Skip to content

001_0008 - CheckSecurityOnUserRoles

Check security on user roles

Check security for all user roles

Metadata

authors:
- Bart Zantingh <bart.zantingh@nl.abnamro.com>
category: Security
input: Security$ProjectSecurity.yaml
rulename: CheckSecurityOnUserRoles
rulenumber: 001_0008
scope: package
severity: HIGH

Description

Security should be checked for each user role, to make sure users can only access the minimum amount of data

Remediation

Check security for all user roles

Test cases

package app.mendix.project_settings.check_security_on_user_roles_test

import data.app.mendix.project_settings.check_security_on_user_roles
import rego.v1

# Test data
check_for_security := {"UserRoles": [{
    "CheckSecurity": true,
    "Name": "Administrator",
}]}

not_check_for_security := {"UserRoles": [{
    "CheckSecurity": false,
    "Name": "Administrator",
}]}

# Test cases
test_should_allow_when_checking_user_roles_for_security if {
    check_security_on_user_roles.allow with input as check_for_security
}

test_should_deny_when_not_checking_user_roles_for_security if {
    not check_security_on_user_roles.allow with input as not_check_for_security
}