rspec/rules/S4834/description.adoc

The access control of an application must be properly implemented in order to restrict access to resources to authorized entities otherwise this could lead to vulnerabilities:

* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12999[CVE-2018-12999]
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10285[CVE-2018-10285]
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7455[CVE-2017-7455]

Granting correct permissions to users, applications, groups or roles and defining required permissions that allow access to a resource is sensitive, must therefore be done with care. For instance, it is obvious that only users with administrator privilege should be authorized to add/remove the administrator permission of another user.
Add rules 4000-4999 2020-06-30 12:49:37 +02:00			`The access control of an application must be properly implemented in order to restrict access to resources to authorized entities otherwise this could lead to vulnerabilities:`
Fix code block ambiguity with old header style Ensure blank line before list and clean the one leading space 2020-06-30 14:49:38 +02:00
Add rules 4000-4999 2020-06-30 12:49:37 +02:00			`* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12999[CVE-2018-12999]`
			`* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10285[CVE-2018-10285]`
			`* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7455[CVE-2017-7455]`

			`Granting correct permissions to users, applications, groups or roles and defining required permissions that allow access to a resource is sensitive, must therefore be done with care. For instance, it is obvious that only users with administrator privilege should be authorized to add/remove the administrator permission of another user.`