Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
When privileges are not properly managed, users may gain access to resources or functionality they should not have. This includes privilege escalation and improper role assignment.
Jak naprawić tę podatność
Create users with least-privilege defaults and require explicit admin action for privilege elevation
def register(request): data = request.get_json() - user = User.objects.create( - username=data['username'], - email=data['email'], - is_staff=True, + user = User.objects.create_user( + username=data['username'], + email=data['email'], + password=data['password'], ) return {'status': 'created'}
Use permission decorators to verify user roles before any privilege modification
- from django.http import JsonResponse - from django.contrib.auth.models import User - + from django.contrib.auth.decorators import permission_required + from django.http import JsonResponse + from django.contrib.auth.models import User + + @permission_required('auth.change_user', raise_exception=True) def promote_user(request, user_id): user = User.objects.get(id=user_id) user.is_staff = True user.save() return JsonResponse({'status': 'promoted'})
Znajdz podatnosci w swoim kodzie
Uzyj Shoulder do skanowania kodu w poszukiwaniu wzorcow Improper Privilege Management. 2 reguly.
# Scan with Shoulder CLI npx @shoulderdev/cli trust --cwe=269 # Or scan entire project npx @shoulderdev/cli trust .
Na co zwracac uwage podczas przegladu kodu
Te wzorce wskazuja na potencjalne podatnosci Improper Privilege Management. Szukaj ich podczas przegladow kodu i audytow bezpieczenstwa.
Przeskanuj swój kod w poszukiwaniu Improper Privilege Management
Shoulder CLI znajduje podatne wzorce w całym Twoim kodzie.