Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
When privileges are not properly managed, users may gain access to resources or functionality they should not have. This includes privilege escalation and improper role assignment.
Comment corriger cette vulnérabilité
Create users with least-privilege defaults and require explicit admin action for privilege elevation
def register(request): data = request.get_json() - user = User.objects.create( - username=data['username'], - email=data['email'], - is_staff=True, + user = User.objects.create_user( + username=data['username'], + email=data['email'], + password=data['password'], ) return {'status': 'created'}
Use permission decorators to verify user roles before any privilege modification
- from django.http import JsonResponse - from django.contrib.auth.models import User - + from django.contrib.auth.decorators import permission_required + from django.http import JsonResponse + from django.contrib.auth.models import User + + @permission_required('auth.change_user', raise_exception=True) def promote_user(request, user_id): user = User.objects.get(id=user_id) user.is_staff = True user.save() return JsonResponse({'status': 'promoted'})
Trouvez les vulnérabilités dans votre code
Utilisez Shoulder pour scanner votre code à la recherche de patterns Improper Privilege Management. 2 règles.
# Scan with Shoulder CLI npx @shoulderdev/cli trust --cwe=269 # Or scan entire project npx @shoulderdev/cli trust .
Ce qu'il faut surveiller lors des revues de code
Ces patterns indiquent des vulnérabilités potentielles Improper Privilege Management. Recherchez-les lors des revues de code et des audits de sécurité.
Scannez votre base de code pour Improper Privilege Management
Shoulder CLI trouve les motifs vulnérables dans toute votre base de code.