@sonata-api/security v1.0.20

@sonata-api/security

Introduction

This package implements common security checks. The checks can be used separatelly, or through a function called useSecurity(). This function returns an object with two functions:

• beforeRead(): checks to be made before reading data
• beforeWrite(): checks to be made before writing data

References

• checkOwnershipRead() and checkOwnershipWrite(): CWE-284: Improper Access Control, CWE-639: Authorization Bypass Through User-Controlled Key
• checkImmutability(): CWE-471: Modification of Assumed-Immutable Data (MAID)
• checkPagination(): CWE-770: Allocation of Resources Without Limits or Throttling
• rateLimiting(): CWE-799: Improper Control of Interaction Frequency