원클릭으로
sc-authz
Authorization flaw detection — IDOR, broken access control, horizontal and vertical privilege issues
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
메뉴
Authorization flaw detection — IDOR, broken access control, horizontal and vertical privilege issues
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
SOC 직업 분류 기준
Comprehensive AI-powered security scanning suite with 48 skills covering OWASP Top 10, 7 language-specific deep scanners (Go, TypeScript, Python, PHP, Rust, Java, C#), supply chain analysis, infrastructure-as-code scanning, and 3000+ checklist items. Use when you need to run a security audit, find vulnerabilities, scan a PR for security issues, or perform a penetration test on a codebase.
C#/.NET-specific security deep scan
Go-specific security deep scan
Java/Kotlin-specific security deep scan
PHP-specific security deep scan
Python-specific security deep scan
| name | sc-authz |
| description | Authorization flaw detection — IDOR, broken access control, horizontal and vertical privilege issues |
| license | MIT |
| metadata | {"author":"ersinkoc","category":"security","version":"1.0.0"} |
Detects authorization vulnerabilities where authenticated users can access resources belonging to other users (IDOR/horizontal escalation), access admin functions without proper role checks (vertical escalation), or bypass access control through parameter manipulation. Traces from route handler to data access to verify that ownership or role checks are enforced.
Called by sc-orchestrator during Phase 2. Runs against all web applications and APIs.
**/*controller*, **/*handler*, **/*route*, **/*endpoint*,
**/*service*, **/*repository*, **/*middleware*, **/*guard*,
**/*policy*, **/*permission*, **/*role*, **/*authorization*
# Direct object references
"params.id", "params.userId", "req.params", "request.args",
"$_GET['id']", "PathVariable", "[FromRoute]",
"r.URL.Query().Get(", "mux.Vars("
# Data access without ownership check
"findById(", "findByPk(", "findOne({id:", "get_object_or_404(",
"User.find(", ".where(id:", "GetById(", "Find(&"
# Missing role checks
"isAdmin", "role ==", "hasRole(", "hasPermission(",
"@PreAuthorize", "@Secured", "[Authorize(",
"@login_required", "@permission_required"
Trace from HTTP route parameter to database query and check if user ownership is verified:
// VULNERABLE: No ownership check — any authenticated user can access any order
app.get('/api/orders/:id', auth, async (req, res) => {
const order = await Order.findById(req.params.id);
res.json(order);
});
// SAFE: Ownership check ensures user can only access their own orders
app.get('/api/orders/:id', auth, async (req, res) => {
const order = await Order.findOne({
_id: req.params.id,
userId: req.user.id // Ownership check
});
if (!order) return res.status(404).json({ error: 'Not found' });
res.json(order);
});
# VULNERABLE: Django view without ownership check
def order_detail(request, order_id):
order = get_object_or_404(Order, pk=order_id)
return JsonResponse(model_to_dict(order))
# SAFE: Filter by user
def order_detail(request, order_id):
order = get_object_or_404(Order, pk=order_id, user=request.user)
return JsonResponse(model_to_dict(order))
// VULNERABLE: Admin endpoint without role check
@GetMapping("/api/admin/users")
public List<User> getAllUsers() {
return userRepository.findAll();
}
// SAFE: Role-based access control
@GetMapping("/api/admin/users")
@PreAuthorize("hasRole('ADMIN')")
public List<User> getAllUsers() {
return userRepository.findAll();
}
GET /api/me/profile uses authenticated user's ID, not a URL parameter