Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Assuming a user with a given identity, authorization is the process of determining whether that user can access a given resource. When authorization checks are completely missing, any authenticated user can access protected resources.
Jak naprawić tę podatność
Strategie zapobiegania dla Missing Authorization oparte na 3 regułach detekcji Shoulder.
Require human approval for sensitive operations and limit agent loop iterations
- for _, toolCall := range resp.Choices[0].Message.ToolCalls { + var sensitiveOps = map[string]bool{ + "deleteUser": true, "transferFunds": true, "sendEmail": true, + } + + for i, toolCall := range resp.Choices[0].Message.ToolCalls { + if i >= maxIterations { + break + } + if sensitiveOps[toolCall.Function.Name] { + queueForApproval(toolCall) + continue + } result, _ := tools[toolCall.Function.Name](toolCall.Function.Arguments) results = append(results, result) }
Znajdz podatnosci w swoim kodzie
Uzyj Shoulder do skanowania kodu w poszukiwaniu wzorcow Missing Authorization. 3 reguly.
# Scan with Shoulder CLI npx @shoulderdev/cli trust --cwe=862 # Or scan entire project npx @shoulderdev/cli trust .
Reguly Wykrywania (3)
Na co zwracac uwage podczas przegladu kodu
Te wzorce wskazuja na potencjalne podatnosci Missing Authorization. Szukaj ich podczas przegladow kodu i audytow bezpieczenstwa.
Przeskanuj swój kod w poszukiwaniu Missing Authorization
Shoulder CLI znajduje podatne wzorce w całym Twoim kodzie.