Uploaded image for project: 'Rules Repository'
  1. Rules Repository
  2. RSPEC-4834

Controlling permissions is security-sensitive

    Details

    • Message:
      Make sure that Permissions are controlled safely here.
    • Default Severity:
      Critical
    • Impact:
      High
    • Likelihood:
      Low
    • Default Quality Profiles:
      Sonar way
    • Targeted languages:
      C, C++, Cobol, Go, JavaScript, Kotlin, Objective-C, Python, Ruby, Rust, Scala, Swift, TypeScript
    • Covered Languages:
      C#, Java, PHP, VB.Net
    • Irrelevant for Languages:
      ABAP, APEX, CSS, HTML, PL/SQL, T-SQL, XML
    • Analysis Scope:
      Main Sources
    • Common Rule:
      Yes
    • OWASP:
      A5
    • SANS Top 25:
      Porous Defenses

      Description

      Controlling permissions is security-sensitive. It has led in the past to the following vulnerabilities:

      Attackers can only damage what they have access to. Thus limiting their access is a good way to prevent them from wreaking havoc, but it has to be done properly.

      This rule flags code that controls the access to resources and actions or configures this access. The goal is to guide security code reviews.

      Ask Yourself Whether

      • at least one accessed action or resource is security-sensitive.
      • there is no access control in place or it does not cover all sensitive actions and resources.
      • users have permissions they don't need.
      • the access control is based on a user input or on some other unsafe data.
      • permissions are difficult to remove or take a long time to be updated.

      You are at risk if you answered yes to the first question and any of the following ones.

      Recommended Secure Coding Practices

      The first step is to restrict all sensitive actions to authenticated users.

      Each user should have the lowest privileges possible. The access control granularity should match the sensitivity of each resource or action. The more sensitive it is, the less people should have access to it.

      Do not base the access control on a user input or on a value which might have been tampered with. For example, the developer should not read a user's permissions from an HTTP cookie as it can be modified client-side.

      Check that the access to each action and resource is properly restricted.

      Enable administrators to swiftly remove permissions when necessary. This enables them to reduce the time an attacker can have access to your systems when a breach occurs.

      Log and monitor refused access requests as they can reveal an attack.

      See

        Attachments

          Issue Links

          1.
          Java RSPEC-4859 Language-Specification Active Unassigned
          2.
          C# RSPEC-4932 Language-Specification Active Unassigned
          3.
          VB.NET RSPEC-5029 Language-Specification Active Unassigned
          4.
          PHP RSPEC-5095 Language-Specification Active Unassigned
          5.
          Python RSPEC-5236 Language-Specification Active Unassigned

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                nicolas.harraudeau Nicolas Harraudeau
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated: