Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
When privileges are not properly managed, users may gain access to resources or functionality they should not have. This includes privilege escalation and improper role assignment.
So behebst du diese Schwachstelle
Create users with least-privilege defaults and require explicit admin action for privilege elevation
def register(request): data = request.get_json() - user = User.objects.create( - username=data['username'], - email=data['email'], - is_staff=True, + user = User.objects.create_user( + username=data['username'], + email=data['email'], + password=data['password'], ) return {'status': 'created'}
Use permission decorators to verify user roles before any privilege modification
- from django.http import JsonResponse - from django.contrib.auth.models import User - + from django.contrib.auth.decorators import permission_required + from django.http import JsonResponse + from django.contrib.auth.models import User + + @permission_required('auth.change_user', raise_exception=True) def promote_user(request, user_id): user = User.objects.get(id=user_id) user.is_staff = True user.save() return JsonResponse({'status': 'promoted'})
Finden Sie Schwachstellen in Ihrem Code
Verwenden Sie Shoulder, um Ihren Code nach Improper Privilege Management-Mustern zu scannen. 2 Regeln.
# Scan with Shoulder CLI npx @shoulderdev/cli trust --cwe=269 # Or scan entire project npx @shoulderdev/cli trust .
Worauf bei Code-Reviews zu achten ist
Diese Muster weisen auf potenzielle Improper Privilege Management-Schwachstellen hin. Achten Sie bei Code-Reviews und Sicherheitsaudits darauf.
Scanne deine Codebasis nach Improper Privilege Management
Shoulder CLI findet anfällige Muster in deiner gesamten Codebasis.