"</span><span class="p">,</span> <span class="dl">""</span><span class="p">);</span> <span class="kd">const</span> <span class="p">{</span> <span class="na">data</span><span class="p">:</span> <span class="p">{</span> <span class="nx">user</span> <span class="p">}</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">supabase</span><span class="p">.</span><span class="nx">auth</span><span class="p">.</span><span class="nf">getUser</span><span class="p">(</span><span class="nx">jwt</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">user</span><span class="p">)</span> <span class="k">return</span> <span class="k">new</span> <span class="nc">Response</span><span class="p">(</span><span class="dl">"</span><span class="s2">unauthorized</span><span class="dl">"</span><span class="p">,</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="mi">401</span> <span class="p">});</span> <span class="c1">// check user.app_metadata.role === "admin" or a user_roles table lookup</span> <span class="c1">// now you can do the write that regular authenticated users can't</span> <span class="k">await</span> <span class="nx">supabase</span><span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="dl">"</span><span class="s2">payments</span><span class="dl">"</span><span class="p">).</span><span class="nf">update</span><span class="p">({</span> <span class="na">status</span><span class="p">:</span> <span class="dl">"</span><span class="s2">completed</span><span class="dl">"</span> <span class="p">}).</span><span class="nf">eq</span><span class="p">(</span><span class="dl">"</span><span class="s2">id</span><span class="dl">"</span><span class="p">,</span> <span class="nx">paymentId</span><span class="p">);</span> </code></pre> </div> <h2> The 10-minute self-audit </h2> <p>Run this against your own Supabase project before you ship:</p> <ol> <li>For every public table, is RLS enabled? (<code>SELECT tablename FROM pg_tables WHERE schemaname = 'public'</code> and check each.)</li> <li>For every enabled table, are there policies for <code>SELECT / INSERT / UPDATE / DELETE</code>?</li> <li>Do any policies use <code>USING (true)</code> or <code>WITH CHECK (true)</code>?</li> <li>On every UPDATE policy, is there a <code>WITH CHECK</code> that prevents ownership / role flipping?</li> <li>Are there any columns on public-readable tables that shouldn't be readable (Stripe customer IDs, internal notes, moderator flags)? Columns with <code>SELECT</code> granted to <code>authenticated</code> are readable by <em>every</em> signed-in user whose policy match returns a row.</li> </ol> <p>If you want this done automatically on your full codebase — including the 40 other security patterns that show up in AI-generated apps — that's what I built <a href="https://systag.gumroad.com/l/vibescan" rel="noopener noreferrer">VibeScan</a> for. $49, runs on your public GitHub repo, PDF report with severity-graded findings and copy-paste fixes. Most Lovable / Bolt / v0 / Cursor-built apps come back with 1 critical + 5-10 high severity findings on first scan, and roughly half of them are RLS patterns like the ones above.</p> <p>Either way — if you've read this far and your app has a <code>USING (true)</code> policy somewhere, go fix it before you close this tab.</p> supabase security webdev tutorial The 12 Security Issues I Keep Finding in Vibe-Coded Apps (Lovable, Bolt, v0) SystAgProject Sun, 19 Apr 2026 22:12:29 +0000 https://dev.to/systagproject/the-12-security-issues-i-keep-finding-in-vibe-coded-apps-lovable-bolt-v0-786 https://dev.to/systagproject/the-12-security-issues-i-keep-finding-in-vibe-coded-apps-lovable-bolt-v0-786 <p>Over the last few weeks I've been running <a href="https://systag.gumroad.com/l/vibescan" rel="noopener noreferrer"><strong>VibeScan</strong></a> — a security audit tool for AI-generated codebases — against a small set of public Lovable / Bolt / v0 / Cursor apps. Same dozen issues keep surfacing.</p> <p>If you're shipping a vibe-coded SaaS, run through this list before launch. It'll take you 30 minutes and save you from the most common self-own patterns.</p> <h2> 1. Payment webhook has <code>verify_jwt = false</code> and no signature check </h2> <p><strong>What you'll find in your repo</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight toml"><code><span class="c"># supabase/config.toml</span> <span class="nn">[functions.payment-webhook]</span> <span class="py">verify_jwt</span> <span class="p">=</span> <span class="kc">false</span> </code></pre> </div> <p>And inside the function, no <code>stripe.webhooks.constructEvent(...)</code> before trusting the event body.</p> <p><strong>Why it matters.</strong> The endpoint is world-reachable. Anyone can <code>curl</code> it with a fake <code>"type": "checkout.session.completed"</code> body and flip a row in your <code>profiles</code> table. Free Pro tier for everyone on the internet.</p> <p><strong>Fix (one line-change + one env var)</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">event</span> <span class="o">=</span> <span class="nx">stripe</span><span class="p">.</span><span class="nx">webhooks</span><span class="p">.</span><span class="nf">constructEvent</span><span class="p">(</span><span class="nx">body</span><span class="p">,</span> <span class="nx">signatureHeader</span><span class="p">,</span> <span class="nx">Deno</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">STRIPE_WEBHOOK_SECRET</span><span class="dl">"</span><span class="p">));</span> </code></pre> </div> <h2> 2. RLS policies using <code>USING (true)</code> </h2> <p><strong>What you'll find</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="n">POLICY</span> <span class="nv">"authenticated users can read"</span> <span class="k">ON</span> <span class="k">public</span><span class="p">.</span><span class="n">cases</span> <span class="k">FOR</span> <span class="k">SELECT</span> <span class="k">TO</span> <span class="n">authenticated</span> <span class="k">USING</span> <span class="p">(</span><span class="k">true</span><span class="p">);</span> </code></pre> </div> <p>If <code>cases</code> is "any record" — not "my records" — then any signed-in user reads all the data. Open signup + <code>USING (true)</code> + RLS enabled = a fancy way to display your entire database to any visitor who clicks "Sign up".</p> <p><strong>Fix</strong>: scope by ownership.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">USING</span> <span class="p">(</span><span class="n">user_id</span> <span class="o">=</span> <span class="n">auth</span><span class="p">.</span><span class="n">uid</span><span class="p">())</span> </code></pre> </div> <p>Then make sure you actually set <code>user_id = auth.uid()</code> on INSERT with a <code>WITH CHECK</code> clause.</p> <h2> 3. API keys prefixed with <code>VITE_</code> — shipped to every browser </h2> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// src/components/ResumeUpload.tsx</span> <span class="kd">const</span> <span class="nx">key</span> <span class="o">=</span> <span class="k">import</span><span class="p">.</span><span class="nx">meta</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">VITE_GEMINI_API_KEY</span><span class="p">;</span> </code></pre> </div> <p>Anything with <code>VITE_</code> / <code>NEXT_PUBLIC_</code> / <code>REACT_APP_</code> is in the client bundle. Open DevTools → Network tab → find any request with the key in Authorization → paste it into Postman.</p> <p><strong>Fix</strong>: move the API call to a Supabase Edge Function (or Next.js server route) that holds the key server-side. The browser calls <em>your</em> endpoint; your endpoint calls the vendor.</p> <h2> 4. No rate limit on the expensive LLM endpoint </h2> <p>Your <code>generate-something</code> endpoint runs an Opus / GPT-4 call. It accepts an arbitrary-length prompt. There's no cap on requests per user.</p> <p>Someone writes a <code>while(true)</code> loop in the console. Your monthly AI bill is now $4k.</p> <p><strong>Fix</strong>: two lines with Upstash.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="p">{</span> <span class="nx">success</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">ratelimit</span><span class="p">.</span><span class="nf">limit</span><span class="p">(</span><span class="nx">userId</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">success</span><span class="p">)</span> <span class="k">return</span> <span class="k">new</span> <span class="nc">Response</span><span class="p">(</span><span class="dl">"</span><span class="s2">rate limited</span><span class="dl">"</span><span class="p">,</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="mi">429</span> <span class="p">});</span> </code></pre> </div> <h2> 5. Profile row created from the client </h2> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// After signUp({ email, password })</span> <span class="k">await</span> <span class="nx">supabase</span><span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="dl">"</span><span class="s2">profiles</span><span class="dl">"</span><span class="p">).</span><span class="nf">insert</span><span class="p">({</span> <span class="na">id</span><span class="p">:</span> <span class="nx">user</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span> <span class="nx">name</span><span class="p">,</span> <span class="na">role</span><span class="p">:</span> <span class="dl">"</span><span class="s2">user</span><span class="dl">"</span> <span class="p">});</span> </code></pre> </div> <p>The problem isn't the insert. It's that any signed-in user can do an UPDATE with <code>role = "admin"</code> if your RLS policy lets the user write to their own row and the <code>role</code> column isn't excluded.</p> <p><strong>Fix</strong>: move profile creation to a Postgres trigger on <code>auth.users</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="k">TRIGGER</span> <span class="n">handle_new_user</span> <span class="k">AFTER</span> <span class="k">INSERT</span> <span class="k">ON</span> <span class="n">auth</span><span class="p">.</span><span class="n">users</span> <span class="p">...</span> </code></pre> </div> <p>And restrict the <code>profiles.role</code> column from client UPDATEs.</p> <h2> 6. Subscription tier writable from the client </h2> <p>This is the evil cousin of #5. You have a <code>profiles.subscription_tier</code> column. Your RLS allows <code>UPDATE FOR authenticated USING (user_id = auth.uid())</code>. Any user opens console, runs:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">await</span> <span class="nx">supabase</span><span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="dl">"</span><span class="s2">profiles</span><span class="dl">"</span><span class="p">).</span><span class="nf">update</span><span class="p">({</span> <span class="na">subscription_tier</span><span class="p">:</span> <span class="dl">"</span><span class="s2">pro</span><span class="dl">"</span> <span class="p">}).</span><span class="nf">eq</span><span class="p">(</span><span class="dl">"</span><span class="s2">id</span><span class="dl">"</span><span class="p">,</span> <span class="nx">myId</span><span class="p">);</span> </code></pre> </div> <p>Done. Lifetime Pro access.</p> <p><strong>Fix</strong>: <code>subscription_tier</code> is a server-only column. Update it in a trigger that fires from your payment webhook, and revoke <code>UPDATE</code> on that column from the <code>authenticated</code> role:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">REVOKE</span> <span class="k">UPDATE</span><span class="p">(</span><span class="n">subscription_tier</span><span class="p">)</span> <span class="k">ON</span> <span class="n">profiles</span> <span class="k">FROM</span> <span class="n">authenticated</span><span class="p">;</span> </code></pre> </div> <h2> 7. Uploaded files readable by any logged-in user </h2> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="n">POLICY</span> <span class="nv">"read uploads"</span> <span class="k">ON</span> <span class="k">storage</span><span class="p">.</span><span class="n">objects</span> <span class="k">FOR</span> <span class="k">SELECT</span> <span class="k">TO</span> <span class="n">authenticated</span> <span class="k">USING</span> <span class="p">(</span><span class="n">bucket_id</span> <span class="o">=</span> <span class="s1">'case-files'</span><span class="p">);</span> </code></pre> </div> <p>Anyone who signs up can download every file in the bucket. Particularly painful when the bucket has resumes, medical records, or passport scans.</p> <p><strong>Fix</strong>: encode the user ID in the path and check it in the policy.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">USING</span> <span class="p">(</span><span class="n">bucket_id</span> <span class="o">=</span> <span class="s1">'case-files'</span> <span class="k">AND</span> <span class="n">auth</span><span class="p">.</span><span class="n">uid</span><span class="p">()::</span><span class="nb">text</span> <span class="o">=</span> <span class="p">(</span><span class="k">storage</span><span class="p">.</span><span class="n">foldername</span><span class="p">(</span><span class="n">name</span><span class="p">))[</span><span class="mi">1</span><span class="p">])</span> </code></pre> </div> <h2> 8. Hardcoded <code>SUPABASE_URL</code> + anon key as fallbacks </h2> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">SUPABASE_URL</span> <span class="o">=</span> <span class="k">import</span><span class="p">.</span><span class="nx">meta</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">VITE_SUPABASE_URL</span> <span class="o">??</span> <span class="dl">"</span><span class="s2">https://abc123.supabase.co</span><span class="dl">"</span><span class="p">;</span> </code></pre> </div> <p>The anon key is <em>technically</em> public (it's designed to be shipped to browsers). But hardcoding it means:</p> <ul> <li>You can't rotate without shipping a new build.</li> <li>You can't use the same codebase for staging / prod.</li> <li>If someone ever adds the <strong>service_role</strong> key by mistake under the same pattern, it's game over.</li> </ul> <p><strong>Fix</strong>: <code>throw new Error("missing env var")</code> at build time if the var is missing. No fallback.</p> <h2> 9. Weak password policy </h2> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code><span class="p">&lt;</span><span class="nt">input</span> <span class="na">type</span><span class="p">=</span><span class="s">"password"</span> <span class="na">minLength</span><span class="p">=</span><span class="si">{</span><span class="mi">6</span><span class="si">}</span> <span class="p">/&gt;</span> </code></pre> </div> <p>Six characters is brute-forceable in under a second.</p> <p><strong>Fix</strong>: <code>minLength={10}</code> on the input, <em>and</em> enforce a floor in Supabase Auth settings → Policies → Password requirements. Also turn on the "leaked password check".</p> <h2> 10. CORS wide open on server actions </h2> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">corsHeaders</span> <span class="o">=</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">Access-Control-Allow-Origin</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">*</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">Access-Control-Allow-Methods</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">POST, OPTIONS</span><span class="dl">"</span><span class="p">,</span> <span class="p">};</span> </code></pre> </div> <p><code>*</code> is correct for static public endpoints. It's not correct for an endpoint that returns user-specific data or does a sensitive action on a cookie-authenticated session. Any site the victim visits can <code>fetch()</code> your API with their creds attached.</p> <p><strong>Fix</strong>: echo the <code>Origin</code> header back only if it matches an allowlist. Or just hardcode your app's domain.</p> <h2> 11. No input validation on write endpoints </h2> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="p">{</span> <span class="nx">topic</span><span class="p">,</span> <span class="nx">keyMessage</span><span class="p">,</span> <span class="nx">audience</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">req</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="c1">// straight into the LLM prompt</span> </code></pre> </div> <p>No <code>zod.parse(...)</code>. No length cap. Someone sends a 500 KB prompt. Your model call burns $3 and times out. Multiply by 10k loops.</p> <p><strong>Fix</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">schema</span> <span class="o">=</span> <span class="nx">z</span><span class="p">.</span><span class="nf">object</span><span class="p">({</span> <span class="na">topic</span><span class="p">:</span> <span class="nx">z</span><span class="p">.</span><span class="nf">string</span><span class="p">().</span><span class="nf">max</span><span class="p">(</span><span class="mi">500</span><span class="p">),</span> <span class="na">keyMessage</span><span class="p">:</span> <span class="nx">z</span><span class="p">.</span><span class="nf">string</span><span class="p">().</span><span class="nf">max</span><span class="p">(</span><span class="mi">500</span><span class="p">),</span> <span class="na">audience</span><span class="p">:</span> <span class="nx">z</span><span class="p">.</span><span class="nf">string</span><span class="p">().</span><span class="nf">max</span><span class="p">(</span><span class="mi">100</span><span class="p">),</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">parsed</span> <span class="o">=</span> <span class="nx">schema</span><span class="p">.</span><span class="nf">parse</span><span class="p">(</span><span class="k">await</span> <span class="nx">req</span><span class="p">.</span><span class="nf">json</span><span class="p">());</span> </code></pre> </div> <h2> 12. Credits / balance updates that aren't atomic </h2> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="p">{</span> <span class="nx">credits</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">supabase</span><span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="dl">"</span><span class="s2">users</span><span class="dl">"</span><span class="p">).</span><span class="nf">select</span><span class="p">(</span><span class="dl">"</span><span class="s2">credits</span><span class="dl">"</span><span class="p">).</span><span class="nf">eq</span><span class="p">(</span><span class="dl">"</span><span class="s2">id</span><span class="dl">"</span><span class="p">,</span> <span class="nx">userId</span><span class="p">).</span><span class="nf">single</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="nx">credits</span> <span class="o">&gt;</span> <span class="mi">0</span><span class="p">)</span> <span class="p">{</span> <span class="k">await</span> <span class="nf">doTheExpensiveThing</span><span class="p">();</span> <span class="k">await</span> <span class="nx">supabase</span><span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="dl">"</span><span class="s2">users</span><span class="dl">"</span><span class="p">).</span><span class="nf">update</span><span class="p">({</span> <span class="na">credits</span><span class="p">:</span> <span class="nx">credits</span> <span class="o">-</span> <span class="mi">1</span> <span class="p">}).</span><span class="nf">eq</span><span class="p">(</span><span class="dl">"</span><span class="s2">id</span><span class="dl">"</span><span class="p">,</span> <span class="nx">userId</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>Classic race. User fires two parallel requests, both read <code>credits = 1</code>, both proceed, both decrement. One free call. In the worst case, it's 50 parallel calls for one credit.</p> <p><strong>Fix</strong>: atomic decrement in a single statement (or a Postgres function):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">UPDATE</span> <span class="n">users</span> <span class="k">SET</span> <span class="n">credits</span> <span class="o">=</span> <span class="n">credits</span> <span class="o">-</span> <span class="mi">1</span> <span class="k">WHERE</span> <span class="n">id</span> <span class="o">=</span> <span class="err">$</span><span class="mi">1</span> <span class="k">AND</span> <span class="n">credits</span> <span class="o">&gt;</span> <span class="mi">0</span> <span class="n">RETURNING</span> <span class="n">credits</span><span class="p">;</span> </code></pre> </div> <p>If the returned row is empty, reject the request.</p> <h2> How to check your own repo in 5 minutes </h2> <p>Manual approach: grep the repo for these patterns.</p> <ul> <li> <code>verify_jwt = false</code> in <code>supabase/config.toml</code> </li> <li> <code>USING (true)</code> in <code>*.sql</code> </li> <li> <code>VITE_.*_KEY</code> / <code>NEXT_PUBLIC_.*_KEY</code> / <code>REACT_APP_.*_KEY</code> in source</li> <li> <code>minLength={6}</code> in auth forms</li> <li> <code>Access-Control-Allow-Origin: *</code> in server functions</li> <li> <code>corsHeaders</code> without an allowlist</li> </ul> <p>If you want a cleaner version of the above as a per-repo PDF with every finding graded and a copy-paste fix for each, that's what <a href="https://systag.gumroad.com/l/vibescan" rel="noopener noreferrer">VibeScan</a> is. It clones your repo, runs a multi-batch audit with Claude Opus 4.7, and spits out a severity-graded report. $49 one-time. Typical finding count for a 3-month-old vibe-coded app is 6-15 issues, 1-2 of them critical.</p> <p>If you want me to run it on your repo for free in exchange for feedback, reply to me on <a href="https://x.com" rel="noopener noreferrer">Twitter/X</a> or send me the repo URL.</p> <p>Stay safe out there.</p> security webdev ai supabase I ran a security audit on my own Python codebase with an LLM for $0.90. Here is what it found. SystAgProject Sun, 19 Apr 2026 21:35:06 +0000 https://dev.to/systagproject/i-ran-a-security-audit-on-my-own-python-codebase-with-an-llm-for-090-here-is-what-it-found-151c https://dev.to/systagproject/i-ran-a-security-audit-on-my-own-python-codebase-with-an-llm-for-090-here-is-what-it-found-151c <p>Last week I shipped a small product called VibeScan — a 49-dollar PDF security audit for apps built with Lovable / Bolt / Cursor / Replit / v0. Before I asked anyone to pay for it, I ran it on my own codebase as a smoke test.</p> <p>124 scannable Python files, 4 LLM batches, 22 seconds total wall time. Audit cost: $0.90 of Opus 4.7 with prompt caching. Output: 0 critical findings, 1 high, 2 medium. One of the findings was a real bug I fixed the same hour. The other two were legitimate risk flags I had not thought about.</p> <p>Here is the full report, with context on each finding.</p> <h2> [HIGH] Subprocess stdout/stderr written to the ledger without size cap </h2> <p>Location: — the function that spawns every scheduled job.</p> <blockquote> <p>A runaway script that prints megabytes of logs (for example a scraper dumping HTML) will push all of that into your SQLite ledger, potentially bloating the database and causing memory issues during capture. A single bad run could write hundreds of MB.</p> <p><strong>Fix</strong>: In , truncate stdout/stderr to the last ~10KB before returning (e.g., ) so oversized output cannot blow up the ledger or memory.</p> </blockquote> <h3> Why this matters </h3> <p>I was using Python subprocess.run with . That flag tells Python to hold the subprocess full stdout and stderr in memory until the child exits. Which is fine when a cron job prints 50 lines and exits. But if one of those jobs is a web scraper that dumps the HTML of every page it visits, or an ETL that prints a row per record processed on a million-row table, every byte of that output sits in the scheduler process RAM before being written to the SQLite ledger.</p> <p>I had never thought about it. The scheduler had run for weeks without hitting this because all the current jobs are well-behaved. But the next job anyone adds could be the one that dumps 500 MB on a bad day.</p> <p>The fix took four minutes: cap each stream at 50 KB before returning. If a security auditor had flagged this I would have paid $200. VibeScan cost $0.90 for the whole repo.</p> <h2> [MEDIUM] Gmail OAuth refresh token stored in plaintext </h2> <p>Location: line 30 — the function that loads Google OAuth credentials.</p> <blockquote> <p>The Gmail refresh token is saved as a plain JSON file on disk. Anyone who can read that file (backup, stolen laptop, server compromise) gains indefinite access to send and read email as the account owner — refresh tokens do not expire.</p> <p><strong>Fix</strong>: At minimum, ensure credentials/ is in .gitignore and file permissions are 0600; for stronger protection, encrypt the token at rest (for example via OS keyring or an encrypted env var) and document revocation via Google Account -&gt; Security -&gt; Third-party apps.</p> </blockquote> <p>Classic defense-in-depth issue. No immediate exploitation, but the kind of thing you kick yourself over if it ever leaks.</p> <h2> [MEDIUM] HTML email bodies stripped with naive regex </h2> <p>Location: line 215 — the function that normalizes inbound email.</p> <blockquote> <p>extract_plain_body uses a regex to strip HTML tags from inbound mail, which can leave script/style contents, encoded entities, or malformed markup in the plain text the classifier sees. If that text is later fed into an LLM prompt or surfaced to a user, attacker-crafted emails can smuggle content that was not visible as HTML.</p> </blockquote> <p>The inbound email pipeline feeds the plain text version into an LLM classifier (to route support emails). Because downstream is an LLM, this is a <strong>prompt injection surface</strong>. A sophisticated spammer who knows we route email via LLM can craft HTML with hidden content in style tags or HTML comments that appears empty to a human recipient but becomes visible instructions in the LLM input.</p> <p>Not exploited today. But it is the exact class of bug that becomes headline news in 18 months, and the fix is a 20-line swap to BeautifulSoup.</p> <h2> What this scan cost and what it missed </h2> <ul> <li> <strong>Input tokens</strong>: 176,364 with prompt caching across 4 batches</li> <li> <strong>Output tokens</strong>: 779</li> <li> <strong>Wall time</strong>: 22 seconds</li> <li> <strong>Direct infrastructure cost</strong>: $0.90</li> </ul> <p>Consultant equivalent would be 3-5 hours on a 124-file repo, billed $600-1500, producing a report that needs translation by an engineer to be actionable. The VibeScan report is in the language the buyer speaks and includes the exact line to change.</p> <h3> What the scan missed (honest limitations) </h3> <ol> <li> <strong>Business logic flaws</strong> like a checkout that trusts client-side prices.</li> <li> <strong>Concurrency issues</strong> in state updates (requires runtime tracing, not static read).</li> <li> <strong>Dependency vulnerabilities</strong> — we do not cross-reference package.json against CVE databases. Snyk does that better.</li> <li> <strong>Production infra</strong> — we scan the code, not deployed infrastructure.</li> </ol> <p>For a solo founder running an AI-coded app, the findings VibeScan catches are where the actual failures come from. For enterprise eng teams with dedicated security engineers, Snyk plus manual review plus threat modeling is the better playbook.</p> <h2> Try it on your own repo </h2> <p>If you shipped something with Lovable / Bolt / Cursor / Replit / v0 and you are about to take real money from real users — get a second set of eyes on the code first.</p> <p>$49, one-time, PDF in ~10 minutes: <a href="https://systag.gumroad.com/l/vibescan" rel="noopener noreferrer">systag.gumroad.com/l/vibescan</a></p> <p>First 10 readers of this post get it for free — DM me the repo URL and I will send the PDF back within the day.</p> security ai python showdev