Skip to main content
在 Manus 中运行任何 Skill
一键导入

cors-misconfiguration

星标2
分支1
更新时间2026年7月9日 12:42

SAST detection methodology for CORS misconfiguration (CWE-942, CWE-346), including reflected Origin with Access-Control-Allow-Credentials:true, null origin acceptance, weak origin regex (unescaped dot, prefix/suffix match, trailing-domain confusion), trusting all subdomains, and wildcard-with- credentials pitfalls. Use when reviewing server code or config that emits Access-Control-Allow-* headers or configures a CORS middleware. Writes confirmed findings to findings/17-cors-misconfiguration.md.

安装

用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。

SKILL.md
readonly