# TypeScript Enum Type Confusion

- ID: typescript-enum-type-confusion
- Severity: MEDIUM
- CWE: CWE-843 (CWE-843)
- Languages: TypeScript
- Frameworks: express, fastify, nestjs, next

## Description

Comparing enum values with raw strings bypasses type safety and allows authorization
bypass when user input is compared against enum values without proper type checking.

## Detection Message

Comparing enum value using string literal '{literal}' instead of enum constant. This may allow bypass if user input doesn't match enum type.

## Remediation

Use enum constants and typed parameters for comparisons.

```typescript
enum UserRole {
  Admin = 'admin',
  User = 'user'
}

function checkAdmin(role: UserRole): boolean {
  return role === UserRole.Admin;
}
```

Learn more: https://shoulder.dev/learn/typescript/cwe-843/enum-type-confusion

## Documentation

[object Object]