Missing authorization before sensitive action

#Metadata

Rule ID: ts.security.missing-authorization-before-sensitive-action
Severity: high
Confidence: 0.75
Languages: javascript, typescript
Presets: security, strict
Stability: stable
Applies to: function
Tags: authorization, crq-sec-021, rules-catalog, security

#Why it matters

Calling destructive or privileged actions without an authorization guard increases the risk of broken access control.

#Remediation

Add an explicit authorization or permission check before the sensitive action executes.

#Repository path

The generated metadata points to critiq-rules/libs/rules/catalog/rules/typescript/ts.security.missing-authorization-before-sensitive-action.rule.yaml.

Back to registry Open rule in repository