# Reliance on Untrusted Inputs in a Security Decision (CWE-807)

The product uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism.

- Prevalence: High Frequently exploited
- Impact: Critical 1 critical-severity rules
- Prevention: Documented 1 fix examples

**OWASP:** Broken Access Control (A01:2021-Broken Access Control) - #1

## Description

When security decisions are based on client-controlled data (like hidden form fields, cookies, or HTTP headers), an attacker can manipulate these values to bypass access controls.

## Prevention

### Python

Use server-side session state instead of client-controllable data for authorization

## Warning Signs

- [CRITICAL] authorization decisions based on client-controllable data such as
cookies, query parameters, or form

## Consequences

- Bypass Protection Mechanism
- Gain Privileges
- Read Application Data

## Mitigations

- Do not trust client-supplied data for security decisions
- Store security-relevant state server-side
- Sign or encrypt data that must be stored client-side

## Detection

- Total rules: 1
- Critical: 1
- Languages: python

## Rules by Language

### Python (1 rules)

- **Client-Controlled Authorization Data** [CRITICAL]: Detects authorization decisions based on client-controllable data such as
cookies, query parameters, or form fields.
  - Remediation: Use server-side session state for authorization decisions.

```python
if not request.user.is_staff:  # From session, not cookies
    return HttpResponseForbidden()
```

Learn more: https://shoulder.dev/learn/python/cwe-807/client-controlled-authorization