# Unsafe 'any' Type in Security-Sensitive Context

- ID: typescript-unsafe-any-usage
- Severity: HIGH
- CWE: CWE-704 (CWE-704)
- Languages: TypeScript
- Frameworks: express, fastify, nestjs, next

## Description

Using 'any' type with untrusted input bypasses TypeScript's type safety, allowing
unvalidated data to flow into security-sensitive operations.

## Detection Message

Variable declared with 'any' type receives untrusted input from {source}. This bypasses TypeScript's type safety and may lead to injection vulnerabilities.

## Remediation

Replace 'any' with a specific interface or use 'unknown' with type guards.

```typescript
interface UserDTO {
  username: string;
  email: string;
}

const userData: UserDTO = req.body;
database.insert(userData);
```

Learn more: https://shoulder.dev/learn/typescript/cwe-704/unsafe-any-usage

## Documentation

[object Object]

## Related Rules

- **tRPC Type Safety Bypass with Any** [MEDIUM]: 
- **TypeScript Unconstrained Generic Type Parameters** [MEDIUM]: 
- **TypeScript Strict Mode Disabled** [HIGH]: 
- **TypeScript Unsafe Type Guard** [HIGH]: