بنقرة واحدة
sc-cors
CORS misconfiguration detection — wildcard origin, reflected origin, null origin, and credential leaks
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
القائمة
CORS misconfiguration detection — wildcard origin, reflected origin, null origin, and credential leaks
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
استنادا إلى تصنيف SOC المهني
| name | sc-cors |
| description | CORS misconfiguration detection — wildcard origin, reflected origin, null origin, and credential leaks |
| license | MIT |
| metadata | {"author":"ersinkoc","category":"security","version":"1.0.0"} |
Detects Cross-Origin Resource Sharing misconfigurations that allow unauthorized cross-origin access to sensitive APIs. Covers wildcard origins with credentials, reflected origin without validation, null origin allowance, overly permissive regex matching, and subdomain matching bypasses.
Called by sc-orchestrator during Phase 2 when HTTP APIs are detected.
"Access-Control-Allow-Origin", "cors(", "CORS(",
"allowOrigin", "allow_origin", "AllowOrigin",
"Access-Control-Allow-Credentials",
"corsOptions", "cors_allowed_origins"
1. Wildcard with Credentials:
// VULNERABLE: Wildcard + credentials (browsers block this but misconfiguration indicates intent)
app.use(cors({
origin: '*',
credentials: true // This combination is a security anti-pattern
}));
2. Reflected Origin:
// VULNERABLE: Reflects any origin
app.use((req, res, next) => {
res.setHeader('Access-Control-Allow-Origin', req.headers.origin);
res.setHeader('Access-Control-Allow-Credentials', 'true');
next();
});
// SAFE: Allowlist
const ALLOWED_ORIGINS = ['https://app.example.com', 'https://admin.example.com'];
app.use(cors({
origin: (origin, callback) => {
if (!origin || ALLOWED_ORIGINS.includes(origin)) {
callback(null, true);
} else {
callback(new Error('CORS not allowed'));
}
},
credentials: true
}));
3. Null Origin Allowed:
# VULNERABLE: Allows null origin (exploitable via sandboxed iframe)
CORS_ALLOWED_ORIGINS = ['null'] # Attackers can send Origin: null
4. Regex Bypass:
// VULNERABLE: Weak regex allows subdomain takeover attack
origin: /\.example\.com$/ // Matches evil-example.com too!
// SAFE: Anchor regex properly
origin: /^https:\/\/([a-z]+\.)?example\.com$/
** on static files is standard practicelocalhost origins in dev configComprehensive AI-powered security scanning suite with 48 skills covering OWASP Top 10, 7 language-specific deep scanners (Go, TypeScript, Python, PHP, Rust, Java, C#), supply chain analysis, infrastructure-as-code scanning, and 3000+ checklist items. Use when you need to run a security audit, find vulnerabilities, scan a PR for security issues, or perform a penetration test on a codebase.
C#/.NET-specific security deep scan
Go-specific security deep scan
Java/Kotlin-specific security deep scan
PHP-specific security deep scan
Python-specific security deep scan