# Exposure of Resource to Wrong Sphere (CWE-668)

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

**Stack:** JavaScript

- Prevalence: उच्च बार-बार शोषित
- Impact: क्रिटिकल 1 क्रिटिकल गंभीरता वाले नियम
- Prevention: प्रलेखित 3 फिक्स उदाहरण

**OWASP:** Broken Access Control (A01:2021-Broken Access Control) - #1

## Description

Resources should only be accessible to actors that are intended to use them. When resources are exposed to the wrong sphere (e.g., public instead of private), unauthorized actors can access sensitive data or functionality.

## Prevention

### JavaScript

Use ECMAScript private fields (#) for true runtime encapsulation instead of TypeScript's compile-time-only modifiers

## Warning Signs

- [HIGH] Access modifier bypass detected using .... Private/protected fields accessed through runtime mechanisms.

## Consequences

- एप्लिकेशन डेटा पढ़ना
- एप्लिकेशन डेटा संशोधित करना
- विशेषाधिकार प्राप्त करना

## Mitigations

- सभी संसाधनों पर उचित पहुँच नियंत्रण लागू करें
- न्यूनतम विशेषाधिकार के सिद्धांत का उपयोग करें
- संसाधनों को विश्वास स्तर के अनुसार अलग करें

## Detection

- Total rules: 3
- Critical: 1
- Languages: yaml, typescript

## Rules by Language

### Typescript (1 rules)

- **TypeScript Access Modifier Bypass** [HIGH]: TypeScript private/protected modifiers are compile-time only. Bracket notation and
type assertions bypass them at runtime, exposing sensitive data like passwords and tokens.
  - Remediation: Use ECMAScript private fields (#) for true runtime encapsulation.

```typescript
class User {
  #password: string;

  constructor(password: string) {
    this.#password = password;
  }

  verifyPassword(input: string): boolean {
    return this.#password === input;
  }
}
```

Learn more: https://shoulder.dev/learn/typescript/cwe-668/access-modifier-bypass