MetaCredo.
View Source
Detects incorrect authorization patterns (CWE-863).
Identifies weak or flawed authorization logic such as authorization checks that appear after the sensitive operation, role-only checks without resource ownership verification, and default-allow patterns.
Category: Security / Priority: high