# Authorization Bypass Through User-Controlled Key (CWE-639) The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data. **Stack:** Go - Prevalence: 높음 자주 악용됨 - Impact: 치명적 1개의 치명적 심각도 규칙 - Prevention: 문서화됨 8개의 수정 예시 **OWASP:** Broken Access Control (A01:2021-Broken Access Control) - #1 ## Description Retrieval of a user record usually occurs in the system based on some key value. When a value that is directly specified by the user is used to look up that record, the key value can be modified to access records belonging to other users. ## Prevention 3개의 Shoulder 탐지 규칙을 기반으로 한 Authorization Bypass via User Key 예방 전략. ### Go Validate resource ownership before allowing modifications using user-supplied IDs Validate resource ownership before database access using user-supplied IDs Verify resource ownership before returning data accessed by user-supplied identifiers ## Warning Signs - [HIGH] User can access other users' resources without authorization - [HIGH] horizontal privilege escalation where users can access or modify other users' resources - [HIGH] User-supplied ID used to access resource without authorization check - [HIGH] IDOR vulnerabilities where user-supplied IDs access resources without authorization checks - [MEDIUM] route parameters flowing to data access without visible ownership verification ## Consequences - 애플리케이션 데이터 읽기 - 애플리케이션 데이터 수정 - 권한 획득 ## Mitigations - 데이터베이스 키를 직접 노출하지 말고 간접 참조(매핑)를 사용하세요 - 현재 사용자가 요청한 리소스에 접근할 권한이 있는지 검증하세요 - 모든 요청마다 적절한 접근 제어 검사를 구현하세요 ## Detection - Total rules: 8 - Critical: 1 - Languages: go, javascript, typescript, python ## Rules by Language ### Go (3 rules) - **Horizontal Privilege Escalation** [HIGH]: Detects horizontal privilege escalation where users can access or modify other users' resources. - Remediation: Validate resource ownership before modification. ```go if profile.UserID != currentUserID { return errors.New("unauthorized") } ``` Learn more: https://shoulder.dev/learn/go/cwe-639/privilege-escalation - **Insecure Direct Object Reference (IDOR)** [HIGH]: Detects IDOR vulnerabilities where user-supplied IDs access resources without authorization checks. - Remediation: Validate ownership before accessing resources. ```go if requestedID != currentUserID && !isAdmin(currentUserID) { return errors.New("unauthorized") } ``` Learn more: https://shoulder.dev/learn/go/cwe-639/idor - **Potential IDOR - Generic Data Access** [MEDIUM]: Detects route parameters flowing to data access without visible ownership verification. - Remediation: Verify ownership before returning data. ```go if order.UserID != currentUserID { c.JSON(403, gin.H{"error": "Forbidden"}) return } ``` Learn more: https://shoulder.dev/learn/go/cwe-639/idor-generic