# Access of Resource Using Incompatible Type ('Type Confusion') (CWE-843)

The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

- Prevalence: Medium 1 language covered
- Impact: Medium Review recommended
- Prevention: Documented 1 fix examples

**OWASP:** Injection (A03:2021-Injection) - #3

## Description

Type confusion can lead to memory corruption, arbitrary code execution, or information disclosure when the program interprets data as the wrong type.

## Prevention

### Node.js

Use enum constants and typed parameters instead of raw string comparisons for authorization checks

## Warning Signs

- [MEDIUM] Comparing enum value using string literal '...' instead of enum constant. This may allow bypass if user input doesn't ma

## Consequences

- Execute Unauthorized Code
- Read Application Data
- DoS

## Mitigations

- Use type-safe languages or type checking
- Validate object types before casting
- Use discriminated unions or tagged types

## Detection

- Total rules: 1
- Languages: typescript

## Rules by Language

### Typescript (1 rules)

- **TypeScript Enum Type Confusion** [MEDIUM]: Comparing enum values with raw strings bypasses type safety and allows authorization
bypass when user input is compared against enum values without proper type checking.
  - Remediation: Use enum constants and typed parameters for comparisons.

```typescript
enum UserRole {
  Admin = 'admin',
  User = 'user'
}

function checkAdmin(role: UserRole): boolean {
  return role === UserRole.Admin;
}
```

Learn more: https://shoulder.dev/learn/typescript/cwe-843/enum-type-confusion