Uploaded image for project: 'Rules Repository'
  1. Rules Repository
  2. RSPEC-5808

Authorizations should be based on strong decisions

    XMLWordPrintable

    Details

    • Type: Vulnerability Detection
    • Status: Active
    • Resolution: Unresolved
    • Labels:
    • Message:
      [vote|hasPermission] method should return at least one time [ACCESS_DENIED|false]
    • Highlighting:
      Hide

      [vote|hasPermission] method name

      Show
      [vote|hasPermission] method name
    • Default Severity:
      Major
    • Impact:
      Low
    • Likelihood:
      High
    • Default Quality Profiles:
      Sonar way
    • Targeted languages:
      C#, C, C++, JavaScript, Kotlin, Objective-C, Python, VB.Net
    • Covered Languages:
      Java, PHP
    • Remediation Function:
      Constant/Issue
    • Constant Cost:
      30min
    • Analysis Level:
      Control-flow Analysis
    • Analysis Scope:
      Main Sources
    • CWE:
      CWE-285
    • OWASP:
      A5

      Description

      Authorizations granted or not to users to access resources of an application should be based on strong decisions. For instance, checking whether the user is authenticated or not, has the right roles/privileges. It may also depend on the user's location, or the date, time when the user requests access.

      See

        Attachments

          Issue Links

          1.
          Java RSPEC-5809 Language-Specification Active Unassigned
          2.
          PHP RSPEC-6074 Language-Specification Active Unassigned

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              eric.therond Eric Therond
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated: