بنقرة واحدة
sc-mass-assignment
Mass assignment and over-posting detection — unfiltered request body binding to data models
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
القائمة
Mass assignment and over-posting detection — unfiltered request body binding to data models
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
استنادا إلى تصنيف SOC المهني
| name | sc-mass-assignment |
| description | Mass assignment and over-posting detection — unfiltered request body binding to data models |
| license | MIT |
| metadata | {"author":"ersinkoc","category":"security","version":"1.0.0"} |
Detects mass assignment vulnerabilities where HTTP request body fields are bound directly to data models without field filtering, allowing attackers to set fields they should not have access to (e.g., isAdmin, role, price, verified). Covers framework-specific patterns across all major web frameworks.
Called by sc-orchestrator during Phase 2 when web frameworks with model binding are detected.
"req.body", "request.body", "request.POST", "request.data",
"@RequestBody", "[FromBody]", "$request->all()",
"Model.create(", "Model.update(", "Object.assign(",
"fillable", "guarded", "attr_accessible",
"ModelForm", "Serializer", "DTO"
Node.js/Express:
// VULNERABLE: Spread all body fields into create
app.post('/users', async (req, res) => {
const user = await User.create(req.body);
// If body = { name: "hacker", email: "...", role: "admin" }
// Attacker becomes admin!
});
// SAFE: Pick only allowed fields
app.post('/users', async (req, res) => {
const user = await User.create({
name: req.body.name,
email: req.body.email
});
});
Django:
# VULNERABLE: ModelForm without fields restriction
class UserForm(ModelForm):
class Meta:
model = User
fields = '__all__' # Includes is_staff, is_superuser!
# SAFE: Explicit field list
class UserForm(ModelForm):
class Meta:
model = User
fields = ['name', 'email', 'bio']
Laravel:
// VULNERABLE: No $fillable or $guarded
class User extends Model {
// All fields are mass-assignable!
}
$user = User::create($request->all());
// SAFE: Define fillable fields
class User extends Model {
protected $fillable = ['name', 'email'];
}
Spring Boot:
// VULNERABLE: Binding all request params to model
@PostMapping("/users")
public User createUser(@ModelAttribute User user) {
return userRepository.save(user);
}
// SAFE: Use DTO
@PostMapping("/users")
public User createUser(@RequestBody CreateUserDTO dto) {
User user = new User();
user.setName(dto.getName());
user.setEmail(dto.getEmail());
return userRepository.save(user);
}
ASP.NET:
// VULNERABLE: Binding all properties
[HttpPost]
public IActionResult Create([FromBody] User user) {
_context.Users.Add(user);
}
// SAFE: Use [Bind] attribute or DTO
[HttpPost]
public IActionResult Create([Bind("Name,Email")] User user) {
_context.Users.Add(user);
}
Comprehensive AI-powered security scanning suite with 48 skills covering OWASP Top 10, 7 language-specific deep scanners (Go, TypeScript, Python, PHP, Rust, Java, C#), supply chain analysis, infrastructure-as-code scanning, and 3000+ checklist items. Use when you need to run a security audit, find vulnerabilities, scan a PR for security issues, or perform a penetration test on a codebase.
C#/.NET-specific security deep scan
Go-specific security deep scan
Java/Kotlin-specific security deep scan
PHP-specific security deep scan
Python-specific security deep scan