• Stars
    star
    13,203
  • Rank 2,377 (Top 0.05 %)
  • Language
  • License
    Other
  • Created over 3 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

面向开发人员梳理的代码安全指南

代码安全指南

面向开发人员梳理的代码安全指南,旨在梳理API层面的风险点并提供详实可行的安全编码方案。

理念

基于DevSecOps理念,我们希望用开发者更易懂的方式阐述安全编码方案,引导从源头规避漏洞。

索引

规范 最后修订日期
C/C++安全指南 2021-05-18
JavaScript安全指南 2021-05-18
Node安全指南 2021-05-18
Go安全指南 2021-05-18
Java安全指南 2021-05-18
Python安全指南 2021-05-18

实践

代码安全指引可用于以下场景:

  • 开发人员日常参考
  • 编写安全系统扫描策略
  • 安全组件开发
  • 漏洞修复指引

贡献

盼与社区携手,一道维护完善。欢迎提交修订建议,详参阅贡献指南

授权许可

Secure Coding Guide by THL A29 Limited, a Tencent company, is licensed under CC BY 4.0.

More Repositories

1

weui

A UI library by WeChat official design team, includes the most useful widgets/modules in mobile web applications.
Less
27,140
star
2

wepy

小程序组件化开发框架
JavaScript
22,491
star
3

ncnn

ncnn is a high-performance neural network inference framework optimized for the mobile platform
C++
19,861
star
4

mars

Mars is a cross-platform network component developed by WeChat.
C++
17,294
star
5

tinker

Tinker is a hot-fix solution library for Android, it supports dex, library and resources update without reinstall apk.
Java
17,164
star
6

MMKV

An efficient, small mobile key-value storage framework developed by WeChat. Works on Android, iOS, macOS, Windows, and POSIX.
C++
17,138
star
7

APIJSON

🏆 实时 零代码、全功能、强安全 ORM 库 🚀 后端接口和文档零代码,前端(客户端) 定制返回 JSON 的数据和结构 🏆 Real-Time coding-free, powerful and secure ORM 🚀 providing APIs and Docs without coding by Backend, and the returned JSON of API can be customized by Frontend(Client) users
Java
17,052
star
8

vConsole

A lightweight, extendable front-end developer tool for mobile web page.
TypeScript
16,716
star
9

weui-wxss

A UI library by WeChat official design team, includes the most useful widgets/modules.
Less
15,070
star
10

QMUI_Android

提高 Android UI 开发效率的 UI 库
Java
14,423
star
11

rapidjson

A fast JSON parser/generator for C++ with both SAX/DOM style API
C++
14,163
star
12

omi

Web Components Framework - Web组件框架
TypeScript
13,048
star
13

VasSonic

VasSonic is a lightweight and high-performance Hybrid framework developed by tencent VAS team, which is intended to speed up the first screen of websites working on Android and iOS platform.
Java
11,801
star
14

matrix

Matrix is a plugin style, non-invasive APM system developed by WeChat.
Java
11,623
star
15

wcdb

WCDB is a cross-platform database framework developed by WeChat.
C
10,793
star
16

xLua

xLua is a lua programming solution for C# ( Unity, .Net, Mono) , it supports android, ios, windows, linux, osx, etc.
C
9,296
star
17

libco

libco is a coroutine library which is widely used in wechat back-end service. It has been running on tens of thousands of machines since 2013.
C++
8,223
star
18

Hippy

Hippy is designed to easily build cross-platform dynamic apps. 👏
C++
7,983
star
19

Shadow

零反射全动态Android插件框架
Java
7,382
star
20

QMUI_iOS

QMUI iOS——致力于提高项目 UI 开发效率的解决方案
Objective-C
7,084
star
21

lemon-cleaner

腾讯柠檬清理是针对macOS系统专属制定的清理工具。主要功能包括重复文件和相似照片的识别、软件的定制化垃圾扫描、可视化的全盘空间分析、内存释放、浏览器隐私清理以及设备实时状态的监控等。重点聚焦清理功能,对上百款软件提供定制化的清理方案,提供专业的清理建议,帮助用户轻松完成一键式清理。
Objective-C
5,421
star
22

MLeaksFinder

Find memory leaks in your iOS app at develop time.
Objective-C
5,419
star
23

libpag

The official rendering library for PAG (Portable Animated Graphics) files that renders After Effects animations natively across multiple platforms.
C++
4,943
star
24

puerts

PUER(普洱) Typescript. Let's write your game in UE or Unity with TypeScript.
C++
4,902
star
25

kbone

一个致力于微信小程序和 Web 端同构的解决方案
JavaScript
4,772
star
26

TNN

TNN: developed by Tencent Youtu Lab and Guangying Lab, a uniform deep learning inference framework for mobile、desktop and server. TNN is distinguished by several outstanding features, including its cross-platform capability, high performance, model compression and code pruning. Based on ncnn and Rapidnet, TNN further strengthens the support and performance optimization for mobile devices, and also draws on the advantages of good extensibility and high performance from existed open source efforts. TNN has been deployed in multiple Apps from Tencent, such as Mobile QQ, Weishi, Pitu, etc. Contributions are welcome to work in collaborative with us and make TNN a better framework.
C++
4,388
star
27

GT

GT (Great Tit) is a portable debugging tool for bug hunting and performance tuning on smartphones anytime and anywhere just as listening music with Walkman. GT can act as the Integrated Debug Environment by directly running on smartphones.
Java
4,387
star
28

westore

小程序项目分层架构
JavaScript
4,244
star
29

tmagic-editor

TypeScript
4,190
star
30

wujie

极致的微前端框架
TypeScript
4,023
star
31

vap

VAP是企鹅电竞开发,用于播放特效动画的实现方案。具有高压缩率、硬件解码等优点。同时支持 iOS,Android,Web 平台。
Objective-C
3,898
star
32

cherry-markdown

✨ A Markdown Editor
JavaScript
3,505
star
33

HunyuanDiT

Hunyuan-DiT : A Powerful Multi-Resolution Diffusion Transformer with Fine-Grained Chinese Understanding
Python
3,358
star
34

phxpaxos

The Paxos library implemented in C++ that has been used in the WeChat production environment.
C++
3,351
star
35

WeFlow

A web developer workflow tool by WeChat team based on tmt-workflow, with cross-platform supported and environment ready.
JavaScript
3,224
star
36

spring-cloud-tencent

Spring Cloud Tencent is a Spring Cloud based Service Governance Framework provided by Tencent.
Java
3,171
star
37

weui.js

A lightweight javascript library for WeUI.
JavaScript
3,167
star
38

tdesign

Enterprise Design System
Vue
3,156
star
39

VasDolly

Android V1 and V2 Signature Channel Package Plugin
Java
3,061
star
40

tencent-ml-images

Largest multi-label image database; ResNet-101 model; 80.73% top-1 acc on ImageNet
Python
3,050
star
41

Tendis

Tendis is a high-performance distributed storage system fully compatible with the Redis protocol.
C++
2,934
star
42

FaceDetection-DSFD

腾讯优图高精度双分支人脸检测器
Python
2,885
star
43

PhoenixGo

Go AI program which implements the AlphaGo Zero paper
C++
2,871
star
44

behaviac

behaviac is a framework of the game AI development, and it also can be used as a rapid game prototype design tool. behaviac supports the behavior tree, finite state machine and hierarchical task network(BT, FSM, HTN)
C#
2,829
star
45

PocketFlow

An Automatic Model Compression (AutoMC) framework for developing smaller and faster AI applications.
Python
2,783
star
46

MSEC

Mass Service Engine in Cluster(MSEC) is opened source by QQ team from Tencent. It is a backend DEV &OPS engine, including RPC,name finding,load balance,monitoring,release and capacity management.
Java
2,746
star
47

phxsql

A high availability MySQL cluster that guarantees data consistency between a master and slaves.
C++
2,470
star
48

OOMDetector

OOMDetector is a memory monitoring component for iOS which provides you with OOM monitoring, memory allocation monitoring, memory leak detection and other functions.
Objective-C++
2,315
star
49

tsf

coroutine and Swoole based php server framework in tencent
PHP
2,179
star
50

tmt-workflow

A web developer workflow used by WeChat team based on Gulp, with cross-platform supported and solutions prepared.
CSS
2,173
star
51

UnLua

A feature-rich, easy-learning and highly optimized Lua scripting plugin for UE.
C++
2,169
star
52

Hardcoder

Hardcoder is a solution which allows Android APP and Android System to communicate with each other directly, solving the problem that Android APP could only use system standard API rather than the hardware resource of system.
C++
2,155
star
53

LKImageKit

A high-performance image framework, including a series of capabilities such as image views, image downloader, memory caches, disk caches, image decoders and image processors.
Objective-C
2,082
star
54

GameAISDK

基于图像的游戏AI自动化框架
C++
2,030
star
55

TubeMQ

TubeMQ has been donated to the Apache Software Foundation and renamed to InLong, please visit the new Apache repository: https://github.com/apache/incubator-inlong
2,022
star
56

phxrpc

A simple C++ based RPC framework.
C++
1,974
star
57

TscanCode

A static code analyzer for C++, C#, Lua
C++
1,972
star
58

ObjectDetection-OneStageDet

单阶段通用目标检测器
Python
1,966
star
59

InjectFix

InjectFix is a hot-fix solution library for Unity
C#
1,961
star
60

cloudbase-framework

腾讯云开发云原生一体化部署工具 🚀 CloudBase Framework:一键部署,不限框架语言,云端一体化开发,基于Serverless 架构。A front-end and back-end integrated deployment tool. One-click deploy to serverless architecture. https://docs.cloudbase.net/framework/index
JavaScript
1,937
star
61

soter

A secure and quick biometric authentication standard and platform in Android held by Tencent.
Java
1,927
star
62

phxqueue

A high-availability, high-throughput and highly reliable distributed queue based on the Paxos algorithm.
C++
1,899
star
63

plato

腾讯高性能分布式图计算框架Plato
C++
1,895
star
64

MedicalNet

Many studies have shown that the performance on deep learning is significantly affected by volume of training data. The MedicalNet project provides a series of 3D-ResNet pre-trained models and relative code.
Python
1,888
star
65

NeuralNLP-NeuralClassifier

An Open-source Neural Hierarchical Multi-label Text Classification Toolkit
Python
1,834
star
66

TSW

Tencent Server Web
TypeScript
1,804
star
67

sluaunreal

lua dev plugin for unreal engine 4 or 5
C++
1,734
star
68

QMUI_Web

An efficient front-end framework for developers building UI on the web.
JavaScript
1,719
star
69

Metis

Metis is a learnware platform in the field of AIOps.
Python
1,690
star
70

Biny

Biny is a tiny, high-performance PHP framework for web applications
PHP
1,687
star
71

paxosstore

PaxosStore has been deployed in WeChat production for more than two years, providing storage services for the core businesses of WeChat backend. Now PaxosStore is running on thousands of machines, and is able to afford billions of peak TPS.
C++
1,675
star
72

CodeAnalysis

Static Code Analysis - 静态代码分析
Python
1,639
star
73

MimicMotion

High-Quality Human Motion Video Generation with Confidence-aware Pose Guidance
Python
1,475
star
74

TurboTransformers

a fast and user-friendly runtime for transformer inference (Bert, Albert, GPT2, Decoders, etc) on CPU and GPU.
C++
1,464
star
75

tdesign-vue-next

A Vue3.x UI components lib for TDesign.
TypeScript
1,434
star
76

nohost

基于 Whistle 实现的多账号多环境远程配置及抓包调试平台
JavaScript
1,423
star
77

TencentOS-kernel

腾讯针对云的场景研发的服务器操作系统
1,408
star
78

TBase

TBase is an enterprise-level distributed HTAP database. Through a single database cluster to provide users with highly consistent distributed database services and high-performance data warehouse services, a set of integrated enterprise-level solutions is formed.
C
1,383
star
79

WeDemo

WeDemo为微信团队开源项目,用于帮助微信开发者完成微信登录、微信分享等功能的接入和开发。开发者可参考源代码完成开发,也可以直接将代码应用到自己的App开发中,安全、便捷地在App中实现微信分享、微信登录功能。
Objective-C
1,374
star
80

feflow

🚀 A command line tool aims to improve front-end engineer workflow and standard, powered by TypeScript.
TypeScript
1,360
star
81

GAutomator

Automation for mobile games
Objective-C
1,331
star
82

flare

Flare是广泛投产于腾讯广告后台的现代化C++开发框架,包含了基础库、RPC、各种客户端等。主要特点为易用性强、长尾延迟低。
C++
1,308
star
83

TFace

A trusty face analysis research platform developed by Tencent Youtu Lab
Python
1,306
star
84

LuaPanda

lua debug and code tools for VS Code
Lua
1,235
star
85

FeatherCNN

FeatherCNN is a high performance inference engine for convolutional neural networks.
C++
1,208
star
86

tdesign-miniprogram

A Wechat MiniProgram UI components lib for TDesign.
HTML
1,204
star
87

tquic

A high-performance, lightweight, and cross-platform QUIC library
Rust
1,086
star
88

tgfx

A lightweight 2D graphics library for rendering texts, geometries, and images with high-performance APIs that work across various platforms.
C++
1,057
star
89

TencentPretrain

Tencent Pre-training framework in PyTorch & Pre-trained Model Zoo
Python
1,005
star
90

RapidView

RapidView is an android ui and lightapp development framework
Java
979
star
91

hel

A module federation SDK which is unrelated to tool chain for module consumer. 工具链无关的运行时模块联邦sdk.
JavaScript
959
star
92

TencentKona-8

Tencent Kona is a no-cost, production-ready distribution of the Open Java Development Kit (OpenJDK), Long-term support(LTS) with quarterly updates. Tencent Kona serves as the default JDK internally at Tencent Cloud for cloud computing and other Java applications.
Java
942
star
93

FAutoTest

A UI automated testing framework for H5 and applets
Python
932
star
94

tdesign-vue

A Vue.js UI components lib for TDesign.
TypeScript
909
star
95

Pebble

Pebble分布式开发框架
C++
866
star
96

mxflutter

使用 TypeScript/JavaScript 来开发 Flutter 应用的框架。
Dart
857
star
97

Face2FaceTranslator

面对面翻译小程序是微信团队针对面对面沟通的场景开发的流式语音翻译小程序,通过微信同声传译插件提供了语音识别,文本翻译等功能。
JavaScript
836
star
98

tdesign-react

A React UI components lib for TDesign.
TypeScript
821
star
99

LightDiffusionFlow

This extension is developed for AUTOMATIC1111's Stable Diffusion web UI that provides import/export options for parameters.
JavaScript
798
star
100

Real-SR

Real-World Super-Resolution via Kernel Estimation and Noise Injection
Python
769
star