ワンクリックで
sc-rate-limiting
Missing rate limiting and application-level DoS vector detection — ReDoS, query complexity, resource exhaustion
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
メニュー
Missing rate limiting and application-level DoS vector detection — ReDoS, query complexity, resource exhaustion
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
SOC 職業分類に基づく
Comprehensive AI-powered security scanning suite with 48 skills covering OWASP Top 10, 7 language-specific deep scanners (Go, TypeScript, Python, PHP, Rust, Java, C#), supply chain analysis, infrastructure-as-code scanning, and 3000+ checklist items. Use when you need to run a security audit, find vulnerabilities, scan a PR for security issues, or perform a penetration test on a codebase.
C#/.NET-specific security deep scan
Go-specific security deep scan
Java/Kotlin-specific security deep scan
PHP-specific security deep scan
Python-specific security deep scan
| name | sc-rate-limiting |
| description | Missing rate limiting and application-level DoS vector detection — ReDoS, query complexity, resource exhaustion |
| license | MIT |
| metadata | {"author":"ersinkoc","category":"security","version":"1.0.0"} |
Detects missing rate limiting on sensitive endpoints and application-level denial-of-service vectors including ReDoS patterns, GraphQL complexity attacks, large payload attacks, pagination abuse, connection pool exhaustion, and resource-intensive operations without throttling.
Called by sc-orchestrator during Phase 2. Runs against all web applications and APIs.
"rateLimit", "rate_limit", "throttle", "RateLimiter",
"express-rate-limit", "slowapi", "throttle_classes",
"@Throttle", "bucket", "leaky", "sliding_window"
1. Missing Rate Limiting on Sensitive Endpoints:
2. ReDoS (Regular Expression Denial of Service):
// VULNERABLE: Catastrophic backtracking
const emailRegex = /^([a-zA-Z0-9_\.\-])+\@(([a-zA-Z0-9\-])+\.)+([a-zA-Z0-9]{2,4})+$/;
// Input: "aaaaaaaaaaaaaaaaaaaaaaaa!" causes exponential backtracking
// SAFE: Non-backtracking regex or use validator library
const { isEmail } = require('validator');
3. Pagination Abuse:
// VULNERABLE: No upper bound on limit
app.get('/api/users', (req, res) => {
const limit = parseInt(req.query.limit) || 10;
// limit=999999 returns entire database!
});
// SAFE: Cap the limit
const limit = Math.min(parseInt(req.query.limit) || 10, 100);
4. Request Size Limits:
// VULNERABLE: No body size limit
app.use(express.json()); // Default: 100kb, but should be explicitly set
// SAFE: Explicit limit
app.use(express.json({ limit: '1mb' }));