# Angular Missing Route Guard

- ID: angular-missing-route-guard
- Severity: CRITICAL
- CWE: Improper Authorization (CWE-285)
- Languages: JavaScript, TypeScript
- Frameworks: angular

## Description

Routes without canActivate guards allow unauthorized access to admin panels,
user profiles, and sensitive operations.

## Detection Message

Route '{path}' handles sensitive operations but lacks canActivate or other route guards.

## Remediation

Add canActivate guard to protect sensitive routes.

```typescript
@Injectable({ providedIn: 'root' })
export class AuthGuard implements CanActivate {
  constructor(private auth: AuthService, private router: Router) {}

  canActivate(): boolean {
    if (this.auth.isAuthenticated()) return true;
    this.router.navigate(['/login']);
    return false;
  }
}

const routes: Routes = [
  { path: 'admin', component: AdminComponent, canActivate: [AuthGuard] }
];
```

Learn more: https://shoulder.dev/learn/typescript/cwe-285/missing-route-guard

## Documentation

[object Object]

## Related Rules

- **NestJS Sensitive Route Missing Guard** [CRITICAL]: 
- **tRPC Protected Procedure Missing Authentication** [CRITICAL]: