SiteShadow
Back to vulnerability library
Detected bySecure-coding-practice checks (SCP)Pro

SCP05 Access Control

What this means

SiteShadow flagged access control/authorization patterns that appear missing, inconsistent, or bypassable. Authorization is "is this user allowed to do this action on this resource?" (not just "are they logged in?").

Why it matters

Unauthorized access can lead to data leakage or privilege escalation.

Safer examples

1) Enforce object-level authorization (Python)

doc = get_doc(doc_id)
if doc.owner_id != current_user.id:
    raise PermissionError("Forbidden")

2) Centralize authorization

Use shared middleware/policies so every route is protected consistently.

3) Add negative tests for access control

Tests should assert "User A cannot access User B's data" and that admin-only endpoints reject normal users.

How SiteShadow detects it (high level)

References

---

← Back to Vulnerability Library

Catch this with SiteShadow Pro.

This vulnerability class is detected by SiteShadow's Pro-tier engines, two-pass interprocedural taint analysis, heuristic flow checks, AI-context scanning, and cross-file detection. The free tier catches OWASP Top 10 single-file patterns; Pro adds the data-flow depth that finds this class of bug.