C#-CWE-269

The application performs improper privilege management, which can allow an attacker to escalate privileges or bypass access controls

Required inputs: CSharpAST

This rule detects **improper privilege management vulnerabilities (CWE-269)**, which occur when an application trusts user-supplied role information instead of using server-validated identities or claims. Example of a vulnerability:

// Vulnerable: role comes from client input
public bool IsAuthorized_Insecure(string username, string roleFromClient)
{
    // Danger: trusting user-supplied role value
    return roleFromClient == "Admin";
}

Example of a secure implementation:

using System.Security.Principal;

public bool IsAuthorized_Safe(IPrincipal principal)
{
    // Use server-validated identity/claims, not client-supplied values.
    return principal != null && principal.IsInRole("Administrators");
}

Notes: - In web applications, prefer using ClaimsPrincipal or the authentication middleware to determine roles. - Never trust role names coming from request headers, body, query strings, or cookies.

Possible Messages

Key	Text	Severity	Disabled
untrusted_role_input	Privilege decision uses untrusted role input.	None	False

Options

• This rule shares the following common options: excludes, includes, justification_checker, post_processing, provider, severity

• The following places define options that affect this rule: Stylechecks, Analysis-GlobalOptions

• This rule has no individual options.