DEV Community: Charles Kern The latest articles on DEV Community by Charles Kern (@c_k_fb750e731394). https://dev.to/c_k_fb750e731394 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3627925%2Fea1f132d-5f9e-4286-b128-5125d43fef4c.jpg DEV Community: Charles Kern https://dev.to/c_k_fb750e731394 en IDOR in AI-Generated APIs: The Ownership Check Cursor Always Skips Charles Kern Sat, 13 Jun 2026 14:34:19 +0000 https://dev.to/c_k_fb750e731394/idor-in-ai-generated-apis-the-ownership-check-cursor-always-skips-42bm https://dev.to/c_k_fb750e731394/idor-in-ai-generated-apis-the-ownership-check-cursor-always-skips-42bm <h2> TL;DR </h2> <ul> <li>AI tools generate authenticated routes but routinely skip ownership validation -- any logged-in user can access any resource by ID</li> <li>This is CWE-639 (IDOR / Broken Access Control) and it's the most common bug class I find in Cursor-generated APIs</li> <li>One check after every <code>findById</code> call fixes the entire pattern</li> </ul> <p>I reviewed a friend's side project last month. Solid app -- JWT auth, protected routes, refresh token rotation. Then I ran a quick test: logged in as User A, grabbed a document ID from the URL, opened a private tab as User B, and requested the same endpoint.</p> <p>User A's data came back clean.</p> <p>He'd built the whole backend in Cursor. The AI had done a genuinely good job with authentication -- middleware, token validation, all wired up correctly. But every single resource endpoint had the same gap: it checked <em>whether</em> you were logged in. It never checked <em>whether the resource belonged to you</em>.</p> <p>That's CWE-639. Authorization Bypass Through User-Controlled Key. OWASP Top 10, A01: Broken Access Control. And AI code generators reproduce it at scale.</p> <h2> The Vulnerable Pattern </h2> <p>Here's what Cursor generates for a document endpoint:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// CWE-639: authenticated but no ownership check</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/documents/:id</span><span class="dl">'</span><span class="p">,</span> <span class="nx">authenticate</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">doc</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">Document</span><span class="p">.</span><span class="nf">findById</span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">id</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">doc</span><span class="p">)</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">404</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Not found</span><span class="dl">'</span> <span class="p">});</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">doc</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p>Authentication passes. The route looks protected. But swap <code>:id</code> for any valid document ID in the database and you get the data -- regardless of who owns it. Change the number. Get the record. That's IDOR.</p> <p>The same pattern shows up in PUT and DELETE routes. Cursor wires up <code>authenticate</code> correctly every time. It skips the one line that makes the route actually private.</p> <p>I've seen this pattern in payment record endpoints, private message threads, medical note APIs. The auth middleware is there. The access control is not.</p> <h2> Why This Keeps Happening </h2> <p>The reason is boring. AI models train on tutorials, StackOverflow answers, and open-source repos. Most of that code is written to <em>teach how authentication works</em> -- JWT validation, session middleware, token refresh. It demonstrates the concept correctly.</p> <p>What tutorial code almost never models: the ownership check after the fetch. That's assumed to be obvious. It's left as an exercise. The post is about JWTs, not about who owns the document.</p> <p>The model learned the template. It didn't learn the gap.</p> <h2> The Fix </h2> <p>One check. After every resource fetch:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Fixed: ownership validated after fetch</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/documents/:id</span><span class="dl">'</span><span class="p">,</span> <span class="nx">authenticate</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">doc</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">Document</span><span class="p">.</span><span class="nf">findById</span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">id</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">doc</span> <span class="o">||</span> <span class="nx">doc</span><span class="p">.</span><span class="nx">userId</span><span class="p">.</span><span class="nf">toString</span><span class="p">()</span> <span class="o">!==</span> <span class="nx">req</span><span class="p">.</span><span class="nx">user</span><span class="p">.</span><span class="nx">id</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">403</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Forbidden</span><span class="dl">'</span> <span class="p">});</span> <span class="p">}</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">doc</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p>Two notes on this:</p> <p>Return 403, not 404. Returning 404 when "the document exists but isn't yours" leaks less about what IDs exist. Some teams prefer it. Either way, the ownership check is what matters.</p> <p>For larger codebases, a policy layer (CASL, Casbin, or a simple <code>assertOwnership(doc, req.user)</code> helper) is cleaner than repeating this inline everywhere. But even the raw version above eliminates the bug class entirely.</p> <p>A quick semgrep rule or grep for <code>findById</code> without an ownership check in the same function scope will surface every unprotected endpoint in a codebase. Takes about 15 seconds to run.</p> <p>I've been running <a href="https://safeweave.dev" rel="noopener noreferrer">SafeWeave</a> for this. It hooks into Cursor and Claude Code as an MCP server and flags these patterns before I move on. That said, even a basic semgrep rule targeting <code>findById</code> without ownership assertions will catch most of what's in this post. The important thing is catching it before it ships, whatever tool you use.</p> security webdev ai devsecops Why Ranking #1 on Google Doesn't Mean AI Cites You Charles Kern Sat, 13 Jun 2026 14:32:41 +0000 https://dev.to/c_k_fb750e731394/why-ranking-1-on-google-doesnt-mean-ai-cites-you-4ifk https://dev.to/c_k_fb750e731394/why-ranking-1-on-google-doesnt-mean-ai-cites-you-4ifk <p>A marketing director I talked to recently had a problem she couldn't explain. Her company ranked on page one for 14 of their top 15 target keywords. The SEO agency was sending monthly reports full of green checkmarks. Traffic was stable.</p> <p>Then someone on her team typed their category into ChatGPT and asked for vendor recommendations.</p> <p>Her company wasn't mentioned once. Not in the top suggestions. Not as an alternative. Not anywhere.</p> <p>She's not alone. This is the defining blind spot in modern marketing right now, and the companies that understand what's actually happening are going to own AI search before their competitors notice the gap.</p> <h2> Google Ranks Pages. AI Engines Recognize Entities. </h2> <p>Here's what most people get wrong: Google and AI search engines are not different versions of the same system. They're built on completely different trust models, and optimizing for one does almost nothing for the other.</p> <p>Google ranks pages. It crawls your content, evaluates backlinks, scores your authority signals, and surfaces the page most likely to satisfy a query. The fundamental unit is the webpage.</p> <p>AI engines like ChatGPT, Perplexity, and Claude don't rank pages. They recognize entities. When someone asks "what's the best project management tool for remote teams," the LLM draws on patterns from training data — which brands have been consistently mentioned in trusted publications, who gets cited by credible sources, how coherently a company's expertise is represented across the web. The fundamental unit is the brand as an entity.</p> <p>You can have a technically perfect website, great backlinks, and first-page rankings for every target keyword — and still be a complete ghost to AI search if your entity footprint doesn't exist.</p> <h2> The First Thing to Check Isn't Your Content </h2> <p>A surprising number of companies are unknowingly blocking AI crawlers. This often happens after security audits where someone adds broad disallow rules, or from legacy configurations that predate the AI search era. Open your robots.txt and look for entries like:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight conf"><code><span class="n">User</span>-<span class="n">agent</span>: <span class="n">GPTBot</span> <span class="n">Disallow</span>: / <span class="n">User</span>-<span class="n">agent</span>: <span class="n">ClaudeBot</span> <span class="n">Disallow</span>: / <span class="n">User</span>-<span class="n">agent</span>: <span class="n">PerplexityBot</span> <span class="n">Disallow</span>: / </code></pre> </div> <p>If those exist, you've locked AI bots out entirely. They can't retrieve your content in any way that would lead to a citation. Fix that first. It's the quickest win with the highest potential impact.</p> <h2> Entity Footprint: The Concept Traditional SEO Doesn't Cover </h2> <p>After the technical basics, there's a deeper issue: entity footprint. This is the part that makes traditional SEO practitioners uncomfortable because it doesn't fit the keyword-and-backlink model.</p> <p>AI engines learn about brands from the sources that shaped their training data. Wikipedia pages. Wikidata entries. Consistent presence on G2 or Capterra. Mentions in industry publications. Coverage from analysts or journalists in your space. Forum discussions where real users recommend specific products and explain why.</p> <p>A company that has only ever been written about by itself — its own blog, its own press releases, its own social media — has a thin entity footprint from an LLM's perspective. It exists as a URL, not as a recognized entity in the world.</p> <p>This is also why Reddit keeps showing up in AI citations in ways that frustrate brand marketers. Reddit threads written by real users with specific recommendations and real reasons are exactly the kind of organic, third-party signal that AI training data treats as credible. Your carefully produced white paper might lose to a three-year-old forum thread.</p> <p>Getting mentioned in three credible industry publications does more for your AI citations than 50 new blog posts. That's not comfortable news, but it's accurate.</p> <h2> The Technical Levers That Actually Move the Needle </h2> <p>FAQPage schema is the single highest-leverage technical change most sites can make for answer engine optimization. Pages with properly implemented FAQPage JSON-LD show roughly 3x higher AI citation rates compared to equivalent pages without it. The mechanism is straightforward: AI systems can extract clean, citable Q&amp;A pairs much more reliably from structured markup than from prose. If you have a product page, a service page, or a comparison page without FAQPage schema and 5-8 quality Q&amp;A pairs, that's the next thing to add.</p> <p>Alongside schema: direct answer blocks. Every key page should open with a 40-60 word paragraph that directly and completely answers the most likely query that would bring someone to that page. Not a clever hook. Not brand voice. A direct, factual answer. AI systems are looking for extractable answers — make it easy to cite you.</p> <p>The data behind why this urgently matters: Gartner projected a 25% drop in traditional search volume by 2026 as AI answers absorb more queries. SaaS, legal, healthcare, and finance are already feeling this most sharply, because people in those categories are asking AI for recommendations before they even open a search engine.</p> <h2> The Window Is Real and It's Closing </h2> <p>AI share of voice in most categories is still being established. The brand that gets recognized as the authoritative entity in their space over the next 12-18 months will be very hard to displace once citation patterns solidify. This is the equivalent of getting a strong domain authority in 2012, before the SEO arms race got expensive.</p> <p>Practical checklist to start this week: unblock AI bots in robots.txt if they're blocked. Add FAQPage schema to your five most important pages. Rewrite the opening paragraph of each key page to be a direct, complete answer to the most likely query. Pitch two or three industry publications for contributed content or coverage. Get listed on the major review sites in your category. Make your brand information consistent and machine-readable everywhere it appears.</p> <p>Traditional SEO is still worth doing. But it's now one game of two. And right now, most companies are only playing one of them.</p> <p>I'm building a tool to help with exactly this — tracking brand mentions across AI engines, auditing what's blocking citations, and showing share of voice vs competitors in AI search. It's not live yet. If you want to be notified when it launches, follow this account.</p> seo webdev marketing ai 3 Broken Auth Patterns Cursor Keeps Writing Into Your API Charles Kern Wed, 10 Jun 2026 13:04:25 +0000 https://dev.to/c_k_fb750e731394/3-broken-auth-patterns-cursor-keeps-writing-into-your-api-119o https://dev.to/c_k_fb750e731394/3-broken-auth-patterns-cursor-keeps-writing-into-your-api-119o <h2> TL;DR </h2> <ul> <li>AI tools write <code>jwt.decode()</code> instead of <code>jwt.verify()</code> -- zero signature validation</li> <li>The middleware "works" in dev so it ships, and your API silently accepts forged tokens</li> <li>Replace decode with verify, explicit algorithm allowlist, wrap in try/catch</li> </ul> <p>Last month I was reviewing a side project a friend asked me to look at. Node/Express backend, JWT auth, standard stuff. First thing I checked was the auth middleware. There it was: <code>jwt.decode(token)</code>. Not <code>jwt.verify</code>. Not even close.</p> <p>I asked how they built it. "Cursor wrote most of it." That tracks. I've seen this exact pattern in at least six projects this past year -- all AI-assisted, all using decode instead of verify.</p> <p>The scary part: <code>jwt.decode</code> works perfectly. Tests pass. App runs. No errors. You have no idea your API accepts any token you hand it, signed or not.</p> <h2> The Vulnerable Code (CWE-287) </h2> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// AI-generated auth middleware</span> <span class="kd">const</span> <span class="nx">jwt</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">jsonwebtoken</span><span class="dl">'</span><span class="p">);</span> <span class="kd">function</span> <span class="nf">authMiddleware</span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">,</span> <span class="nx">next</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">token</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">headers</span><span class="p">.</span><span class="nx">authorization</span><span class="p">?.</span><span class="nf">split</span><span class="p">(</span><span class="dl">'</span><span class="s1"> </span><span class="dl">'</span><span class="p">)[</span><span class="mi">1</span><span class="p">];</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">token</span><span class="p">)</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">401</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">No token</span><span class="dl">'</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">decoded</span> <span class="o">=</span> <span class="nx">jwt</span><span class="p">.</span><span class="nf">decode</span><span class="p">(</span><span class="nx">token</span><span class="p">);</span> <span class="c1">// CWE-287: no signature verification</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">decoded</span><span class="p">)</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">401</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Invalid token</span><span class="dl">'</span> <span class="p">});</span> <span class="nx">req</span><span class="p">.</span><span class="nx">user</span> <span class="o">=</span> <span class="nx">decoded</span><span class="p">;</span> <span class="nf">next</span><span class="p">();</span> <span class="p">}</span> </code></pre> </div> <p><code>jwt.decode</code> strips the base64 off the JWT payload and returns it as a plain object. That's it. No signature check. No expiry check. No validation that the token was signed with your secret. You could open jwt.io, swap the user ID to an admin account, and hit every protected endpoint in the app.</p> <p>Two variants I've seen from Copilot and Claude Code respectively:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Variant 1: algorithm confusion -- accepts alg:none</span> <span class="kd">const</span> <span class="nx">decoded</span> <span class="o">=</span> <span class="nx">jwt</span><span class="p">.</span><span class="nf">verify</span><span class="p">(</span><span class="nx">token</span><span class="p">,</span> <span class="nx">secret</span><span class="p">,</span> <span class="p">{</span> <span class="na">algorithms</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">HS256</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">none</span><span class="dl">'</span><span class="p">]</span> <span class="p">});</span> <span class="c1">// Variant 2: ignoring expiry</span> <span class="kd">const</span> <span class="nx">decoded</span> <span class="o">=</span> <span class="nx">jwt</span><span class="p">.</span><span class="nf">verify</span><span class="p">(</span><span class="nx">token</span><span class="p">,</span> <span class="nx">secret</span><span class="p">,</span> <span class="p">{</span> <span class="na">ignoreExpiration</span><span class="p">:</span> <span class="kc">true</span> <span class="p">});</span> </code></pre> </div> <p>Both get generated when the developer asks the AI to "stop throwing errors on token verification." The AI fixes the immediate complaint and ships broken auth.</p> <h2> Why AI Keeps Doing This </h2> <p>The pattern comes from documentation examples. JWT library READMEs show <code>jwt.decode</code> as a quick preview -- "here's what a decoded token looks like" -- before getting into verification. Models trained on millions of repos see this everywhere and reproduce it, especially when the surrounding context looks like "just check if the user is logged in."</p> <p>The <code>ignoreExpiration</code> variant comes from StackOverflow workarounds for expired tokens during local testing. The AI absorbs the fix without the context of why it was temporary.</p> <h2> The Fix </h2> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">jwt</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">jsonwebtoken</span><span class="dl">'</span><span class="p">);</span> <span class="kd">function</span> <span class="nf">authMiddleware</span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">,</span> <span class="nx">next</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">token</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">headers</span><span class="p">.</span><span class="nx">authorization</span><span class="p">?.</span><span class="nf">split</span><span class="p">(</span><span class="dl">'</span><span class="s1"> </span><span class="dl">'</span><span class="p">)[</span><span class="mi">1</span><span class="p">];</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">token</span><span class="p">)</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">401</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">No token</span><span class="dl">'</span> <span class="p">});</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">decoded</span> <span class="o">=</span> <span class="nx">jwt</span><span class="p">.</span><span class="nf">verify</span><span class="p">(</span><span class="nx">token</span><span class="p">,</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">JWT_SECRET</span><span class="p">,</span> <span class="p">{</span> <span class="na">algorithms</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">HS256</span><span class="dl">'</span><span class="p">]</span> <span class="c1">// explicit allowlist -- never include 'none'</span> <span class="p">});</span> <span class="nx">req</span><span class="p">.</span><span class="nx">user</span> <span class="o">=</span> <span class="nx">decoded</span><span class="p">;</span> <span class="nf">next</span><span class="p">();</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">401</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Invalid token</span><span class="dl">'</span> <span class="p">});</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Three differences from the broken version: <code>verify</code> not <code>decode</code>, explicit algorithm allowlist, and a try/catch that blocks the request on any verification failure. Secret comes from an env variable -- not hardcoded, not an empty string.</p> <p>Quick check to see why the algorithm allowlist matters:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>node <span class="nt">-e</span> <span class="s2">"const j=require('jsonwebtoken'); console.log(j.decode('eyJhbGciOiJub25lIn0.eyJ1c2VySWQiOiIxMjMifQ.'))"</span> </code></pre> </div> <p>That token has <code>alg:none</code>. Without an explicit allowlist, some configurations will accept it.</p> <p>I've been running <a href="https://safeweave.dev" rel="noopener noreferrer">SafeWeave</a> for this. It hooks into Cursor and Claude Code as an MCP server and flags these patterns before I move on. That said, even a basic pre-commit hook with semgrep and gitleaks will catch most of what's in this post. The important thing is catching it early, whatever tool you use.</p> security webdev ai devsecops Why Cursor Keeps Writing MD5 for Passwords (And How to Fix It) Charles Kern Thu, 30 Apr 2026 17:12:11 +0000 https://dev.to/c_k_fb750e731394/why-cursor-keeps-writing-md5-for-passwords-and-how-to-fix-it-3de8 https://dev.to/c_k_fb750e731394/why-cursor-keeps-writing-md5-for-passwords-and-how-to-fix-it-3de8 <h2> TL;DR </h2> <ul> <li>AI editors frequently output MD5 or SHA-1 for password hashing -- both broken for this purpose</li> <li>Root cause: training data from pre-2015 tutorials where MD5 was common practice</li> <li>Fix: bcrypt (cost 12) or argon2. Pick one. Three-line swap.</li> </ul> <p>I was reviewing a friend's side project last month. Node.js backend, clean architecture, React frontend. He'd built the whole thing with Cursor over a weekend. The auth flow looked right at a glance -- passwords were stored as hashes, login worked, tests passed.</p> <p>Then I saw the hashing function.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">hashlib</span> <span class="n">hashed</span> <span class="o">=</span> <span class="n">hashlib</span><span class="p">.</span><span class="nf">md5</span><span class="p">(</span><span class="n">password</span><span class="p">.</span><span class="nf">encode</span><span class="p">()).</span><span class="nf">hexdigest</span><span class="p">()</span> <span class="c1"># CWE-328 </span></code></pre> </div> <p>MD5 is not a password hashing algorithm. It never was. It's a checksum function that completes in under 1 microsecond per hash. On a consumer GPU, an attacker can run 60 billion MD5 hashes per second. The entire rockyou2024 dataset -- 10 billion passwords -- cracked in under 3 minutes.</p> <h2> Why AI Editors Keep Generating This </h2> <p>It's not a model bug. It's a training data artifact.</p> <p>The internet has thousands of Python and PHP tutorials from 2008-2015 that use MD5 for password storage. Stack Overflow answers with thousands of upvotes. Old framework docs. These pages rank well in search, which means they were in the training corpus.</p> <p>When you type "hash user password Python", the model pattern-matches against the most common code it's seen -- and that code is frequently from a decade ago. The model has no concept of "this was common but is now a known vulnerability". It sees frequency. MD5 appears often next to "password hash" in training data, so it appears often in output.</p> <p>SHA-1 shows up for the same reason. Slightly slower than MD5, equally broken for this use case.</p> <h2> The Vulnerable Pattern </h2> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># CWE-328: Use of Weak Hash -- AI-generated output </span><span class="kn">import</span> <span class="n">hashlib</span> <span class="k">def</span> <span class="nf">hash_password</span><span class="p">(</span><span class="n">password</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">str</span><span class="p">:</span> <span class="k">return</span> <span class="n">hashlib</span><span class="p">.</span><span class="nf">md5</span><span class="p">(</span><span class="n">password</span><span class="p">.</span><span class="nf">encode</span><span class="p">()).</span><span class="nf">hexdigest</span><span class="p">()</span> <span class="c1"># ❌ </span> <span class="k">def</span> <span class="nf">verify_password</span><span class="p">(</span><span class="n">password</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">stored_hash</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">bool</span><span class="p">:</span> <span class="k">return</span> <span class="n">hashlib</span><span class="p">.</span><span class="nf">md5</span><span class="p">(</span><span class="n">password</span><span class="p">.</span><span class="nf">encode</span><span class="p">()).</span><span class="nf">hexdigest</span><span class="p">()</span> <span class="o">==</span> <span class="n">stored_hash</span> <span class="c1"># ❌ </span></code></pre> </div> <p>This is the exact output Cursor gives when you prompt "add password hashing to this Flask endpoint" with no other context. The JavaScript version is equally common:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// CWE-328 -- same problem</span> <span class="kd">const</span> <span class="nx">crypto</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">crypto</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">hash</span> <span class="o">=</span> <span class="nx">crypto</span><span class="p">.</span><span class="nf">createHash</span><span class="p">(</span><span class="dl">'</span><span class="s1">md5</span><span class="dl">'</span><span class="p">).</span><span class="nf">update</span><span class="p">(</span><span class="nx">password</span><span class="p">).</span><span class="nf">digest</span><span class="p">(</span><span class="dl">'</span><span class="s1">hex</span><span class="dl">'</span><span class="p">);</span> <span class="c1">// ❌</span> </code></pre> </div> <h2> The Fix </h2> <p>bcrypt is the safe default. Deliberately slow, well-audited, supported in every language:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">bcrypt</span> <span class="k">def</span> <span class="nf">hash_password</span><span class="p">(</span><span class="n">password</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">bytes</span><span class="p">:</span> <span class="k">return</span> <span class="n">bcrypt</span><span class="p">.</span><span class="nf">hashpw</span><span class="p">(</span><span class="n">password</span><span class="p">.</span><span class="nf">encode</span><span class="p">(),</span> <span class="n">bcrypt</span><span class="p">.</span><span class="nf">gensalt</span><span class="p">(</span><span class="n">rounds</span><span class="o">=</span><span class="mi">12</span><span class="p">))</span> <span class="c1"># ✅ </span> <span class="k">def</span> <span class="nf">verify_password</span><span class="p">(</span><span class="n">password</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">stored_hash</span><span class="p">:</span> <span class="nb">bytes</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">bool</span><span class="p">:</span> <span class="k">return</span> <span class="n">bcrypt</span><span class="p">.</span><span class="nf">checkpw</span><span class="p">(</span><span class="n">password</span><span class="p">.</span><span class="nf">encode</span><span class="p">(),</span> <span class="n">stored_hash</span><span class="p">)</span> <span class="c1"># ✅ </span></code></pre> </div> <p>The <code>rounds=12</code> work factor means each hash takes ~250ms. A GPU that cracks MD5 at 60B hashes/sec is reduced to ~1,000 bcrypt hashes/sec. The economics of brute force collapse.</p> <p>For new projects, argon2 is the current OWASP recommendation:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">argon2</span> <span class="kn">import</span> <span class="n">PasswordHasher</span> <span class="n">ph</span> <span class="o">=</span> <span class="nc">PasswordHasher</span><span class="p">()</span> <span class="n">hashed</span> <span class="o">=</span> <span class="n">ph</span><span class="p">.</span><span class="nf">hash</span><span class="p">(</span><span class="n">password</span><span class="p">)</span> <span class="c1"># ✅ </span><span class="n">ph</span><span class="p">.</span><span class="nf">verify</span><span class="p">(</span><span class="n">hashed</span><span class="p">,</span> <span class="n">password</span><span class="p">)</span> <span class="c1"># ✅ </span></code></pre> </div> <p>Node.js:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">bcrypt</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">bcrypt</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">hash</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">bcrypt</span><span class="p">.</span><span class="nf">hash</span><span class="p">(</span><span class="nx">password</span><span class="p">,</span> <span class="mi">12</span><span class="p">);</span> <span class="c1">// ✅</span> <span class="kd">const</span> <span class="nx">match</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">bcrypt</span><span class="p">.</span><span class="nf">compare</span><span class="p">(</span><span class="nx">password</span><span class="p">,</span> <span class="nx">hash</span><span class="p">);</span> <span class="c1">// ✅</span> </code></pre> </div> <p>One migration note: if you have existing MD5 hashes in your database, you cannot re-hash them -- you don't have the plaintext. The correct path is re-hashing on next login. User logs in, verify against MD5, then immediately replace with bcrypt. Active users migrate naturally. Dormant accounts get a forced password reset.</p> <p>Also -- add this to your <code>.cursorrules</code>: "For all password hashing, use bcrypt cost 12 or argon2. Never use MD5, SHA-1, or SHA-256 for password storage." One instruction. The model follows it every time.</p> <p>I've been running <a href="https://safeweave.dev" rel="noopener noreferrer">SafeWeave</a> for this. It hooks into Cursor and Claude Code as an MCP server and flags these patterns before I move on. That said, even a basic pre-commit hook with semgrep and gitleaks will catch most of what's in this post. The important thing is catching it early, whatever tool you use.</p> security webdev ai devsecops AI-Generated APIs Have an IDOR Problem: 3 Patterns Cursor Misses Charles Kern Tue, 28 Apr 2026 06:25:40 +0000 https://dev.to/c_k_fb750e731394/ai-generated-apis-have-an-idor-problem-3-patterns-cursor-misses-4ji6 https://dev.to/c_k_fb750e731394/ai-generated-apis-have-an-idor-problem-3-patterns-cursor-misses-4ji6 <h2> TL;DR </h2> <ul> <li>AI editors add authentication middleware but skip per-resource ownership checks by default</li> <li>Any logged-in user can access another user's data by guessing or incrementing an ID</li> <li>Fix: scope ownership into the DB query -- one line before you ship, not after</li> </ul> <p>I was reviewing a side project built almost entirely with Cursor. Clean code. Tests passing. Already deployed.</p> <p>Then I spotted this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/documents/:id</span><span class="dl">'</span><span class="p">,</span> <span class="nx">authenticateToken</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">doc</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">Document</span><span class="p">.</span><span class="nf">findById</span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">id</span><span class="p">);</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">doc</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p>The <code>authenticateToken</code> middleware ran. So the route looked protected. But there was no check that <code>req.user.id === doc.userId</code>. Any authenticated user could read any document by guessing the ID. That's IDOR. CWE-862. And it's in almost every AI-generated API I've reviewed.</p> <h2> Why AI editors get this wrong </h2> <p>AI tools are trained on tutorials and StackOverflow answers. Tutorials teach authentication -- "add this middleware and your route is secure." They almost never teach authorization -- "now verify the authenticated user is allowed to access this specific record."</p> <p>The model learns: <code>authenticateToken</code> = protected. It doesn't learn the follow-up. I've seen this in Cursor output, Claude Code output, and Copilot suggestions. All three get authentication right. All three miss authorization.</p> <h2> The three patterns to watch for </h2> <p><strong>Pattern 1 -- No ownership check at all (CWE-862)</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// ❌ CWE-862: Missing Authorization</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/orders/:id</span><span class="dl">'</span><span class="p">,</span> <span class="nx">authenticateToken</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">order</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">Order</span><span class="p">.</span><span class="nf">findById</span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">id</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">order</span><span class="p">)</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">404</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Not found</span><span class="dl">'</span> <span class="p">});</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">order</span><span class="p">);</span> <span class="p">});</span> <span class="c1">// ✅ With ownership check</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/orders/:id</span><span class="dl">'</span><span class="p">,</span> <span class="nx">authenticateToken</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">order</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">Order</span><span class="p">.</span><span class="nf">findById</span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">id</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">order</span><span class="p">)</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">404</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Not found</span><span class="dl">'</span> <span class="p">});</span> <span class="k">if </span><span class="p">(</span><span class="nx">order</span><span class="p">.</span><span class="nx">userId</span><span class="p">.</span><span class="nf">toString</span><span class="p">()</span> <span class="o">!==</span> <span class="nx">req</span><span class="p">.</span><span class="nx">user</span><span class="p">.</span><span class="nx">id</span><span class="p">)</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">403</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Forbidden</span><span class="dl">'</span> <span class="p">});</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">order</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p><strong>Pattern 2 -- Delete endpoints are worse</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// ❌ Any authenticated user can delete any record</span> <span class="nx">app</span><span class="p">.</span><span class="k">delete</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/posts/:id</span><span class="dl">'</span><span class="p">,</span> <span class="nx">authenticateToken</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">await</span> <span class="nx">Post</span><span class="p">.</span><span class="nf">findByIdAndDelete</span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">id</span><span class="p">);</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">({</span> <span class="na">success</span><span class="p">:</span> <span class="kc">true</span> <span class="p">});</span> <span class="p">});</span> </code></pre> </div> <p>No check who owns the post. The AI generated working code. It's just wrong.</p> <p><strong>Pattern 3 -- Related resource fetches without scope</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// ❌ Returns comments for any post, regardless of ownership</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/posts/:id/comments</span><span class="dl">'</span><span class="p">,</span> <span class="nx">authenticateToken</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">comments</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">Comment</span><span class="p">.</span><span class="nf">find</span><span class="p">({</span> <span class="na">postId</span><span class="p">:</span> <span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">id</span> <span class="p">});</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">comments</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p>This one is subtle. The endpoint itself might be intentionally public. But in a private notes app? It's data exposure by default.</p> <h2> The better fix -- bake ownership into the query </h2> <p>Don't fetch first, check second. Instead, filter at the DB level:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Ownership enforced at query time -- not application logic</span> <span class="kd">const</span> <span class="nx">doc</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">Document</span><span class="p">.</span><span class="nf">findOne</span><span class="p">({</span> <span class="na">_id</span><span class="p">:</span> <span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span> <span class="na">userId</span><span class="p">:</span> <span class="nx">req</span><span class="p">.</span><span class="nx">user</span><span class="p">.</span><span class="nx">id</span> <span class="p">});</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">doc</span><span class="p">)</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">404</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Not found</span><span class="dl">'</span> <span class="p">});</span> </code></pre> </div> <p>Two advantages. First, you get 404 instead of 403 -- you don't leak whether the resource exists at all. Second, even if your application-level check has a bug, the DB query won't return the wrong user's data.</p> <h2> What to tell your AI editor </h2> <p>If you're using Cursor or Claude Code, add this to your system prompt or rules file:</p> <blockquote> <p>After every resource fetch, check that req.user.id matches the resource's owner field. Use findOne with ownership in the query filter, not findById followed by a check. Return 404, not 403.</p> </blockquote> <p>It works. The model follows explicit rules better than it infers them from context.</p> <p>I've been running <a href="https://safeweave.dev" rel="noopener noreferrer">SafeWeave</a> for this. It hooks into Cursor and Claude Code as an MCP server and flags CWE-862 patterns before I move on. That said, a pre-commit semgrep rule scanning for <code>findById</code> calls not followed by an ownership comparison catches most of what's in this post. Catch it early, whatever your tool.</p> security webdev ai devsecops Why Cursor Keeps Writing MD5 Password Hashes (CWE-328) Charles Kern Mon, 27 Apr 2026 14:28:36 +0000 https://dev.to/c_k_fb750e731394/why-cursor-keeps-writing-md5-password-hashes-cwe-328-ncf https://dev.to/c_k_fb750e731394/why-cursor-keeps-writing-md5-password-hashes-cwe-328-ncf <h2> TL;DR </h2> <ul> <li>AI editors default to MD5/SHA1 because training data is dominated by pre-2012 tutorials</li> <li>MD5 cracks in hours on a consumer GPU -- this is not theoretical</li> <li>Fix: bcrypt at rounds=12, or Argon2id for new projects</li> </ul> <p>A few weeks ago a developer asked me to review his side project before pushing to production. Node.js backend, Cursor-built, clean architecture. The password storage looked like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">hash</span> <span class="o">=</span> <span class="nx">crypto</span><span class="p">.</span><span class="nf">createHash</span><span class="p">(</span><span class="dl">'</span><span class="s1">md5</span><span class="dl">'</span><span class="p">).</span><span class="nf">update</span><span class="p">(</span><span class="nx">password</span><span class="p">).</span><span class="nf">digest</span><span class="p">(</span><span class="dl">'</span><span class="s1">hex</span><span class="dl">'</span><span class="p">);</span> <span class="k">await</span> <span class="nx">db</span><span class="p">.</span><span class="nf">query</span><span class="p">(</span><span class="dl">'</span><span class="s1">INSERT INTO users (email, password) VALUES ($1, $2)</span><span class="dl">'</span><span class="p">,</span> <span class="p">[</span><span class="nx">email</span><span class="p">,</span> <span class="nx">hash</span><span class="p">]);</span> </code></pre> </div> <p>MD5. In 2026. Not because the developer was careless -- because Cursor generated it and it worked.</p> <p>I've now seen this in three separate projects over the past few weeks. Different developers, different apps, same pattern. The AI editors are consistent about it.</p> <h2> The Vulnerable Pattern (CWE-328) </h2> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// All three are wrong for password storage</span> <span class="nx">crypto</span><span class="p">.</span><span class="nf">createHash</span><span class="p">(</span><span class="dl">'</span><span class="s1">md5</span><span class="dl">'</span><span class="p">).</span><span class="nf">update</span><span class="p">(</span><span class="nx">password</span><span class="p">).</span><span class="nf">digest</span><span class="p">(</span><span class="dl">'</span><span class="s1">hex</span><span class="dl">'</span><span class="p">);</span> <span class="c1">// CWE-328 ❌</span> <span class="nx">crypto</span><span class="p">.</span><span class="nf">createHash</span><span class="p">(</span><span class="dl">'</span><span class="s1">sha1</span><span class="dl">'</span><span class="p">).</span><span class="nf">update</span><span class="p">(</span><span class="nx">password</span><span class="p">).</span><span class="nf">digest</span><span class="p">(</span><span class="dl">'</span><span class="s1">hex</span><span class="dl">'</span><span class="p">);</span> <span class="c1">// CWE-328 ❌</span> <span class="nx">crypto</span><span class="p">.</span><span class="nf">createHash</span><span class="p">(</span><span class="dl">'</span><span class="s1">sha256</span><span class="dl">'</span><span class="p">).</span><span class="nf">update</span><span class="p">(</span><span class="nx">password</span><span class="p">).</span><span class="nf">digest</span><span class="p">(</span><span class="dl">'</span><span class="s1">hex</span><span class="dl">'</span><span class="p">);</span> <span class="c1">// Still wrong for passwords ❌</span> </code></pre> </div> <p>MD5 and SHA-1 are broken for collision resistance. But even SHA-256 is the wrong tool. The problem is speed. SHA-256 can hash billions of inputs per second on a GPU. That's exactly what makes it wrong for passwords.</p> <p>A leaked database of MD5-hashed passwords is cracked in hours with a wordlist and a consumer GPU. SHA-256 is even faster, so it goes even faster.</p> <h2> Why AI Keeps Generating This </h2> <p>Training data volume. There are millions of StackOverflow answers, blog posts, and GitHub gists from 2008-2019 showing MD5 and SHA-1 for password hashing. bcrypt has been the right answer since around 2012, but old content drowns it out by sheer volume.</p> <p>When you ask Cursor to "implement user registration," it pattern-matches against its training distribution. The most common association for "hash a password in Node.js" includes the crypto module with MD5 -- because that association appears millions of times in training data.</p> <p>The model isn't broken. It's doing what it learned. The problem is what it learned from.</p> <h2> The Fix </h2> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">bcrypt</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">bcrypt</span><span class="dl">'</span><span class="p">);</span> <span class="c1">// 12 rounds is the current recommended minimum</span> <span class="kd">const</span> <span class="nx">hash</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">bcrypt</span><span class="p">.</span><span class="nf">hash</span><span class="p">(</span><span class="nx">password</span><span class="p">,</span> <span class="mi">12</span><span class="p">);</span> <span class="c1">// ✅</span> <span class="c1">// Verification -- never compare raw strings</span> <span class="kd">const</span> <span class="nx">isValid</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">bcrypt</span><span class="p">.</span><span class="nf">compare</span><span class="p">(</span><span class="nx">inputPassword</span><span class="p">,</span> <span class="nx">storedHash</span><span class="p">);</span> <span class="c1">// ✅</span> </code></pre> </div> <p>For new projects, Argon2id is now OWASP's top recommendation:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">argon2</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">argon2</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">hash</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">argon2</span><span class="p">.</span><span class="nf">hash</span><span class="p">(</span><span class="nx">password</span><span class="p">);</span> <span class="c1">// Argon2id by default ✅</span> <span class="kd">const</span> <span class="nx">isValid</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">argon2</span><span class="p">.</span><span class="nf">verify</span><span class="p">(</span><span class="nx">hash</span><span class="p">,</span> <span class="nx">inputPassword</span><span class="p">);</span> <span class="c1">// ✅</span> </code></pre> </div> <p>Python:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">bcrypt</span> <span class="nb">hash</span> <span class="o">=</span> <span class="n">bcrypt</span><span class="p">.</span><span class="nf">hashpw</span><span class="p">(</span><span class="n">password</span><span class="p">.</span><span class="nf">encode</span><span class="p">(),</span> <span class="n">bcrypt</span><span class="p">.</span><span class="nf">gensalt</span><span class="p">(</span><span class="n">rounds</span><span class="o">=</span><span class="mi">12</span><span class="p">))</span> <span class="c1"># ✅ </span><span class="n">is_valid</span> <span class="o">=</span> <span class="n">bcrypt</span><span class="p">.</span><span class="nf">checkpw</span><span class="p">(</span><span class="n">input_password</span><span class="p">.</span><span class="nf">encode</span><span class="p">(),</span> <span class="nb">hash</span><span class="p">)</span> <span class="c1"># ✅ </span></code></pre> </div> <p>The cost factor matters. bcrypt at rounds=12 adds ~200-300ms per login check. Fine for users. For an attacker hashing billions of guesses, that latency scales linearly into years.</p> <h2> One Command to Check Your Codebase Now </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">grep</span> <span class="nt">-r</span> <span class="s2">"createHash"</span> <span class="nb">.</span> <span class="nt">--include</span><span class="o">=</span><span class="s2">"*.js"</span> <span class="nt">--include</span><span class="o">=</span><span class="s2">"*.ts"</span> <span class="nt">--include</span><span class="o">=</span><span class="s2">"*.py"</span> | <span class="nb">grep</span> <span class="nt">-iE</span> <span class="s2">"md5|sha1"</span> </code></pre> </div> <p>If that returns results near any auth code, fix it before anything else ships.</p> <p>I've been running <a href="https://safeweave.dev" rel="noopener noreferrer">SafeWeave</a> for this. It hooks into Cursor and Claude Code as an MCP server and flags these patterns before I move on. That said, even a basic pre-commit hook with semgrep and gitleaks will catch most of what's in this post. The important thing is catching it early, whatever tool you use.</p> security webdev ai devsecops 3 SQL Injection Patterns Cursor Keeps Writing Into Your API Charles Kern Sun, 26 Apr 2026 12:57:45 +0000 https://dev.to/c_k_fb750e731394/3-sql-injection-patterns-cursor-keeps-writing-into-your-api-5bnn https://dev.to/c_k_fb750e731394/3-sql-injection-patterns-cursor-keeps-writing-into-your-api-5bnn <h2> TL;DR </h2> <ul> <li>AI editors generate SQL queries with template literals -- directly injectable, CWE-89</li> <li>This pattern shows up in ~40% of vibe-coded backends with any database layer</li> <li>Fix: parameterized queries everywhere, no exceptions</li> </ul> <p>I was reviewing a friend's side project last week. Node.js API, React frontend, Postgres. Clean architecture, good folder structure. Then I looked at the query layer.</p> <p>Every single database call was built with template literals. Not one parameterized query in the whole codebase. I ran sqlmap against the search endpoint in about 30 seconds and had a full database dump.</p> <p>This wasn't my friend's oversight. Cursor wrote those queries. And it keeps writing them that way.</p> <h2> Pattern 1: The Classic Template Literal </h2> <p>You ask Cursor for a search endpoint. It gives you this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// CWE-89 -- SQL injection via template literal</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/users</span><span class="dl">'</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">query</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">users</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">db</span><span class="p">.</span><span class="nf">query</span><span class="p">(</span><span class="s2">`SELECT * FROM users WHERE name = '</span><span class="p">${</span><span class="nx">name</span><span class="p">}</span><span class="s2">'`</span><span class="p">);</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">users</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p><code>name</code> goes straight into the query string. A request with <code>name='; DROP TABLE users; --</code> does exactly what you think it does. No parsing, no escaping, just execution.</p> <p>The fix is one line:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">users</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">db</span><span class="p">.</span><span class="nf">query</span><span class="p">(</span><span class="dl">'</span><span class="s1">SELECT * FROM users WHERE name = $1</span><span class="dl">'</span><span class="p">,</span> <span class="p">[</span><span class="nx">name</span><span class="p">]);</span> </code></pre> </div> <p>The database driver handles escaping. The query structure is fixed at parse time. User input cannot change what the query does.</p> <h2> Pattern 2: String Concatenation </h2> <p>Older pattern, but Cursor still generates it when you ask for something simple like "fetch order by ID":<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// CWE-89 via string concatenation</span> <span class="kd">const</span> <span class="nx">order</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">db</span><span class="p">.</span><span class="nf">query</span><span class="p">(</span> <span class="dl">"</span><span class="s2">SELECT * FROM orders WHERE id = </span><span class="dl">"</span> <span class="o">+</span> <span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">id</span> <span class="p">);</span> </code></pre> </div> <p><code>req.params.id</code> is a string. It's never validated. If it contains SQL, it runs.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Parameterized</span> <span class="kd">const</span> <span class="nx">order</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">db</span><span class="p">.</span><span class="nf">query</span><span class="p">(</span> <span class="dl">'</span><span class="s1">SELECT * FROM orders WHERE id = $1</span><span class="dl">'</span><span class="p">,</span> <span class="p">[</span><span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">id</span><span class="p">]</span> <span class="p">);</span> </code></pre> </div> <p>Even for numeric-looking IDs, always parameterize. Add type validation on top if you want -- but parameterize first.</p> <h2> Pattern 3: ORM Escape Hatch </h2> <p>This one's the sneakiest. Developers assume using Sequelize or Prisma makes them safe. It doesn't, when the AI reaches for the raw query escape hatch:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Looks like ORM, but it's not safe</span> <span class="kd">const</span> <span class="nx">results</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">User</span><span class="p">.</span><span class="nf">findAll</span><span class="p">({</span> <span class="na">where</span><span class="p">:</span> <span class="nx">db</span><span class="p">.</span><span class="nf">literal</span><span class="p">(</span><span class="s2">`name = '</span><span class="p">${</span><span class="nx">req</span><span class="p">.</span><span class="nx">query</span><span class="p">.</span><span class="nx">search</span><span class="p">}</span><span class="s2">'`</span><span class="p">)</span> <span class="p">});</span> </code></pre> </div> <p><code>db.literal()</code> tells Sequelize to pass that string directly to the database unescaped. You're back to raw string interpolation, wrapped in an ORM call that makes it look safe.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Actual safe ORM usage</span> <span class="kd">const</span> <span class="nx">results</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">User</span><span class="p">.</span><span class="nf">findAll</span><span class="p">({</span> <span class="na">where</span><span class="p">:</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="nx">req</span><span class="p">.</span><span class="nx">query</span><span class="p">.</span><span class="nx">search</span> <span class="p">}</span> <span class="p">});</span> </code></pre> </div> <p>If you need complex conditions, Sequelize has <code>Op.like</code>, <code>Op.and</code>, <code>Op.or</code>. Use those. Never <code>db.literal()</code> with user-controlled input.</p> <h2> Why This Keeps Happening </h2> <p>Template literals and string concatenation dominate documentation, tutorials, and StackOverflow answers -- especially the older ones that LLMs were trained on. The unsafe pattern is readable. It makes the SQL structure obvious. It's what most examples show.</p> <p>LLMs pattern-match to what appeared most in training data. Parameterized queries show up less frequently there, because tutorial authors optimize for clarity, not security. The "security hardening" section at the bottom of a tutorial is what fewer people read, click on, and link to -- so it's underrepresented in training data.</p> <p>The model isn't choosing to generate insecure code. It's completing a token sequence that matches what it learned.</p> <h2> Catching It Before It Ships </h2> <p>Two grep commands that catch most of what Cursor generates:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Template literal SQL</span> <span class="nb">grep</span> <span class="nt">-rn</span> <span class="s1">'query.*\`.*\${'</span> ./src <span class="c"># String concatenation in queries</span> <span class="nb">grep</span> <span class="nt">-rn</span> <span class="s1">'query.*+.*req\.'</span> ./src </code></pre> </div> <p>Run these in pre-commit. They won't catch everything, but they catch the most common AI-generated patterns.</p> <p>I've been running <a href="https://safeweave.dev" rel="noopener noreferrer">SafeWeave</a> for this. It hooks into Cursor and Claude Code as an MCP server and flags these patterns before I move on. That said, even a basic pre-commit hook with semgrep and gitleaks will catch most of what's in this post. The important thing is catching it early, whatever tool you use.</p> security webdev ai devsecops Prototype Pollution: What Cursor's Object Merge Code Misses Charles Kern Sat, 25 Apr 2026 20:24:02 +0000 https://dev.to/c_k_fb750e731394/prototype-pollution-what-cursors-object-merge-code-misses-329k https://dev.to/c_k_fb750e731394/prototype-pollution-what-cursors-object-merge-code-misses-329k <h2> TL;DR </h2> <ul> <li>Cursor and Claude Code default to <code>for...in</code> object merge -- a CWE-1321 prototype pollution vector</li> <li>Root cause: AI training data skews toward pre-2019 StackOverflow answers that predate <code>Object.hasOwn()</code> </li> <li>One-line fix closes it entirely -- AI just never adds it unless you ask</li> </ul> <p>Last week I was reviewing a side project a friend asked me to look over. Node backend, built almost entirely in Cursor. Clean structure, good variable names, even some inline comments. Genuinely readable. Then I hit the utility functions.</p> <p>One was a deep merge helper. The kind every backend has -- takes two objects, recursively merges keys. AI writes these instantly. The problem is what it doesn't write.</p> <p>Here's what Cursor generated, verbatim:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// CWE-1321 -- prototype pollution via for...in merge</span> <span class="kd">function</span> <span class="nf">deepMerge</span><span class="p">(</span><span class="nx">target</span><span class="p">,</span> <span class="nx">source</span><span class="p">)</span> <span class="p">{</span> <span class="k">for </span><span class="p">(</span><span class="kd">const</span> <span class="nx">key</span> <span class="k">in</span> <span class="nx">source</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">source</span><span class="p">[</span><span class="nx">key</span><span class="p">]</span> <span class="o">&amp;&amp;</span> <span class="k">typeof</span> <span class="nx">source</span><span class="p">[</span><span class="nx">key</span><span class="p">]</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">object</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="nx">target</span><span class="p">[</span><span class="nx">key</span><span class="p">]</span> <span class="o">=</span> <span class="nf">deepMerge</span><span class="p">(</span><span class="nx">target</span><span class="p">[</span><span class="nx">key</span><span class="p">]</span> <span class="o">||</span> <span class="p">{},</span> <span class="nx">source</span><span class="p">[</span><span class="nx">key</span><span class="p">]);</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="nx">target</span><span class="p">[</span><span class="nx">key</span><span class="p">]</span> <span class="o">=</span> <span class="nx">source</span><span class="p">[</span><span class="nx">key</span><span class="p">];</span> <span class="p">}</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">target</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p><code>for...in</code> iterates inherited properties. If an attacker controls the <code>source</code> object -- via a JSON body, a query param, a config file -- they can inject <code>__proto__</code> as a key and pollute <code>Object.prototype</code> for the entire Node process.</p> <p>Concretely:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nf">deepMerge</span><span class="p">({},</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">parse</span><span class="p">(</span><span class="dl">'</span><span class="s1">{"__proto__": {"isAdmin": true}}</span><span class="dl">'</span><span class="p">));</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">({}.</span><span class="nx">isAdmin</span><span class="p">);</span> <span class="c1">// true -- every object in the process is now an admin</span> </code></pre> </div> <p>Admin endpoints become public. Audit logs get skipped. Auth middleware that checks <code>req.user.isAdmin</code> becomes worthless.</p> <h2> Why AI Keeps Writing This </h2> <p>The <code>for...in</code> merge is the canonical StackOverflow answer from roughly 2013 to 2019. Thousands of upvoted posts, hundreds of blog tutorials, dozens of npm packages that shipped this pattern and never updated. LLMs trained on that corpus reproduce it faithfully.</p> <p><code>Object.hasOwn()</code> and explicit <code>__proto__</code> guards are more recent conventions. They exist in the training data, but mostly in security-focused articles -- not in the general "how to deep merge objects in JS" posts that dominate the corpus. The model defaults to the most statistically common answer. That answer is the insecure one.</p> <p>This isn't specific to Cursor. Claude Code does it. Copilot does it. Any model trained on pre-2020 JavaScript tutorials will reproduce this pattern. The only thing that changes it is context -- if your prompt or surrounding code signals a security focus, the model sometimes adds the guard. Most prompts don't.</p> <h2> The Fix </h2> <p>Two options. Pick one.</p> <p><strong>Option 1 -- Guard with <code>Object.hasOwn()</code> (minimal change):</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">function</span> <span class="nf">deepMerge</span><span class="p">(</span><span class="nx">target</span><span class="p">,</span> <span class="nx">source</span><span class="p">)</span> <span class="p">{</span> <span class="k">for </span><span class="p">(</span><span class="kd">const</span> <span class="nx">key</span> <span class="k">in</span> <span class="nx">source</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nb">Object</span><span class="p">.</span><span class="nf">hasOwn</span><span class="p">(</span><span class="nx">source</span><span class="p">,</span> <span class="nx">key</span><span class="p">))</span> <span class="k">continue</span><span class="p">;</span> <span class="c1">// blocks __proto__ + inherited keys</span> <span class="k">if </span><span class="p">(</span><span class="nx">source</span><span class="p">[</span><span class="nx">key</span><span class="p">]</span> <span class="o">&amp;&amp;</span> <span class="k">typeof</span> <span class="nx">source</span><span class="p">[</span><span class="nx">key</span><span class="p">]</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">object</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="nx">target</span><span class="p">[</span><span class="nx">key</span><span class="p">]</span> <span class="o">=</span> <span class="nf">deepMerge</span><span class="p">(</span><span class="nx">target</span><span class="p">[</span><span class="nx">key</span><span class="p">]</span> <span class="o">||</span> <span class="p">{},</span> <span class="nx">source</span><span class="p">[</span><span class="nx">key</span><span class="p">]);</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="nx">target</span><span class="p">[</span><span class="nx">key</span><span class="p">]</span> <span class="o">=</span> <span class="nx">source</span><span class="p">[</span><span class="nx">key</span><span class="p">];</span> <span class="p">}</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">target</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p><strong>Option 2 -- Switch to <code>Object.keys()</code> (only own enumerable props, no inherited iteration):</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">function</span> <span class="nf">deepMerge</span><span class="p">(</span><span class="nx">target</span><span class="p">,</span> <span class="nx">source</span><span class="p">)</span> <span class="p">{</span> <span class="nb">Object</span><span class="p">.</span><span class="nf">keys</span><span class="p">(</span><span class="nx">source</span><span class="p">).</span><span class="nf">forEach</span><span class="p">(</span><span class="nx">key</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">source</span><span class="p">[</span><span class="nx">key</span><span class="p">]</span> <span class="o">&amp;&amp;</span> <span class="k">typeof</span> <span class="nx">source</span><span class="p">[</span><span class="nx">key</span><span class="p">]</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">object</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="nx">target</span><span class="p">[</span><span class="nx">key</span><span class="p">]</span> <span class="o">=</span> <span class="nf">deepMerge</span><span class="p">(</span><span class="nx">target</span><span class="p">[</span><span class="nx">key</span><span class="p">]</span> <span class="o">||</span> <span class="p">{},</span> <span class="nx">source</span><span class="p">[</span><span class="nx">key</span><span class="p">]);</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="nx">target</span><span class="p">[</span><span class="nx">key</span><span class="p">]</span> <span class="o">=</span> <span class="nx">source</span><span class="p">[</span><span class="nx">key</span><span class="p">];</span> <span class="p">}</span> <span class="p">});</span> <span class="k">return</span> <span class="nx">target</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>Option 1 is the minimal change if you're not refactoring. Option 2 is cleaner and removes the inherited iteration entirely.</p> <p>If you're parsing untrusted JSON before merging, add a shape check:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">function</span> <span class="nf">isSafeObject</span><span class="p">(</span><span class="nx">obj</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="o">!</span><span class="p">(</span><span class="dl">'</span><span class="s1">__proto__</span><span class="dl">'</span> <span class="k">in</span> <span class="nx">obj</span><span class="p">)</span> <span class="o">&amp;&amp;</span> <span class="o">!</span><span class="p">(</span><span class="dl">'</span><span class="s1">constructor</span><span class="dl">'</span> <span class="k">in</span> <span class="nx">obj</span><span class="p">)</span> <span class="o">&amp;&amp;</span> <span class="o">!</span><span class="p">(</span><span class="dl">'</span><span class="s1">prototype</span><span class="dl">'</span> <span class="k">in</span> <span class="nx">obj</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>Reject payloads that fail this check before they reach your merge function.</p> <h2> One More Thing </h2> <p>This pattern doesn't just live in utility files. It shows up in config loaders, settings mergers, patch endpoints, and anywhere an AI generates "merge user input with defaults." Search your repo for <code>for (const key in</code> and audit every hit. The vulnerability surface is usually wider than one file.</p> <p>I've been running <a href="https://safeweave.dev" rel="noopener noreferrer">SafeWeave</a> for this. It hooks into Cursor and Claude Code as an MCP server and flags these patterns before I move on. That said, even a basic pre-commit hook with semgrep and gitleaks will catch most of what's in this post. The important thing is catching it early, whatever tool you use.</p> security webdev ai devsecops Cursor Keeps Writing IDOR Into Your APIs. Here's the Fix. Charles Kern Fri, 24 Apr 2026 05:34:44 +0000 https://dev.to/c_k_fb750e731394/cursor-keeps-writing-idor-into-your-apis-heres-the-fix-245m https://dev.to/c_k_fb750e731394/cursor-keeps-writing-idor-into-your-apis-heres-the-fix-245m <h2> TL;DR </h2> <ul> <li>AI editors generate authenticated endpoints with no ownership verification</li> <li>Any valid JWT holder can read any other user's data by guessing an ID</li> <li>Fix: scope the query to the requesting user, or check ownership immediately after fetch</li> </ul> <p>I've been reviewing side-project codebases for the past few weeks. The stack varies -- Express, FastAPI, Rails, doesn't matter. The bug is always the same.</p> <p>Someone asked Cursor or Claude Code to add an API endpoint to fetch user data. The AI wrote working code. Correct query, correct response shape, even a 404 handler. What it skipped was the line that checks whether the person asking actually owns the record they're asking for.</p> <p>This is IDOR -- Insecure Direct Object Reference. CWE-862. OWASP Top 10. The reason it keeps showing up in AI-generated code isn't random.</p> <h2> The Vulnerable Endpoint </h2> <p>Here's the pattern:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// CWE-862 -- Missing Authorization</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/documents/:id</span><span class="dl">'</span><span class="p">,</span> <span class="nx">authenticateToken</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">doc</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">Document</span><span class="p">.</span><span class="nf">findById</span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">id</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">doc</span><span class="p">)</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">404</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Not found</span><span class="dl">'</span> <span class="p">});</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">doc</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p>The middleware runs. The user is authenticated. But the document goes back to whoever asked, regardless of whether they own it. Authenticated but unauthorized. That's the gap.</p> <p>Exploiting it is trivial. Open the network tab, grab any document ID from your own responses, increment it by 1, send the same request. If the server responds with another user's document, you've found the bug.</p> <h2> Why AI Gets This Wrong </h2> <p>The training data problem is straightforward. Tutorials that demonstrate "how to build a REST API" don't include authorization logic. They prove the concept. The code gets the data and returns it. That's enough to teach the pattern.</p> <p>When you ask the AI to "add an endpoint that returns a document by ID", it does exactly that. It doesn't anticipate that an authenticated attacker will probe IDs they don't own. The happy path works. The adversarial path is invisible to it.</p> <h2> The Fix </h2> <p>Two lines added immediately after the fetch:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Fixed -- ownership check before response</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/documents/:id</span><span class="dl">'</span><span class="p">,</span> <span class="nx">authenticateToken</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">doc</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">Document</span><span class="p">.</span><span class="nf">findById</span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">id</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">doc</span><span class="p">)</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">404</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Not found</span><span class="dl">'</span> <span class="p">});</span> <span class="k">if </span><span class="p">(</span><span class="nx">doc</span><span class="p">.</span><span class="nx">userId</span><span class="p">.</span><span class="nf">toString</span><span class="p">()</span> <span class="o">!==</span> <span class="nx">req</span><span class="p">.</span><span class="nx">user</span><span class="p">.</span><span class="nx">id</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">403</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Forbidden</span><span class="dl">'</span> <span class="p">});</span> <span class="p">}</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">doc</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p>Or scope the query from the start so the check is structural:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">doc</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">Document</span><span class="p">.</span><span class="nf">findOne</span><span class="p">({</span> <span class="na">_id</span><span class="p">:</span> <span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span> <span class="na">userId</span><span class="p">:</span> <span class="nx">req</span><span class="p">.</span><span class="nx">user</span><span class="p">.</span><span class="nx">id</span> <span class="p">});</span> </code></pre> </div> <p>Same fix across frameworks. Django: <code>Document.objects.get(pk=id, user=request.user)</code>. FastAPI: inject <code>current_user</code> and filter by owner. Rails: <code>current_user.documents.find(params[:id])</code>.</p> <p>The rule is simple: never return a user-scoped resource fetched by ID alone.</p> <h2> Where to Catch It </h2> <p>Audit every route that accepts an <code>:id</code> or <code>?id=</code> parameter and returns a database record. Count the ownership checks. Any route missing one is an IDOR candidate.</p> <p>A semgrep one-liner:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>semgrep <span class="nt">--config</span><span class="o">=</span>r/owasp.idor <span class="nb">.</span> <span class="nt">--include</span><span class="o">=</span><span class="s2">"*.js"</span> <span class="nt">--include</span><span class="o">=</span><span class="s2">"*.py"</span> </code></pre> </div> <p>I've been running <a href="https://safeweave.dev" rel="noopener noreferrer">SafeWeave</a> for this. It hooks into Cursor and Claude Code as an MCP server and flags these patterns before I move on. That said, even a basic pre-commit hook with semgrep and gitleaks will catch most of what's in this post. The important thing is catching it early, whatever tool you use.</p> security webdev ai devsecops IDOR in Cursor-Generated Code: The Auth Bug Nobody Checks For Charles Kern Thu, 23 Apr 2026 13:42:10 +0000 https://dev.to/c_k_fb750e731394/idor-in-cursor-generated-code-the-auth-bug-nobody-checks-for-1hja https://dev.to/c_k_fb750e731394/idor-in-cursor-generated-code-the-auth-bug-nobody-checks-for-1hja <h2> TL;DR </h2> <ul> <li>AI-generated CRUD endpoints routinely skip ownership checks (CWE-639)</li> <li>Any authenticated user can read, modify, or delete another user's data</li> <li>Fix: one ownership check before every data access, no exceptions</li> </ul> <p>I've been reviewing AI-assisted codebases for a while now, and one pattern keeps showing up more than any other. Not SQL injection, not hardcoded secrets -- those get caught. The one that slips through is IDOR: Insecure Direct Object Reference.</p> <p>Here's what it looks like. You ask Cursor to build a task detail endpoint. It generates this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// ❌ CWE-639: No ownership check</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/tasks/:id</span><span class="dl">'</span><span class="p">,</span> <span class="nx">authenticate</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">task</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">Task</span><span class="p">.</span><span class="nf">findById</span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">id</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">task</span><span class="p">)</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">404</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Not found</span><span class="dl">'</span> <span class="p">});</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">task</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p>The <code>authenticate</code> middleware runs. JWT is validated. The user is "authenticated." But the handler fetches whatever ID was in the URL and returns it -- no check that <code>task.userId === req.user.id</code>.</p> <p>An attacker with a valid account can iterate IDs: <code>/api/tasks/1</code>, <code>/api/tasks/2</code>, <code>/api/tasks/3</code>. They pull every record in the database. The same flaw shows up on write routes:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// ❌ CWE-639: Anyone can overwrite anyone's data</span> <span class="nx">app</span><span class="p">.</span><span class="nf">put</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/tasks/:id</span><span class="dl">'</span><span class="p">,</span> <span class="nx">authenticate</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">task</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">Task</span><span class="p">.</span><span class="nf">findByIdAndUpdate</span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span> <span class="nx">req</span><span class="p">.</span><span class="nx">body</span><span class="p">,</span> <span class="p">{</span> <span class="na">new</span><span class="p">:</span> <span class="kc">true</span> <span class="p">});</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">task</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p>Any authenticated user can update any task. Delete any record. IDOR has been in the OWASP Top 10 for a reason.</p> <h2> Why AI Keeps Getting This Wrong </h2> <p>Most authentication examples online show JWT validation and middleware setup. The ownership check is domain-specific -- it depends on the data model -- so it rarely appears in generic tutorials or StackOverflow answers.</p> <p>AI models learn those patterns. They know to add <code>authenticate</code> middleware. They don't consistently learn that authentication (who you are) and authorization (what you can access) are separate concerns requiring separate checks.</p> <p>Authentication: are you logged in?<br> Authorization: is this yours?</p> <p>Cursor handles the first. It skips the second.</p> <h2> The Fix </h2> <p>One ownership check per data operation:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// ✅ Verify ownership after fetching</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/tasks/:id</span><span class="dl">'</span><span class="p">,</span> <span class="nx">authenticate</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">task</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">Task</span><span class="p">.</span><span class="nf">findById</span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">id</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">task</span><span class="p">)</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">404</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Not found</span><span class="dl">'</span> <span class="p">});</span> <span class="k">if </span><span class="p">(</span><span class="nx">task</span><span class="p">.</span><span class="nx">userId</span><span class="p">.</span><span class="nf">toString</span><span class="p">()</span> <span class="o">!==</span> <span class="nx">req</span><span class="p">.</span><span class="nx">user</span><span class="p">.</span><span class="nx">id</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">403</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Forbidden</span><span class="dl">'</span> <span class="p">});</span> <span class="p">}</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">task</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p>Return 403, not 404, on access denial. 404 makes the resource appear nonexistent -- useful in some threat models, confusing in most production apps.</p> <p>For write operations, enforce ownership directly in the database query -- atomic, no race condition:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// ✅ Ownership enforced at query level</span> <span class="kd">const</span> <span class="nx">task</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">Task</span><span class="p">.</span><span class="nf">findOneAndUpdate</span><span class="p">(</span> <span class="p">{</span> <span class="na">_id</span><span class="p">:</span> <span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span> <span class="na">userId</span><span class="p">:</span> <span class="nx">req</span><span class="p">.</span><span class="nx">user</span><span class="p">.</span><span class="nx">id</span> <span class="p">},</span> <span class="nx">req</span><span class="p">.</span><span class="nx">body</span><span class="p">,</span> <span class="p">{</span> <span class="na">new</span><span class="p">:</span> <span class="kc">true</span> <span class="p">}</span> <span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">task</span><span class="p">)</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">404</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Not found or forbidden</span><span class="dl">'</span> <span class="p">});</span> </code></pre> </div> <p>The pattern applies beyond tasks. Files, comments, profiles, settings -- any resource tied to a user needs an ownership check on every read, write, and delete. One check. Every time. No exceptions.</p> <p>I've been running <a href="https://safeweave.dev" rel="noopener noreferrer">SafeWeave</a> for this. It hooks into Cursor and Claude Code as an MCP server and flags missing ownership checks before I move on. That said, even a basic pre-commit hook with semgrep rules for CWE-639 will catch most of what's in this post. The important thing is catching it early, whatever tool you use.</p> security webdev ai devsecops IDOR in AI-Generated Code: What Cursor Won't Check for You Charles Kern Wed, 22 Apr 2026 17:59:30 +0000 https://dev.to/c_k_fb750e731394/idor-in-ai-generated-code-what-cursor-wont-check-for-you-4g9h https://dev.to/c_k_fb750e731394/idor-in-ai-generated-code-what-cursor-wont-check-for-you-4g9h <h2> TL;DR </h2> <ul> <li>Cursor generates authenticated API routes with no ownership verification by default</li> <li>This creates IDOR (CWE-639) -- any logged-in user can read or delete any other user's data</li> <li>Fix is 3 lines: check <code>resource.userId === req.user.id</code> before returning anything</li> </ul> <p>I was reviewing a friend's side project last week. TypeScript, Prisma, built almost entirely in Cursor. Clean code, good structure, auth middleware on every route.</p> <p>I asked him to pull up his <code>/api/documents/:id</code> endpoint.</p> <p>No ownership check. User 42 could request <code>/api/documents/1</code> and get user 1's private documents back with a 200. No error. No log. Just data. He had no idea -- Cursor never flagged it.</p> <h2> The Vulnerable Code Pattern (CWE-639) </h2> <p>Prompt Cursor with "create a GET endpoint to fetch a document by ID" and you'll get something like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// ❌ CWE-639: No ownership verification</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/documents/:id</span><span class="dl">'</span><span class="p">,</span> <span class="nx">authenticate</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">doc</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">prisma</span><span class="p">.</span><span class="nb">document</span><span class="p">.</span><span class="nf">findUnique</span><span class="p">({</span> <span class="na">where</span><span class="p">:</span> <span class="p">{</span> <span class="na">id</span><span class="p">:</span> <span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">id</span> <span class="p">}</span> <span class="p">});</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">doc</span><span class="p">)</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">404</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Not found</span><span class="dl">'</span> <span class="p">});</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">doc</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p>The <code>authenticate</code> middleware is there. JWT is verified. But there's no check that <code>doc.userId === req.user.id</code>.</p> <p>Any authenticated user can iterate IDs -- <code>/api/documents/1</code>, <code>/api/documents/2</code> -- and pull every record in the database. That's a textbook IDOR (Insecure Direct Object Reference).</p> <h2> Why AI Keeps Writing This </h2> <p>AI code assistants are trained on millions of tutorials and StackOverflow answers. Most of those examples show authentication. Almost none show authorization.</p> <p>Authentication answers "are you who you claim to be?" Authorization answers "are you allowed to access <em>this specific</em> resource?" The second check is nearly absent from tutorial code -- tutorials demonstrate concepts, not production security patterns.</p> <p>Cursor, Claude Code, Copilot -- they all reproduce this gap faithfully. When you prompt for a CRUD endpoint, the model generates code that satisfies the prompt. Ownership checking isn't in the prompt, so it doesn't appear in the output.</p> <h2> The Fix -- 3 Lines </h2> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// ✅ Ownership check added</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/documents/:id</span><span class="dl">'</span><span class="p">,</span> <span class="nx">authenticate</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">doc</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">prisma</span><span class="p">.</span><span class="nb">document</span><span class="p">.</span><span class="nf">findUnique</span><span class="p">({</span> <span class="na">where</span><span class="p">:</span> <span class="p">{</span> <span class="na">id</span><span class="p">:</span> <span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">id</span> <span class="p">}</span> <span class="p">});</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">doc</span><span class="p">)</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">404</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Not found</span><span class="dl">'</span> <span class="p">});</span> <span class="c1">// The three lines that matter:</span> <span class="k">if </span><span class="p">(</span><span class="nx">doc</span><span class="p">.</span><span class="nx">userId</span> <span class="o">!==</span> <span class="nx">req</span><span class="p">.</span><span class="nx">user</span><span class="p">.</span><span class="nx">id</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">403</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Forbidden</span><span class="dl">'</span> <span class="p">});</span> <span class="p">}</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">doc</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p>A few things worth noting:</p> <p><strong>Return 403, not 404.</strong> Some teams prefer 404 to avoid leaking that the resource exists. Both are defensible -- pick one and stay consistent across your API.</p> <p><strong>Don't just filter in the query.</strong> Adding <code>userId: req.user.id</code> to the <code>where</code> clause silently returns null instead of throwing 403. It works, but it makes debugging harder and breaks explicit logging. Make intent clear.</p> <p><strong>Check before business logic runs.</strong> If anything happens between fetching and returning the resource, gate on ownership first.</p> <p>I've been running <a href="https://safeweave.dev" rel="noopener noreferrer">SafeWeave</a> for this. It hooks into Cursor and Claude Code as an MCP server and flags these patterns before I move on. That said, even a basic semgrep rule watching for <code>findUnique</code> calls without an ownership comparison will catch most of what's in this post. The important thing is catching it early, whatever tool you use.</p> security webdev ai devsecops IDOR in AI-Generated APIs: What Cursor Won't Check for You Charles Kern Tue, 21 Apr 2026 21:39:39 +0000 https://dev.to/c_k_fb750e731394/idor-in-ai-generated-apis-what-cursor-wont-check-for-you-2llb https://dev.to/c_k_fb750e731394/idor-in-ai-generated-apis-what-cursor-wont-check-for-you-2llb <h2> TL;DR </h2> <ul> <li>AI editors generate routes that fetch resources by ID with no ownership check -- classic IDOR (CWE-639)</li> <li>The pattern is everywhere in vibe-coded apps: any authenticated user can read any other user's data</li> <li>One extra condition in the DB query fixes it -- the problem is AI doesn't add it unless you ask</li> </ul> <p>I reviewed a side project last month. Node/Express backend, Cursor-generated, clean structure, well-commented. The developer was proud of their auth setup -- JWT tokens, bcrypt passwords, protected routes. Proper stuff.</p> <p>Then I hit /api/orders/1. Logged in as user 847, I got back user 1's order. All of it. Name, address, items, total. Switched to /api/orders/2. Same result. The API was authenticated -- you needed a valid JWT to reach it. But it didn't care whose JWT you had.</p> <p>This is IDOR: Insecure Direct Object Reference. OWASP ranks it #1 in the API Security Top 10. And AI editors reproduce it on every resource endpoint they generate.</p> <h2> The Vulnerable Pattern </h2> <p>Here's what Cursor outputs when you prompt "an endpoint to fetch a user's order":<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// CWE-639: Authorization Bypass Through User-Controlled Key</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/orders/:id</span><span class="dl">'</span><span class="p">,</span> <span class="nx">authenticate</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">order</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">Order</span><span class="p">.</span><span class="nf">findById</span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">id</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">order</span><span class="p">)</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">404</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Not found</span><span class="dl">'</span> <span class="p">});</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">order</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p>Authentication check: yes. Ownership check: no.</p> <p>User 42 can hit /api/orders/99 and read user 99's full order. The only defense is knowing the right ID -- and order IDs are usually sequential integers or guessable UUIDs.</p> <p>The AI isn't being careless. It completed the stated task: fetch an order by ID, require auth. The ownership check is implicit domain knowledge that didn't make it into the prompt.</p> <h2> Why This Keeps Happening </h2> <p>LLMs train on GitHub and Stack Overflow. The examples there show authentication patterns -- middleware, JWT verification, session checks. Ownership checks are rarer in tutorials because they're application-specific: the code needs to know your data model and your business rule ("a user can only access their own order").</p> <p>AI doesn't know your data model unless you tell it. Most prompts don't include "and make sure the requesting user owns this resource." So the AI skips it -- not out of negligence, but because the constraint was never in the prompt.</p> <p>The result: correctly authenticated, completely unauthorized.</p> <h2> The Fix </h2> <p>One extra condition in the DB query:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/orders/:id</span><span class="dl">'</span><span class="p">,</span> <span class="nx">authenticate</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// Query with userId -- DB-level ownership check</span> <span class="kd">const</span> <span class="nx">order</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">Order</span><span class="p">.</span><span class="nf">findOne</span><span class="p">({</span> <span class="na">_id</span><span class="p">:</span> <span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span> <span class="na">userId</span><span class="p">:</span> <span class="nx">req</span><span class="p">.</span><span class="nx">user</span><span class="p">.</span><span class="nx">id</span> <span class="p">});</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">order</span><span class="p">)</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">404</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Not found</span><span class="dl">'</span> <span class="p">});</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">order</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p>This is better than a separate if-check for two reasons. First, no information leakage -- returning 404 instead of 403 means the caller can't confirm whether ID 99 exists and belongs to someone else. Second, ownership is enforced at the query level, so there's no way to forget to check after the fetch.</p> <h2> Audit Your Existing Routes </h2> <p>A quick grep surfaces the candidates:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">grep</span> <span class="nt">-rn</span> <span class="s2">"req.params"</span> src/ | <span class="nb">grep</span> <span class="s2">"findById</span><span class="se">\|</span><span class="s2">findOne"</span> </code></pre> </div> <p>Any hit that doesn't include userId or req.user in the same query is a likely IDOR. Review each one manually.</p> <p>For Express specifically: check every route using req.params.id, req.params.postId, req.params.orderId, and similar. If the query uses only the ID param and not the user ID, that endpoint probably has this bug. Check nested resources too -- /api/posts/:postId/comments/:commentId is two levels of ownership to verify.</p> <p>I've been running <a href="https://safeweave.dev" rel="noopener noreferrer">SafeWeave</a> for this. It hooks into Cursor and Claude Code as an MCP server and flags these patterns before I move on. That said, even a basic pre-commit hook with semgrep and gitleaks will catch most of what's in this post. The important thing is catching it early, whatever tool you use.</p> security webdev ai devsecops