auth-bypasslisted

# Authentication/Authorization Bypass Detection ## When to Use Audit web frameworks, API gateways, admin panels, CMS systems, and any application with role-based access control. ## Process ### Step 1: Map ALL Routes ``` # Express.js grep -rn "app\.get\|app\.post\|app\.put\|app\.delete\|app\.patch\|router\." . # Django grep -rn "path(\|url(\|urlpatterns" . # Flask grep -rn "@app\.route\|@blueprint\.route" . # Go grep -rn "HandleFunc\|Handle\|mux\.\|router\." . # Rails grep -rn "get \|post \|put \|delete \|patch " config/routes.rb ``` ### Step 2: Map Auth Middleware ``` # Express grep -rn "isAuthenticated\|requireAuth\|authMiddleware\|passport\|jwt\.verify" . grep -rn "app\.use(.*auth\|router\.use(.*auth" . # Django grep -rn "login_required\|permission_required\|@permission_classes\|IsAuthenticated" . # Flask grep -rn "login_required\|@jwt_required\|current_user" . # Go grep -rn "AuthMiddleware\|RequireAuth\|WithAuth" . # Rails grep -rn "before_action.*authenticate\|before_action.*authorize" . ``` ### Step 3: Cross-Reference Routes vs Auth For EACH route, verify: 1. Is auth middleware applied? 2. Is it the RIGHT auth level? (user vs admin) 3. Is it applied to ALL HTTP methods? (GET might be protected but PUT is not) 4. Are there any conditional bypasses? ### Step 4: Check for Common Bypass Patterns ``` # JWT issues grep -rn "algorithms\|algorithm\|alg\|verify.*false\|verify.*False" . grep -rn "jwt\.decode\|jwt\.verify\|jose\|jsonwebtoken" . # Session fixatio