ワンクリックで
sc-path-traversal
Path traversal and directory traversal detection — LFI, RFI, zip slip, and symlink attacks
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
メニュー
Path traversal and directory traversal detection — LFI, RFI, zip slip, and symlink attacks
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
SOC 職業分類に基づく
Comprehensive AI-powered security scanning suite with 48 skills covering OWASP Top 10, 7 language-specific deep scanners (Go, TypeScript, Python, PHP, Rust, Java, C#), supply chain analysis, infrastructure-as-code scanning, and 3000+ checklist items. Use when you need to run a security audit, find vulnerabilities, scan a PR for security issues, or perform a penetration test on a codebase.
C#/.NET-specific security deep scan
Go-specific security deep scan
Java/Kotlin-specific security deep scan
PHP-specific security deep scan
Python-specific security deep scan
| name | sc-path-traversal |
| description | Path traversal and directory traversal detection — LFI, RFI, zip slip, and symlink attacks |
| license | MIT |
| metadata | {"author":"ersinkoc","category":"security","version":"1.0.0"} |
Detects path traversal vulnerabilities where user-controlled input is used to construct file paths, enabling reading, writing, or deleting arbitrary files. Covers ../ traversal, null byte injection, URL-encoded bypasses, zip slip (archive extraction), and symlink attacks.
Called by sc-orchestrator during Phase 2. Runs against all detected languages.
"open(", "readFile(", "readFileSync(", "writeFile(",
"fs.read", "fs.write", "fs.unlink", "os.Open(", "os.ReadFile(",
"file_get_contents(", "fopen(", "include(", "require(",
"Path.Combine(", "Path.Join(", "filepath.Join(",
"os.path.join(", "path.join(", "path.resolve("
# VULNERABLE
filename = request.GET['file']
with open(f'/uploads/{filename}') as f: # ../../../etc/passwd
return f.read()
# SAFE: Validate resolved path
filename = request.GET['file']
filepath = os.path.realpath(os.path.join('/uploads', filename))
if not filepath.startswith('/uploads/'):
raise PermissionError()
with open(filepath) as f:
return f.read()
// VULNERABLE: path.join does NOT prevent traversal
const file = path.join(__dirname, 'uploads', req.params.filename);
// req.params.filename = "../../../etc/passwd" → traversal!
// SAFE: Resolve and verify
const base = path.resolve(__dirname, 'uploads');
const file = path.resolve(base, req.params.filename);
if (!file.startsWith(base + path.sep)) {
return res.status(403).send('Forbidden');
}
// VULNERABLE: Archive extraction without path validation
ZipEntry entry = zipInput.getNextEntry();
File file = new File(destDir, entry.getName()); // entry could be ../../evil.sh
Files.copy(zipInput, file.toPath());
// SAFE: Validate extracted path
File file = new File(destDir, entry.getName());
if (!file.getCanonicalPath().startsWith(destDir.getCanonicalPath() + File.separator)) {
throw new SecurityException("Zip slip detected: " + entry.getName());
}