Critiq Docs
Get started
security.authentication

Token or session not validated

Session and token values from external input should be verified before authentication or identity use.

#Metadata

Rule ID
ts.security.token-or-session-not-validated
Severity
high
Confidence
0.85
Languages
javascript, typescript
Presets
recommended, security, strict
Stability
stable
Applies to
function
Tags
authentication, crq-sec-023, rules-catalog, security

#Why it matters

Parsing or loading session state without verification allows forged or stale credentials to influence authorization paths.

#Remediation

Verify or authenticate the token or session value before decoding, loading, or deriving identity from it.

#Repository path

The generated metadata points to critiq-rules/libs/rules/catalog/rules/typescript/ts.security.token-or-session-not-validated.rule.yaml.

Back to registryOpen rule in repository