Critical
Security
Implement proper authentication and authorization
Official
Rule Description
Separate authentication (who are you?) from authorization (what can you do?):
Authentication:
- Use secure password hashing (bcrypt)
- Implement rate limiting on login
- Use secure session management
- Consider MFA for sensitive applications
Authorization:
- Check permissions on every request
- Use policy objects or authorization gems (Pundit, CanCanCan)
- Never rely on client-side checks alone
```ruby
# Pundit example
def update
@post = Post.find(params[:id])
authorize @post # Raises unless user can update
@post.update!(post_params)
end
```
Included in Rulesets
Jest Testing
24 rules • 2 standards
Maven Standards
23 rules • 0 standards
Travis CI Standards
22 rules • 0 standards
React Standards
28 rules • 1 standard
Next.js Patterns
28 rules • 1 standard
Code Review Standards
58 rules • 0 standards
GitHub Actions CI
22 rules • 0 standards
Mocha Testing
24 rules • 0 standards
Ruby Style Guide
25 rules • 1 standard
SQLite Standards
25 rules • 0 standards
Minitest Testing
24 rules • 1 standard
Express Standards
31 rules • 1 standard
C# Standards
21 rules • 1 standard
Go Best Practices
21 rules • 1 standard
Vitest Testing
24 rules • 3 standards
RSpec Testing
24 rules • 0 standards
pnpm Standards
23 rules • 3 standards
Poetry Standards
23 rules • 0 standards
MongoDB Best Practices
25 rules • 1 standard
Pylint Standards
22 rules • 0 standards
MySQL Standards
25 rules • 0 standards
Swift Guidelines
21 rules • 0 standards
FastAPI Guidelines
36 rules • 1 standard
uv Standards
25 rules • 2 standards
Rubocop Standards
21 rules • 1 standard
Documentation Standards
21 rules • 0 standards
PostgreSQL Standards
25 rules • 0 standards
npm Standards
23 rules • 2 standards
Redis Guidelines
25 rules • 0 standards
Gradle Standards
23 rules • 2 standards
CircleCI Standards
22 rules • 0 standards
Pytest Testing
24 rules • 2 standards
Laravel Guidelines
21 rules • 1 standard
GitLab CI Standards
22 rules • 0 standards
PHP Guidelines
21 rules • 1 standard
Java Standards
21 rules • 1 standard
Black Standards
22 rules • 0 standards
Rust Standards
21 rules • 1 standard
TypeScript Guide
28 rules • 4 standards
Yarn Standards
23 rules • 0 standards
Cargo Standards
23 rules • 2 standards
Kotlin Standards
21 rules • 1 standard
JavaScript Guide
28 rules • 2 standards
pip Standards
23 rules • 0 standards
Prettier Standards
21 rules • 0 standards
Django Best Practices
36 rules • 1 standard
Bundler Standards
23 rules • 1 standard
Composer Standards
23 rules • 1 standard
Git Workflow
21 rules • 0 standards
Vue Best Practices
28 rules • 1 standard
ESLint Standards
22 rules • 5 standards
Python Standards
33 rules • 2 standards
Spring Boot Standards
24 rules • 2 standards
Angular Guidelines
28 rules • 1 standard
Add This Rule
Sign in to add this rule to your workspace
Sign in with GitHubDetails
- Severity
- Critical
- Category
- Security
- Used in
- 54 rulesets