بنقرة واحدة
sc-path-traversal
Path traversal and directory traversal detection — LFI, RFI, zip slip, and symlink attacks
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
القائمة
Path traversal and directory traversal detection — LFI, RFI, zip slip, and symlink attacks
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
استنادا إلى تصنيف SOC المهني
Comprehensive AI-powered security scanning suite with 48 skills covering OWASP Top 10, 7 language-specific deep scanners (Go, TypeScript, Python, PHP, Rust, Java, C#), supply chain analysis, infrastructure-as-code scanning, and 3000+ checklist items. Use when you need to run a security audit, find vulnerabilities, scan a PR for security issues, or perform a penetration test on a codebase.
C#/.NET-specific security deep scan
Go-specific security deep scan
Java/Kotlin-specific security deep scan
PHP-specific security deep scan
Python-specific security deep scan
| name | sc-path-traversal |
| description | Path traversal and directory traversal detection — LFI, RFI, zip slip, and symlink attacks |
| license | MIT |
| metadata | {"author":"ersinkoc","category":"security","version":"1.0.0"} |
Detects path traversal vulnerabilities where user-controlled input is used to construct file paths, enabling reading, writing, or deleting arbitrary files. Covers ../ traversal, null byte injection, URL-encoded bypasses, zip slip (archive extraction), and symlink attacks.
Called by sc-orchestrator during Phase 2. Runs against all detected languages.
"open(", "readFile(", "readFileSync(", "writeFile(",
"fs.read", "fs.write", "fs.unlink", "os.Open(", "os.ReadFile(",
"file_get_contents(", "fopen(", "include(", "require(",
"Path.Combine(", "Path.Join(", "filepath.Join(",
"os.path.join(", "path.join(", "path.resolve("
# VULNERABLE
filename = request.GET['file']
with open(f'/uploads/{filename}') as f: # ../../../etc/passwd
return f.read()
# SAFE: Validate resolved path
filename = request.GET['file']
filepath = os.path.realpath(os.path.join('/uploads', filename))
if not filepath.startswith('/uploads/'):
raise PermissionError()
with open(filepath) as f:
return f.read()
// VULNERABLE: path.join does NOT prevent traversal
const file = path.join(__dirname, 'uploads', req.params.filename);
// req.params.filename = "../../../etc/passwd" → traversal!
// SAFE: Resolve and verify
const base = path.resolve(__dirname, 'uploads');
const file = path.resolve(base, req.params.filename);
if (!file.startsWith(base + path.sep)) {
return res.status(403).send('Forbidden');
}
// VULNERABLE: Archive extraction without path validation
ZipEntry entry = zipInput.getNextEntry();
File file = new File(destDir, entry.getName()); // entry could be ../../evil.sh
Files.copy(zipInput, file.toPath());
// SAFE: Validate extracted path
File file = new File(destDir, entry.getName());
if (!file.getCanonicalPath().startsWith(destDir.getCanonicalPath() + File.separator)) {
throw new SecurityException("Zip slip detected: " + entry.getName());
}