# Missing Authorization (CWE-862)

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

**Stack:** Go

- Prevalence: उच्च बार-बार शोषित
- Impact: उच्च 3 उच्च गंभीरता वाले नियम
- Prevention: प्रलेखित 3 फिक्स उदाहरण

**OWASP:** Broken Access Control (A01:2021-Broken Access Control) - #1

## Description

Assuming a user with a given identity, authorization is the process of determining whether that user can access a given resource. When authorization checks are completely missing, any authenticated user can access protected resources.

## Prevention

1 Shoulder डिटेक्शन नियमों पर आधारित Missing Authorization के लिए रोकथाम रणनीतियाँ।

### Go

Require human approval for sensitive operations and limit agent loop iterations

## Warning Signs

- [HIGH] Excessive LLM agency detected: ...
- [HIGH] LLM implementations with excessive autonomy allowing destructive operations without human approval

## Consequences

- एप्लिकेशन डेटा पढ़ना
- एप्लिकेशन डेटा संशोधित करना
- विशेषाधिकार प्राप्त करना

## Mitigations

- सभी संरक्षित संसाधनों के लिए प्राधिकरण जाँचें लागू करें
- केंद्रीकृत प्राधिकरण तंत्र का उपयोग करें
- deny by default के सिद्धांत का पालन करें

## Detection

- Total rules: 3
- Languages: go, javascript, typescript, python

## Rules by Language

### Go (1 rules)

- **LLM Excessive Agency** [HIGH]: Detects LLM implementations with excessive autonomy allowing destructive operations without human approval.
  - Remediation: Require human approval for sensitive operations and add iteration limits.

```go
if sensitiveOperations[toolName] {
    queueForApproval(toolCall)
}
```

Learn more: https://shoulder.dev/learn/go/cwe-862/llm-excessive-agency