analyze_wordpress_security

Analyze WordPress code for security vulnerabilities including OWASP Top 10 risks, SQL injection, and WordPress-specific security issues in plugins, themes, and core implementations.

Instructions

Comprehensive WordPress security analysis for plugins, themes, and core implementations with OWASP and WordPress-specific vulnerability detection

WORKFLOW: Perfect for understanding complex code, identifying issues, and technical debt assessment TIP: Use Desktop Commander to read files, then pass content here for analysis SAVES: Claude context for strategic decisions

Input Schema

TableJSON Schema

Name	Required	Description	Default
`analysisDepth`	No	Level of security analysis detail	detailed
`analysisType`	No	Type of security analysis to perform	comprehensive
`auditDatabaseQueries`	No	Audit database queries for SQL injection vulnerabilities
`checkCapabilities`	No	Analyze WordPress capability and role management
`code`	No	The WordPress code to analyze (for single-file analysis)
`filePath`	No	Path to single WordPress file to analyze
`files`	No	Array of specific file paths (for multi-file analysis)
`includeOwaspTop10`	No	Include OWASP Top 10 vulnerability checks
`maxDepth`	No	Maximum directory depth for multi-file discovery (1-5)
`projectPath`	No	Path to WordPress plugin/theme root (for multi-file analysis)
`wpType`	No	WordPress component type	plugin
`wpVersion`	No	Target WordPress version for compatibility checks	6.4

Implementation Reference

src/prompts/analyze/wordpress-security.ts:126-149 (handler)
Main handler function that detects analysis mode (single-file or multi-file), validates parameters, sets up the LLM model, and routes to the appropriate execution method.
async execute(params: any, llmClient: any) { return await withSecurity(this, params, llmClient, async (secureParams) => { try { // 1. Auto-detect analysis mode based on parameters const analysisMode = this.detectAnalysisMode(secureParams); // 2. Validate parameters based on detected mode this.validateParameters(secureParams, analysisMode); // 3. Setup model const { model, contextLength } = await ModelSetup.getReadyModel(llmClient); // 4. Route to appropriate analysis method if (analysisMode === 'single-file') { return await this.executeSingleFileAnalysis(secureParams, model, contextLength); } else { return await this.executeMultiFileAnalysis(secureParams, model, contextLength); } } catch (error: any) { return ErrorHandler.createExecutionError('analyze_wordpress_security', error); } }); }
src/prompts/analyze/wordpress-security.ts:36-116 (schema)
Input schema defining parameters for single-file and multi-file WordPress security analysis, including WordPress-specific options like wpType, analysisDepth, etc.
parameters = { // Single-file parameters code: { type: 'string' as const, description: 'The WordPress code to analyze (for single-file analysis)', required: false }, filePath: { type: 'string' as const, description: 'Path to single WordPress file to analyze', required: false }, // Multi-file parameters projectPath: { type: 'string' as const, description: 'Path to WordPress plugin/theme root (for multi-file analysis)', required: false }, files: { type: 'array' as const, description: 'Array of specific file paths (for multi-file analysis)', required: false, items: { type: 'string' as const } }, maxDepth: { type: 'number' as const, description: 'Maximum directory depth for multi-file discovery (1-5)', required: false, default: 3 }, // WordPress-specific parameters wpType: { type: 'string' as const, description: 'WordPress component type', enum: ['plugin', 'theme', 'core', 'mu-plugin', 'dropin'], default: 'plugin', required: false }, wpVersion: { type: 'string' as const, description: 'Target WordPress version for compatibility checks', required: false, default: '6.4' }, analysisDepth: { type: 'string' as const, description: 'Level of security analysis detail', enum: ['basic', 'detailed', 'comprehensive'], default: 'detailed', required: false }, analysisType: { type: 'string' as const, description: 'Type of security analysis to perform', enum: ['owasp', 'wordpress', 'comprehensive'], default: 'comprehensive', required: false }, // Security-specific parameters includeOwaspTop10: { type: 'boolean' as const, description: 'Include OWASP Top 10 vulnerability checks', default: true, required: false }, checkCapabilities: { type: 'boolean' as const, description: 'Analyze WordPress capability and role management', default: true, required: false }, auditDatabaseQueries: { type: 'boolean' as const, description: 'Audit database queries for SQL injection vulnerabilities', default: true, required: false } };
src/prompts/analyze/wordpress-security.ts:30-33 (registration)
Class definition and tool registration with name, category, and description.
export class WordPressSecurityAnalyzer extends BasePlugin implements IPromptPlugin { name = 'analyze_wordpress_security'; category = 'analyze' as const; description = 'Comprehensive WordPress security analysis for plugins, themes, and core implementations with OWASP and WordPress-specific vulnerability detection';
src/prompts/analyze/wordpress-security.ts:189-231 (helper)
Helper function for executing single-file WordPress security analysis, including file reading, prompt generation, and LLM execution with chunking.
private async executeSingleFileAnalysis(params: any, model: any, contextLength: number) { // Process single file input let codeToAnalyze = params.code; if (params.filePath) { codeToAnalyze = await readFileContent(params.filePath); } // Generate prompt stages for single file const promptStages = this.getSingleFilePromptStages({ ...params, code: codeToAnalyze }); // Execute with appropriate method const promptManager = new ThreeStagePromptManager(); const needsChunking = TokenCalculator.needsChunking(promptStages, contextLength); if (needsChunking) { const chunkSize = TokenCalculator.calculateOptimalChunkSize(promptStages, contextLength); const dataChunks = promptManager.chunkDataPayload(promptStages.dataPayload, chunkSize); const conversation = promptManager.createChunkedConversation(promptStages, dataChunks); const messages = [ conversation.systemMessage, ...conversation.dataMessages, conversation.analysisMessage ]; return await ResponseProcessor.executeChunked( messages, model, contextLength, 'analyze_wordpress_security', 'single' ); } else { return await ResponseProcessor.executeDirect( promptStages, model, contextLength, 'analyze_wordpress_security' ); } }
src/prompts/analyze/wordpress-security.ts:236-278 (helper)
Helper function for executing multi-file WordPress security analysis, including file discovery, cached analysis, and prompt-based synthesis.
private async executeMultiFileAnalysis(params: any, model: any, contextLength: number) { // Discover files let filesToAnalyze: string[] = params.files || await this.discoverRelevantFiles( params.projectPath, params.maxDepth, params.analysisType ); // Perform multi-file analysis with caching const analysisResult = await this.performMultiFileAnalysis( filesToAnalyze, params, model, contextLength ); // Generate prompt stages for multi-file const promptStages = this.getMultiFilePromptStages({ ...params, analysisResult, fileCount: filesToAnalyze.length }); // Always use chunking for multi-file const promptManager = new ThreeStagePromptManager(); const chunkSize = TokenCalculator.calculateOptimalChunkSize(promptStages, contextLength); const dataChunks = promptManager.chunkDataPayload(promptStages.dataPayload, chunkSize); const conversation = promptManager.createChunkedConversation(promptStages, dataChunks); const messages = [ conversation.systemMessage, ...conversation.dataMessages, conversation.analysisMessage ]; return await ResponseProcessor.executeChunked( messages, model, contextLength, 'analyze_wordpress_security', 'multifile' ); }

Houtini-lm