Avoid AllowAny on unsafe DRF methods | Critiq Docs

#Metadata

Rule ID: py.security.drf-allow-any-unsafe-method
Severity: high
Confidence: 0.8
Languages: python
Presets: security, strict
Stability: stable
Applies to: block
Tags: authorization, django, drf, python, rules-catalog, security

#Why it matters

Open unsafe methods allow unauthenticated clients to mutate data and violate least-privilege API access.

#Remediation

Require authentication or scoped permissions for unsafe verbs unless the handler is explicitly public and documented.

#Repository path

The generated metadata points to critiq-rules/libs/rules/catalog/rules/python/py.security.drf-allow-any-unsafe-method.rule.yaml.

Back to directory Open rule in repository