DEV Community: Charles Kern The latest articles on DEV Community by Charles Kern (@chandan_karn_fb750e731394). https://dev.to/chandan_karn_fb750e731394 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3627925%2F0bd3af48-c590-477c-87ef-048885c2a1e3.png DEV Community: Charles Kern https://dev.to/chandan_karn_fb750e731394 en Why Cursor Keeps Writing MD5 for Passwords (And How to Fix It) Charles Kern Thu, 30 Apr 2026 17:12:11 +0000 https://dev.to/chandan_karn_fb750e731394/why-cursor-keeps-writing-md5-for-passwords-and-how-to-fix-it-3de8 https://dev.to/chandan_karn_fb750e731394/why-cursor-keeps-writing-md5-for-passwords-and-how-to-fix-it-3de8 <h2> TL;DR </h2> <ul> <li>AI editors frequently output MD5 or SHA-1 for password hashing -- both broken for this purpose</li> <li>Root cause: training data from pre-2015 tutorials where MD5 was common practice</li> <li>Fix: bcrypt (cost 12) or argon2. Pick one. Three-line swap.</li> </ul> <p>I was reviewing a friend's side project last month. Node.js backend, clean architecture, React frontend. He'd built the whole thing with Cursor over a weekend. The auth flow looked right at a glance -- passwords were stored as hashes, login worked, tests passed.</p> <p>Then I saw the hashing function.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">hashlib</span> <span class="n">hashed</span> <span class="o">=</span> <span class="n">hashlib</span><span class="p">.</span><span class="nf">md5</span><span class="p">(</span><span class="n">password</span><span class="p">.</span><span class="nf">encode</span><span class="p">()).</span><span class="nf">hexdigest</span><span class="p">()</span> <span class="c1"># CWE-328 </span></code></pre> </div> <p>MD5 is not a password hashing algorithm. It never was. It's a checksum function that completes in under 1 microsecond per hash. On a consumer GPU, an attacker can run 60 billion MD5 hashes per second. The entire rockyou2024 dataset -- 10 billion passwords -- cracked in under 3 minutes.</p> <h2> Why AI Editors Keep Generating This </h2> <p>It's not a model bug. It's a training data artifact.</p> <p>The internet has thousands of Python and PHP tutorials from 2008-2015 that use MD5 for password storage. Stack Overflow answers with thousands of upvotes. Old framework docs. These pages rank well in search, which means they were in the training corpus.</p> <p>When you type "hash user password Python", the model pattern-matches against the most common code it's seen -- and that code is frequently from a decade ago. The model has no concept of "this was common but is now a known vulnerability". It sees frequency. MD5 appears often next to "password hash" in training data, so it appears often in output.</p> <p>SHA-1 shows up for the same reason. Slightly slower than MD5, equally broken for this use case.</p> <h2> The Vulnerable Pattern </h2> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># CWE-328: Use of Weak Hash -- AI-generated output </span><span class="kn">import</span> <span class="n">hashlib</span> <span class="k">def</span> <span class="nf">hash_password</span><span class="p">(</span><span class="n">password</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">str</span><span class="p">:</span> <span class="k">return</span> <span class="n">hashlib</span><span class="p">.</span><span class="nf">md5</span><span class="p">(</span><span class="n">password</span><span class="p">.</span><span class="nf">encode</span><span class="p">()).</span><span class="nf">hexdigest</span><span class="p">()</span> <span class="c1"># ❌ </span> <span class="k">def</span> <span class="nf">verify_password</span><span class="p">(</span><span class="n">password</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">stored_hash</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">bool</span><span class="p">:</span> <span class="k">return</span> <span class="n">hashlib</span><span class="p">.</span><span class="nf">md5</span><span class="p">(</span><span class="n">password</span><span class="p">.</span><span class="nf">encode</span><span class="p">()).</span><span class="nf">hexdigest</span><span class="p">()</span> <span class="o">==</span> <span class="n">stored_hash</span> <span class="c1"># ❌ </span></code></pre> </div> <p>This is the exact output Cursor gives when you prompt "add password hashing to this Flask endpoint" with no other context. The JavaScript version is equally common:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// CWE-328 -- same problem</span> <span class="kd">const</span> <span class="nx">crypto</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">crypto</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">hash</span> <span class="o">=</span> <span class="nx">crypto</span><span class="p">.</span><span class="nf">createHash</span><span class="p">(</span><span class="dl">'</span><span class="s1">md5</span><span class="dl">'</span><span class="p">).</span><span class="nf">update</span><span class="p">(</span><span class="nx">password</span><span class="p">).</span><span class="nf">digest</span><span class="p">(</span><span class="dl">'</span><span class="s1">hex</span><span class="dl">'</span><span class="p">);</span> <span class="c1">// ❌</span> </code></pre> </div> <h2> The Fix </h2> <p>bcrypt is the safe default. Deliberately slow, well-audited, supported in every language:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">bcrypt</span> <span class="k">def</span> <span class="nf">hash_password</span><span class="p">(</span><span class="n">password</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">bytes</span><span class="p">:</span> <span class="k">return</span> <span class="n">bcrypt</span><span class="p">.</span><span class="nf">hashpw</span><span class="p">(</span><span class="n">password</span><span class="p">.</span><span class="nf">encode</span><span class="p">(),</span> <span class="n">bcrypt</span><span class="p">.</span><span class="nf">gensalt</span><span class="p">(</span><span class="n">rounds</span><span class="o">=</span><span class="mi">12</span><span class="p">))</span> <span class="c1"># ✅ </span> <span class="k">def</span> <span class="nf">verify_password</span><span class="p">(</span><span class="n">password</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">stored_hash</span><span class="p">:</span> <span class="nb">bytes</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">bool</span><span class="p">:</span> <span class="k">return</span> <span class="n">bcrypt</span><span class="p">.</span><span class="nf">checkpw</span><span class="p">(</span><span class="n">password</span><span class="p">.</span><span class="nf">encode</span><span class="p">(),</span> <span class="n">stored_hash</span><span class="p">)</span> <span class="c1"># ✅ </span></code></pre> </div> <p>The <code>rounds=12</code> work factor means each hash takes ~250ms. A GPU that cracks MD5 at 60B hashes/sec is reduced to ~1,000 bcrypt hashes/sec. The economics of brute force collapse.</p> <p>For new projects, argon2 is the current OWASP recommendation:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">argon2</span> <span class="kn">import</span> <span class="n">PasswordHasher</span> <span class="n">ph</span> <span class="o">=</span> <span class="nc">PasswordHasher</span><span class="p">()</span> <span class="n">hashed</span> <span class="o">=</span> <span class="n">ph</span><span class="p">.</span><span class="nf">hash</span><span class="p">(</span><span class="n">password</span><span class="p">)</span> <span class="c1"># ✅ </span><span class="n">ph</span><span class="p">.</span><span class="nf">verify</span><span class="p">(</span><span class="n">hashed</span><span class="p">,</span> <span class="n">password</span><span class="p">)</span> <span class="c1"># ✅ </span></code></pre> </div> <p>Node.js:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">bcrypt</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">bcrypt</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">hash</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">bcrypt</span><span class="p">.</span><span class="nf">hash</span><span class="p">(</span><span class="nx">password</span><span class="p">,</span> <span class="mi">12</span><span class="p">);</span> <span class="c1">// ✅</span> <span class="kd">const</span> <span class="nx">match</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">bcrypt</span><span class="p">.</span><span class="nf">compare</span><span class="p">(</span><span class="nx">password</span><span class="p">,</span> <span class="nx">hash</span><span class="p">);</span> <span class="c1">// ✅</span> </code></pre> </div> <p>One migration note: if you have existing MD5 hashes in your database, you cannot re-hash them -- you don't have the plaintext. The correct path is re-hashing on next login. User logs in, verify against MD5, then immediately replace with bcrypt. Active users migrate naturally. Dormant accounts get a forced password reset.</p> <p>Also -- add this to your <code>.cursorrules</code>: "For all password hashing, use bcrypt cost 12 or argon2. Never use MD5, SHA-1, or SHA-256 for password storage." One instruction. The model follows it every time.</p> <p>I've been running <a href="https://safeweave.dev" rel="noopener noreferrer">SafeWeave</a> for this. It hooks into Cursor and Claude Code as an MCP server and flags these patterns before I move on. That said, even a basic pre-commit hook with semgrep and gitleaks will catch most of what's in this post. The important thing is catching it early, whatever tool you use.</p> security webdev ai devsecops AI-Generated APIs Have an IDOR Problem: 3 Patterns Cursor Misses Charles Kern Tue, 28 Apr 2026 06:25:40 +0000 https://dev.to/chandan_karn_fb750e731394/ai-generated-apis-have-an-idor-problem-3-patterns-cursor-misses-4ji6 https://dev.to/chandan_karn_fb750e731394/ai-generated-apis-have-an-idor-problem-3-patterns-cursor-misses-4ji6 <h2> TL;DR </h2> <ul> <li>AI editors add authentication middleware but skip per-resource ownership checks by default</li> <li>Any logged-in user can access another user's data by guessing or incrementing an ID</li> <li>Fix: scope ownership into the DB query -- one line before you ship, not after</li> </ul> <p>I was reviewing a side project built almost entirely with Cursor. Clean code. Tests passing. Already deployed.</p> <p>Then I spotted this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/documents/:id</span><span class="dl">'</span><span class="p">,</span> <span class="nx">authenticateToken</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">doc</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">Document</span><span class="p">.</span><span class="nf">findById</span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">id</span><span class="p">);</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">doc</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p>The <code>authenticateToken</code> middleware ran. So the route looked protected. But there was no check that <code>req.user.id === doc.userId</code>. Any authenticated user could read any document by guessing the ID. That's IDOR. CWE-862. And it's in almost every AI-generated API I've reviewed.</p> <h2> Why AI editors get this wrong </h2> <p>AI tools are trained on tutorials and StackOverflow answers. Tutorials teach authentication -- "add this middleware and your route is secure." They almost never teach authorization -- "now verify the authenticated user is allowed to access this specific record."</p> <p>The model learns: <code>authenticateToken</code> = protected. It doesn't learn the follow-up. I've seen this in Cursor output, Claude Code output, and Copilot suggestions. All three get authentication right. All three miss authorization.</p> <h2> The three patterns to watch for </h2> <p><strong>Pattern 1 -- No ownership check at all (CWE-862)</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// ❌ CWE-862: Missing Authorization</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/orders/:id</span><span class="dl">'</span><span class="p">,</span> <span class="nx">authenticateToken</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">order</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">Order</span><span class="p">.</span><span class="nf">findById</span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">id</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">order</span><span class="p">)</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">404</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Not found</span><span class="dl">'</span> <span class="p">});</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">order</span><span class="p">);</span> <span class="p">});</span> <span class="c1">// ✅ With ownership check</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/orders/:id</span><span class="dl">'</span><span class="p">,</span> <span class="nx">authenticateToken</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">order</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">Order</span><span class="p">.</span><span class="nf">findById</span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">id</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">order</span><span class="p">)</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">404</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Not found</span><span class="dl">'</span> <span class="p">});</span> <span class="k">if </span><span class="p">(</span><span class="nx">order</span><span class="p">.</span><span class="nx">userId</span><span class="p">.</span><span class="nf">toString</span><span class="p">()</span> <span class="o">!==</span> <span class="nx">req</span><span class="p">.</span><span class="nx">user</span><span class="p">.</span><span class="nx">id</span><span class="p">)</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">403</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Forbidden</span><span class="dl">'</span> <span class="p">});</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">order</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p><strong>Pattern 2 -- Delete endpoints are worse</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// ❌ Any authenticated user can delete any record</span> <span class="nx">app</span><span class="p">.</span><span class="k">delete</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/posts/:id</span><span class="dl">'</span><span class="p">,</span> <span class="nx">authenticateToken</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">await</span> <span class="nx">Post</span><span class="p">.</span><span class="nf">findByIdAndDelete</span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">id</span><span class="p">);</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">({</span> <span class="na">success</span><span class="p">:</span> <span class="kc">true</span> <span class="p">});</span> <span class="p">});</span> </code></pre> </div> <p>No check who owns the post. The AI generated working code. It's just wrong.</p> <p><strong>Pattern 3 -- Related resource fetches without scope</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// ❌ Returns comments for any post, regardless of ownership</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/posts/:id/comments</span><span class="dl">'</span><span class="p">,</span> <span class="nx">authenticateToken</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">comments</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">Comment</span><span class="p">.</span><span class="nf">find</span><span class="p">({</span> <span class="na">postId</span><span class="p">:</span> <span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">id</span> <span class="p">});</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">comments</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p>This one is subtle. The endpoint itself might be intentionally public. But in a private notes app? It's data exposure by default.</p> <h2> The better fix -- bake ownership into the query </h2> <p>Don't fetch first, check second. Instead, filter at the DB level:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Ownership enforced at query time -- not application logic</span> <span class="kd">const</span> <span class="nx">doc</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">Document</span><span class="p">.</span><span class="nf">findOne</span><span class="p">({</span> <span class="na">_id</span><span class="p">:</span> <span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span> <span class="na">userId</span><span class="p">:</span> <span class="nx">req</span><span class="p">.</span><span class="nx">user</span><span class="p">.</span><span class="nx">id</span> <span class="p">});</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">doc</span><span class="p">)</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">404</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Not found</span><span class="dl">'</span> <span class="p">});</span> </code></pre> </div> <p>Two advantages. First, you get 404 instead of 403 -- you don't leak whether the resource exists at all. Second, even if your application-level check has a bug, the DB query won't return the wrong user's data.</p> <h2> What to tell your AI editor </h2> <p>If you're using Cursor or Claude Code, add this to your system prompt or rules file:</p> <blockquote> <p>After every resource fetch, check that req.user.id matches the resource's owner field. Use findOne with ownership in the query filter, not findById followed by a check. Return 404, not 403.</p> </blockquote> <p>It works. The model follows explicit rules better than it infers them from context.</p> <p>I've been running <a href="https://safeweave.dev" rel="noopener noreferrer">SafeWeave</a> for this. It hooks into Cursor and Claude Code as an MCP server and flags CWE-862 patterns before I move on. That said, a pre-commit semgrep rule scanning for <code>findById</code> calls not followed by an ownership comparison catches most of what's in this post. Catch it early, whatever your tool.</p> security webdev ai devsecops Why Cursor Keeps Writing MD5 Password Hashes (CWE-328) Charles Kern Mon, 27 Apr 2026 14:28:36 +0000 https://dev.to/chandan_karn_fb750e731394/why-cursor-keeps-writing-md5-password-hashes-cwe-328-ncf https://dev.to/chandan_karn_fb750e731394/why-cursor-keeps-writing-md5-password-hashes-cwe-328-ncf <h2> TL;DR </h2> <ul> <li>AI editors default to MD5/SHA1 because training data is dominated by pre-2012 tutorials</li> <li>MD5 cracks in hours on a consumer GPU -- this is not theoretical</li> <li>Fix: bcrypt at rounds=12, or Argon2id for new projects</li> </ul> <p>A few weeks ago a developer asked me to review his side project before pushing to production. Node.js backend, Cursor-built, clean architecture. The password storage looked like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">hash</span> <span class="o">=</span> <span class="nx">crypto</span><span class="p">.</span><span class="nf">createHash</span><span class="p">(</span><span class="dl">'</span><span class="s1">md5</span><span class="dl">'</span><span class="p">).</span><span class="nf">update</span><span class="p">(</span><span class="nx">password</span><span class="p">).</span><span class="nf">digest</span><span class="p">(</span><span class="dl">'</span><span class="s1">hex</span><span class="dl">'</span><span class="p">);</span> <span class="k">await</span> <span class="nx">db</span><span class="p">.</span><span class="nf">query</span><span class="p">(</span><span class="dl">'</span><span class="s1">INSERT INTO users (email, password) VALUES ($1, $2)</span><span class="dl">'</span><span class="p">,</span> <span class="p">[</span><span class="nx">email</span><span class="p">,</span> <span class="nx">hash</span><span class="p">]);</span> </code></pre> </div> <p>MD5. In 2026. Not because the developer was careless -- because Cursor generated it and it worked.</p> <p>I've now seen this in three separate projects over the past few weeks. Different developers, different apps, same pattern. The AI editors are consistent about it.</p> <h2> The Vulnerable Pattern (CWE-328) </h2> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// All three are wrong for password storage</span> <span class="nx">crypto</span><span class="p">.</span><span class="nf">createHash</span><span class="p">(</span><span class="dl">'</span><span class="s1">md5</span><span class="dl">'</span><span class="p">).</span><span class="nf">update</span><span class="p">(</span><span class="nx">password</span><span class="p">).</span><span class="nf">digest</span><span class="p">(</span><span class="dl">'</span><span class="s1">hex</span><span class="dl">'</span><span class="p">);</span> <span class="c1">// CWE-328 ❌</span> <span class="nx">crypto</span><span class="p">.</span><span class="nf">createHash</span><span class="p">(</span><span class="dl">'</span><span class="s1">sha1</span><span class="dl">'</span><span class="p">).</span><span class="nf">update</span><span class="p">(</span><span class="nx">password</span><span class="p">).</span><span class="nf">digest</span><span class="p">(</span><span class="dl">'</span><span class="s1">hex</span><span class="dl">'</span><span class="p">);</span> <span class="c1">// CWE-328 ❌</span> <span class="nx">crypto</span><span class="p">.</span><span class="nf">createHash</span><span class="p">(</span><span class="dl">'</span><span class="s1">sha256</span><span class="dl">'</span><span class="p">).</span><span class="nf">update</span><span class="p">(</span><span class="nx">password</span><span class="p">).</span><span class="nf">digest</span><span class="p">(</span><span class="dl">'</span><span class="s1">hex</span><span class="dl">'</span><span class="p">);</span> <span class="c1">// Still wrong for passwords ❌</span> </code></pre> </div> <p>MD5 and SHA-1 are broken for collision resistance. But even SHA-256 is the wrong tool. The problem is speed. SHA-256 can hash billions of inputs per second on a GPU. That's exactly what makes it wrong for passwords.</p> <p>A leaked database of MD5-hashed passwords is cracked in hours with a wordlist and a consumer GPU. SHA-256 is even faster, so it goes even faster.</p> <h2> Why AI Keeps Generating This </h2> <p>Training data volume. There are millions of StackOverflow answers, blog posts, and GitHub gists from 2008-2019 showing MD5 and SHA-1 for password hashing. bcrypt has been the right answer since around 2012, but old content drowns it out by sheer volume.</p> <p>When you ask Cursor to "implement user registration," it pattern-matches against its training distribution. The most common association for "hash a password in Node.js" includes the crypto module with MD5 -- because that association appears millions of times in training data.</p> <p>The model isn't broken. It's doing what it learned. The problem is what it learned from.</p> <h2> The Fix </h2> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">bcrypt</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">bcrypt</span><span class="dl">'</span><span class="p">);</span> <span class="c1">// 12 rounds is the current recommended minimum</span> <span class="kd">const</span> <span class="nx">hash</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">bcrypt</span><span class="p">.</span><span class="nf">hash</span><span class="p">(</span><span class="nx">password</span><span class="p">,</span> <span class="mi">12</span><span class="p">);</span> <span class="c1">// ✅</span> <span class="c1">// Verification -- never compare raw strings</span> <span class="kd">const</span> <span class="nx">isValid</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">bcrypt</span><span class="p">.</span><span class="nf">compare</span><span class="p">(</span><span class="nx">inputPassword</span><span class="p">,</span> <span class="nx">storedHash</span><span class="p">);</span> <span class="c1">// ✅</span> </code></pre> </div> <p>For new projects, Argon2id is now OWASP's top recommendation:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">argon2</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">argon2</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">hash</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">argon2</span><span class="p">.</span><span class="nf">hash</span><span class="p">(</span><span class="nx">password</span><span class="p">);</span> <span class="c1">// Argon2id by default ✅</span> <span class="kd">const</span> <span class="nx">isValid</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">argon2</span><span class="p">.</span><span class="nf">verify</span><span class="p">(</span><span class="nx">hash</span><span class="p">,</span> <span class="nx">inputPassword</span><span class="p">);</span> <span class="c1">// ✅</span> </code></pre> </div> <p>Python:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">bcrypt</span> <span class="nb">hash</span> <span class="o">=</span> <span class="n">bcrypt</span><span class="p">.</span><span class="nf">hashpw</span><span class="p">(</span><span class="n">password</span><span class="p">.</span><span class="nf">encode</span><span class="p">(),</span> <span class="n">bcrypt</span><span class="p">.</span><span class="nf">gensalt</span><span class="p">(</span><span class="n">rounds</span><span class="o">=</span><span class="mi">12</span><span class="p">))</span> <span class="c1"># ✅ </span><span class="n">is_valid</span> <span class="o">=</span> <span class="n">bcrypt</span><span class="p">.</span><span class="nf">checkpw</span><span class="p">(</span><span class="n">input_password</span><span class="p">.</span><span class="nf">encode</span><span class="p">(),</span> <span class="nb">hash</span><span class="p">)</span> <span class="c1"># ✅ </span></code></pre> </div> <p>The cost factor matters. bcrypt at rounds=12 adds ~200-300ms per login check. Fine for users. For an attacker hashing billions of guesses, that latency scales linearly into years.</p> <h2> One Command to Check Your Codebase Now </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">grep</span> <span class="nt">-r</span> <span class="s2">"createHash"</span> <span class="nb">.</span> <span class="nt">--include</span><span class="o">=</span><span class="s2">"*.js"</span> <span class="nt">--include</span><span class="o">=</span><span class="s2">"*.ts"</span> <span class="nt">--include</span><span class="o">=</span><span class="s2">"*.py"</span> | <span class="nb">grep</span> <span class="nt">-iE</span> <span class="s2">"md5|sha1"</span> </code></pre> </div> <p>If that returns results near any auth code, fix it before anything else ships.</p> <p>I've been running <a href="https://safeweave.dev" rel="noopener noreferrer">SafeWeave</a> for this. It hooks into Cursor and Claude Code as an MCP server and flags these patterns before I move on. That said, even a basic pre-commit hook with semgrep and gitleaks will catch most of what's in this post. The important thing is catching it early, whatever tool you use.</p> security webdev ai devsecops 3 SQL Injection Patterns Cursor Keeps Writing Into Your API Charles Kern Sun, 26 Apr 2026 12:57:45 +0000 https://dev.to/chandan_karn_fb750e731394/3-sql-injection-patterns-cursor-keeps-writing-into-your-api-5bnn https://dev.to/chandan_karn_fb750e731394/3-sql-injection-patterns-cursor-keeps-writing-into-your-api-5bnn <h2> TL;DR </h2> <ul> <li>AI editors generate SQL queries with template literals -- directly injectable, CWE-89</li> <li>This pattern shows up in ~40% of vibe-coded backends with any database layer</li> <li>Fix: parameterized queries everywhere, no exceptions</li> </ul> <p>I was reviewing a friend's side project last week. Node.js API, React frontend, Postgres. Clean architecture, good folder structure. Then I looked at the query layer.</p> <p>Every single database call was built with template literals. Not one parameterized query in the whole codebase. I ran sqlmap against the search endpoint in about 30 seconds and had a full database dump.</p> <p>This wasn't my friend's oversight. Cursor wrote those queries. And it keeps writing them that way.</p> <h2> Pattern 1: The Classic Template Literal </h2> <p>You ask Cursor for a search endpoint. It gives you this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// CWE-89 -- SQL injection via template literal</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/users</span><span class="dl">'</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">query</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">users</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">db</span><span class="p">.</span><span class="nf">query</span><span class="p">(</span><span class="s2">`SELECT * FROM users WHERE name = '</span><span class="p">${</span><span class="nx">name</span><span class="p">}</span><span class="s2">'`</span><span class="p">);</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">users</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p><code>name</code> goes straight into the query string. A request with <code>name='; DROP TABLE users; --</code> does exactly what you think it does. No parsing, no escaping, just execution.</p> <p>The fix is one line:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">users</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">db</span><span class="p">.</span><span class="nf">query</span><span class="p">(</span><span class="dl">'</span><span class="s1">SELECT * FROM users WHERE name = $1</span><span class="dl">'</span><span class="p">,</span> <span class="p">[</span><span class="nx">name</span><span class="p">]);</span> </code></pre> </div> <p>The database driver handles escaping. The query structure is fixed at parse time. User input cannot change what the query does.</p> <h2> Pattern 2: String Concatenation </h2> <p>Older pattern, but Cursor still generates it when you ask for something simple like "fetch order by ID":<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// CWE-89 via string concatenation</span> <span class="kd">const</span> <span class="nx">order</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">db</span><span class="p">.</span><span class="nf">query</span><span class="p">(</span> <span class="dl">"</span><span class="s2">SELECT * FROM orders WHERE id = </span><span class="dl">"</span> <span class="o">+</span> <span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">id</span> <span class="p">);</span> </code></pre> </div> <p><code>req.params.id</code> is a string. It's never validated. If it contains SQL, it runs.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Parameterized</span> <span class="kd">const</span> <span class="nx">order</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">db</span><span class="p">.</span><span class="nf">query</span><span class="p">(</span> <span class="dl">'</span><span class="s1">SELECT * FROM orders WHERE id = $1</span><span class="dl">'</span><span class="p">,</span> <span class="p">[</span><span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">id</span><span class="p">]</span> <span class="p">);</span> </code></pre> </div> <p>Even for numeric-looking IDs, always parameterize. Add type validation on top if you want -- but parameterize first.</p> <h2> Pattern 3: ORM Escape Hatch </h2> <p>This one's the sneakiest. Developers assume using Sequelize or Prisma makes them safe. It doesn't, when the AI reaches for the raw query escape hatch:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Looks like ORM, but it's not safe</span> <span class="kd">const</span> <span class="nx">results</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">User</span><span class="p">.</span><span class="nf">findAll</span><span class="p">({</span> <span class="na">where</span><span class="p">:</span> <span class="nx">db</span><span class="p">.</span><span class="nf">literal</span><span class="p">(</span><span class="s2">`name = '</span><span class="p">${</span><span class="nx">req</span><span class="p">.</span><span class="nx">query</span><span class="p">.</span><span class="nx">search</span><span class="p">}</span><span class="s2">'`</span><span class="p">)</span> <span class="p">});</span> </code></pre> </div> <p><code>db.literal()</code> tells Sequelize to pass that string directly to the database unescaped. You're back to raw string interpolation, wrapped in an ORM call that makes it look safe.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Actual safe ORM usage</span> <span class="kd">const</span> <span class="nx">results</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">User</span><span class="p">.</span><span class="nf">findAll</span><span class="p">({</span> <span class="na">where</span><span class="p">:</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="nx">req</span><span class="p">.</span><span class="nx">query</span><span class="p">.</span><span class="nx">search</span> <span class="p">}</span> <span class="p">});</span> </code></pre> </div> <p>If you need complex conditions, Sequelize has <code>Op.like</code>, <code>Op.and</code>, <code>Op.or</code>. Use those. Never <code>db.literal()</code> with user-controlled input.</p> <h2> Why This Keeps Happening </h2> <p>Template literals and string concatenation dominate documentation, tutorials, and StackOverflow answers -- especially the older ones that LLMs were trained on. The unsafe pattern is readable. It makes the SQL structure obvious. It's what most examples show.</p> <p>LLMs pattern-match to what appeared most in training data. Parameterized queries show up less frequently there, because tutorial authors optimize for clarity, not security. The "security hardening" section at the bottom of a tutorial is what fewer people read, click on, and link to -- so it's underrepresented in training data.</p> <p>The model isn't choosing to generate insecure code. It's completing a token sequence that matches what it learned.</p> <h2> Catching It Before It Ships </h2> <p>Two grep commands that catch most of what Cursor generates:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Template literal SQL</span> <span class="nb">grep</span> <span class="nt">-rn</span> <span class="s1">'query.*\`.*\${'</span> ./src <span class="c"># String concatenation in queries</span> <span class="nb">grep</span> <span class="nt">-rn</span> <span class="s1">'query.*+.*req\.'</span> ./src </code></pre> </div> <p>Run these in pre-commit. They won't catch everything, but they catch the most common AI-generated patterns.</p> <p>I've been running <a href="https://safeweave.dev" rel="noopener noreferrer">SafeWeave</a> for this. It hooks into Cursor and Claude Code as an MCP server and flags these patterns before I move on. That said, even a basic pre-commit hook with semgrep and gitleaks will catch most of what's in this post. The important thing is catching it early, whatever tool you use.</p> security webdev ai devsecops Prototype Pollution: What Cursor's Object Merge Code Misses Charles Kern Sat, 25 Apr 2026 20:24:02 +0000 https://dev.to/chandan_karn_fb750e731394/prototype-pollution-what-cursors-object-merge-code-misses-329k https://dev.to/chandan_karn_fb750e731394/prototype-pollution-what-cursors-object-merge-code-misses-329k <h2> TL;DR </h2> <ul> <li>Cursor and Claude Code default to <code>for...in</code> object merge -- a CWE-1321 prototype pollution vector</li> <li>Root cause: AI training data skews toward pre-2019 StackOverflow answers that predate <code>Object.hasOwn()</code> </li> <li>One-line fix closes it entirely -- AI just never adds it unless you ask</li> </ul> <p>Last week I was reviewing a side project a friend asked me to look over. Node backend, built almost entirely in Cursor. Clean structure, good variable names, even some inline comments. Genuinely readable. Then I hit the utility functions.</p> <p>One was a deep merge helper. The kind every backend has -- takes two objects, recursively merges keys. AI writes these instantly. The problem is what it doesn't write.</p> <p>Here's what Cursor generated, verbatim:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// CWE-1321 -- prototype pollution via for...in merge</span> <span class="kd">function</span> <span class="nf">deepMerge</span><span class="p">(</span><span class="nx">target</span><span class="p">,</span> <span class="nx">source</span><span class="p">)</span> <span class="p">{</span> <span class="k">for </span><span class="p">(</span><span class="kd">const</span> <span class="nx">key</span> <span class="k">in</span> <span class="nx">source</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">source</span><span class="p">[</span><span class="nx">key</span><span class="p">]</span> <span class="o">&amp;&amp;</span> <span class="k">typeof</span> <span class="nx">source</span><span class="p">[</span><span class="nx">key</span><span class="p">]</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">object</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="nx">target</span><span class="p">[</span><span class="nx">key</span><span class="p">]</span> <span class="o">=</span> <span class="nf">deepMerge</span><span class="p">(</span><span class="nx">target</span><span class="p">[</span><span class="nx">key</span><span class="p">]</span> <span class="o">||</span> <span class="p">{},</span> <span class="nx">source</span><span class="p">[</span><span class="nx">key</span><span class="p">]);</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="nx">target</span><span class="p">[</span><span class="nx">key</span><span class="p">]</span> <span class="o">=</span> <span class="nx">source</span><span class="p">[</span><span class="nx">key</span><span class="p">];</span> <span class="p">}</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">target</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p><code>for...in</code> iterates inherited properties. If an attacker controls the <code>source</code> object -- via a JSON body, a query param, a config file -- they can inject <code>__proto__</code> as a key and pollute <code>Object.prototype</code> for the entire Node process.</p> <p>Concretely:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nf">deepMerge</span><span class="p">({},</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">parse</span><span class="p">(</span><span class="dl">'</span><span class="s1">{"__proto__": {"isAdmin": true}}</span><span class="dl">'</span><span class="p">));</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">({}.</span><span class="nx">isAdmin</span><span class="p">);</span> <span class="c1">// true -- every object in the process is now an admin</span> </code></pre> </div> <p>Admin endpoints become public. Audit logs get skipped. Auth middleware that checks <code>req.user.isAdmin</code> becomes worthless.</p> <h2> Why AI Keeps Writing This </h2> <p>The <code>for...in</code> merge is the canonical StackOverflow answer from roughly 2013 to 2019. Thousands of upvoted posts, hundreds of blog tutorials, dozens of npm packages that shipped this pattern and never updated. LLMs trained on that corpus reproduce it faithfully.</p> <p><code>Object.hasOwn()</code> and explicit <code>__proto__</code> guards are more recent conventions. They exist in the training data, but mostly in security-focused articles -- not in the general "how to deep merge objects in JS" posts that dominate the corpus. The model defaults to the most statistically common answer. That answer is the insecure one.</p> <p>This isn't specific to Cursor. Claude Code does it. Copilot does it. Any model trained on pre-2020 JavaScript tutorials will reproduce this pattern. The only thing that changes it is context -- if your prompt or surrounding code signals a security focus, the model sometimes adds the guard. Most prompts don't.</p> <h2> The Fix </h2> <p>Two options. Pick one.</p> <p><strong>Option 1 -- Guard with <code>Object.hasOwn()</code> (minimal change):</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">function</span> <span class="nf">deepMerge</span><span class="p">(</span><span class="nx">target</span><span class="p">,</span> <span class="nx">source</span><span class="p">)</span> <span class="p">{</span> <span class="k">for </span><span class="p">(</span><span class="kd">const</span> <span class="nx">key</span> <span class="k">in</span> <span class="nx">source</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nb">Object</span><span class="p">.</span><span class="nf">hasOwn</span><span class="p">(</span><span class="nx">source</span><span class="p">,</span> <span class="nx">key</span><span class="p">))</span> <span class="k">continue</span><span class="p">;</span> <span class="c1">// blocks __proto__ + inherited keys</span> <span class="k">if </span><span class="p">(</span><span class="nx">source</span><span class="p">[</span><span class="nx">key</span><span class="p">]</span> <span class="o">&amp;&amp;</span> <span class="k">typeof</span> <span class="nx">source</span><span class="p">[</span><span class="nx">key</span><span class="p">]</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">object</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="nx">target</span><span class="p">[</span><span class="nx">key</span><span class="p">]</span> <span class="o">=</span> <span class="nf">deepMerge</span><span class="p">(</span><span class="nx">target</span><span class="p">[</span><span class="nx">key</span><span class="p">]</span> <span class="o">||</span> <span class="p">{},</span> <span class="nx">source</span><span class="p">[</span><span class="nx">key</span><span class="p">]);</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="nx">target</span><span class="p">[</span><span class="nx">key</span><span class="p">]</span> <span class="o">=</span> <span class="nx">source</span><span class="p">[</span><span class="nx">key</span><span class="p">];</span> <span class="p">}</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">target</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p><strong>Option 2 -- Switch to <code>Object.keys()</code> (only own enumerable props, no inherited iteration):</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">function</span> <span class="nf">deepMerge</span><span class="p">(</span><span class="nx">target</span><span class="p">,</span> <span class="nx">source</span><span class="p">)</span> <span class="p">{</span> <span class="nb">Object</span><span class="p">.</span><span class="nf">keys</span><span class="p">(</span><span class="nx">source</span><span class="p">).</span><span class="nf">forEach</span><span class="p">(</span><span class="nx">key</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">source</span><span class="p">[</span><span class="nx">key</span><span class="p">]</span> <span class="o">&amp;&amp;</span> <span class="k">typeof</span> <span class="nx">source</span><span class="p">[</span><span class="nx">key</span><span class="p">]</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">object</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="nx">target</span><span class="p">[</span><span class="nx">key</span><span class="p">]</span> <span class="o">=</span> <span class="nf">deepMerge</span><span class="p">(</span><span class="nx">target</span><span class="p">[</span><span class="nx">key</span><span class="p">]</span> <span class="o">||</span> <span class="p">{},</span> <span class="nx">source</span><span class="p">[</span><span class="nx">key</span><span class="p">]);</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="nx">target</span><span class="p">[</span><span class="nx">key</span><span class="p">]</span> <span class="o">=</span> <span class="nx">source</span><span class="p">[</span><span class="nx">key</span><span class="p">];</span> <span class="p">}</span> <span class="p">});</span> <span class="k">return</span> <span class="nx">target</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>Option 1 is the minimal change if you're not refactoring. Option 2 is cleaner and removes the inherited iteration entirely.</p> <p>If you're parsing untrusted JSON before merging, add a shape check:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">function</span> <span class="nf">isSafeObject</span><span class="p">(</span><span class="nx">obj</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="o">!</span><span class="p">(</span><span class="dl">'</span><span class="s1">__proto__</span><span class="dl">'</span> <span class="k">in</span> <span class="nx">obj</span><span class="p">)</span> <span class="o">&amp;&amp;</span> <span class="o">!</span><span class="p">(</span><span class="dl">'</span><span class="s1">constructor</span><span class="dl">'</span> <span class="k">in</span> <span class="nx">obj</span><span class="p">)</span> <span class="o">&amp;&amp;</span> <span class="o">!</span><span class="p">(</span><span class="dl">'</span><span class="s1">prototype</span><span class="dl">'</span> <span class="k">in</span> <span class="nx">obj</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>Reject payloads that fail this check before they reach your merge function.</p> <h2> One More Thing </h2> <p>This pattern doesn't just live in utility files. It shows up in config loaders, settings mergers, patch endpoints, and anywhere an AI generates "merge user input with defaults." Search your repo for <code>for (const key in</code> and audit every hit. The vulnerability surface is usually wider than one file.</p> <p>I've been running <a href="https://safeweave.dev" rel="noopener noreferrer">SafeWeave</a> for this. It hooks into Cursor and Claude Code as an MCP server and flags these patterns before I move on. That said, even a basic pre-commit hook with semgrep and gitleaks will catch most of what's in this post. The important thing is catching it early, whatever tool you use.</p> security webdev ai devsecops Cursor Keeps Writing IDOR Into Your APIs. Here's the Fix. Charles Kern Fri, 24 Apr 2026 05:34:44 +0000 https://dev.to/chandan_karn_fb750e731394/cursor-keeps-writing-idor-into-your-apis-heres-the-fix-245m https://dev.to/chandan_karn_fb750e731394/cursor-keeps-writing-idor-into-your-apis-heres-the-fix-245m <h2> TL;DR </h2> <ul> <li>AI editors generate authenticated endpoints with no ownership verification</li> <li>Any valid JWT holder can read any other user's data by guessing an ID</li> <li>Fix: scope the query to the requesting user, or check ownership immediately after fetch</li> </ul> <p>I've been reviewing side-project codebases for the past few weeks. The stack varies -- Express, FastAPI, Rails, doesn't matter. The bug is always the same.</p> <p>Someone asked Cursor or Claude Code to add an API endpoint to fetch user data. The AI wrote working code. Correct query, correct response shape, even a 404 handler. What it skipped was the line that checks whether the person asking actually owns the record they're asking for.</p> <p>This is IDOR -- Insecure Direct Object Reference. CWE-862. OWASP Top 10. The reason it keeps showing up in AI-generated code isn't random.</p> <h2> The Vulnerable Endpoint </h2> <p>Here's the pattern:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// CWE-862 -- Missing Authorization</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/documents/:id</span><span class="dl">'</span><span class="p">,</span> <span class="nx">authenticateToken</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">doc</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">Document</span><span class="p">.</span><span class="nf">findById</span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">id</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">doc</span><span class="p">)</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">404</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Not found</span><span class="dl">'</span> <span class="p">});</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">doc</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p>The middleware runs. The user is authenticated. But the document goes back to whoever asked, regardless of whether they own it. Authenticated but unauthorized. That's the gap.</p> <p>Exploiting it is trivial. Open the network tab, grab any document ID from your own responses, increment it by 1, send the same request. If the server responds with another user's document, you've found the bug.</p> <h2> Why AI Gets This Wrong </h2> <p>The training data problem is straightforward. Tutorials that demonstrate "how to build a REST API" don't include authorization logic. They prove the concept. The code gets the data and returns it. That's enough to teach the pattern.</p> <p>When you ask the AI to "add an endpoint that returns a document by ID", it does exactly that. It doesn't anticipate that an authenticated attacker will probe IDs they don't own. The happy path works. The adversarial path is invisible to it.</p> <h2> The Fix </h2> <p>Two lines added immediately after the fetch:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Fixed -- ownership check before response</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/documents/:id</span><span class="dl">'</span><span class="p">,</span> <span class="nx">authenticateToken</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">doc</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">Document</span><span class="p">.</span><span class="nf">findById</span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">id</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">doc</span><span class="p">)</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">404</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Not found</span><span class="dl">'</span> <span class="p">});</span> <span class="k">if </span><span class="p">(</span><span class="nx">doc</span><span class="p">.</span><span class="nx">userId</span><span class="p">.</span><span class="nf">toString</span><span class="p">()</span> <span class="o">!==</span> <span class="nx">req</span><span class="p">.</span><span class="nx">user</span><span class="p">.</span><span class="nx">id</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">403</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Forbidden</span><span class="dl">'</span> <span class="p">});</span> <span class="p">}</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">doc</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p>Or scope the query from the start so the check is structural:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">doc</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">Document</span><span class="p">.</span><span class="nf">findOne</span><span class="p">({</span> <span class="na">_id</span><span class="p">:</span> <span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span> <span class="na">userId</span><span class="p">:</span> <span class="nx">req</span><span class="p">.</span><span class="nx">user</span><span class="p">.</span><span class="nx">id</span> <span class="p">});</span> </code></pre> </div> <p>Same fix across frameworks. Django: <code>Document.objects.get(pk=id, user=request.user)</code>. FastAPI: inject <code>current_user</code> and filter by owner. Rails: <code>current_user.documents.find(params[:id])</code>.</p> <p>The rule is simple: never return a user-scoped resource fetched by ID alone.</p> <h2> Where to Catch It </h2> <p>Audit every route that accepts an <code>:id</code> or <code>?id=</code> parameter and returns a database record. Count the ownership checks. Any route missing one is an IDOR candidate.</p> <p>A semgrep one-liner:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>semgrep <span class="nt">--config</span><span class="o">=</span>r/owasp.idor <span class="nb">.</span> <span class="nt">--include</span><span class="o">=</span><span class="s2">"*.js"</span> <span class="nt">--include</span><span class="o">=</span><span class="s2">"*.py"</span> </code></pre> </div> <p>I've been running <a href="https://safeweave.dev" rel="noopener noreferrer">SafeWeave</a> for this. It hooks into Cursor and Claude Code as an MCP server and flags these patterns before I move on. That said, even a basic pre-commit hook with semgrep and gitleaks will catch most of what's in this post. The important thing is catching it early, whatever tool you use.</p> security webdev ai devsecops IDOR in Cursor-Generated Code: The Auth Bug Nobody Checks For Charles Kern Thu, 23 Apr 2026 13:42:10 +0000 https://dev.to/chandan_karn_fb750e731394/idor-in-cursor-generated-code-the-auth-bug-nobody-checks-for-1hja https://dev.to/chandan_karn_fb750e731394/idor-in-cursor-generated-code-the-auth-bug-nobody-checks-for-1hja <h2> TL;DR </h2> <ul> <li>AI-generated CRUD endpoints routinely skip ownership checks (CWE-639)</li> <li>Any authenticated user can read, modify, or delete another user's data</li> <li>Fix: one ownership check before every data access, no exceptions</li> </ul> <p>I've been reviewing AI-assisted codebases for a while now, and one pattern keeps showing up more than any other. Not SQL injection, not hardcoded secrets -- those get caught. The one that slips through is IDOR: Insecure Direct Object Reference.</p> <p>Here's what it looks like. You ask Cursor to build a task detail endpoint. It generates this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// ❌ CWE-639: No ownership check</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/tasks/:id</span><span class="dl">'</span><span class="p">,</span> <span class="nx">authenticate</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">task</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">Task</span><span class="p">.</span><span class="nf">findById</span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">id</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">task</span><span class="p">)</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">404</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Not found</span><span class="dl">'</span> <span class="p">});</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">task</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p>The <code>authenticate</code> middleware runs. JWT is validated. The user is "authenticated." But the handler fetches whatever ID was in the URL and returns it -- no check that <code>task.userId === req.user.id</code>.</p> <p>An attacker with a valid account can iterate IDs: <code>/api/tasks/1</code>, <code>/api/tasks/2</code>, <code>/api/tasks/3</code>. They pull every record in the database. The same flaw shows up on write routes:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// ❌ CWE-639: Anyone can overwrite anyone's data</span> <span class="nx">app</span><span class="p">.</span><span class="nf">put</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/tasks/:id</span><span class="dl">'</span><span class="p">,</span> <span class="nx">authenticate</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">task</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">Task</span><span class="p">.</span><span class="nf">findByIdAndUpdate</span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span> <span class="nx">req</span><span class="p">.</span><span class="nx">body</span><span class="p">,</span> <span class="p">{</span> <span class="na">new</span><span class="p">:</span> <span class="kc">true</span> <span class="p">});</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">task</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p>Any authenticated user can update any task. Delete any record. IDOR has been in the OWASP Top 10 for a reason.</p> <h2> Why AI Keeps Getting This Wrong </h2> <p>Most authentication examples online show JWT validation and middleware setup. The ownership check is domain-specific -- it depends on the data model -- so it rarely appears in generic tutorials or StackOverflow answers.</p> <p>AI models learn those patterns. They know to add <code>authenticate</code> middleware. They don't consistently learn that authentication (who you are) and authorization (what you can access) are separate concerns requiring separate checks.</p> <p>Authentication: are you logged in?<br> Authorization: is this yours?</p> <p>Cursor handles the first. It skips the second.</p> <h2> The Fix </h2> <p>One ownership check per data operation:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// ✅ Verify ownership after fetching</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/tasks/:id</span><span class="dl">'</span><span class="p">,</span> <span class="nx">authenticate</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">task</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">Task</span><span class="p">.</span><span class="nf">findById</span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">id</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">task</span><span class="p">)</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">404</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Not found</span><span class="dl">'</span> <span class="p">});</span> <span class="k">if </span><span class="p">(</span><span class="nx">task</span><span class="p">.</span><span class="nx">userId</span><span class="p">.</span><span class="nf">toString</span><span class="p">()</span> <span class="o">!==</span> <span class="nx">req</span><span class="p">.</span><span class="nx">user</span><span class="p">.</span><span class="nx">id</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">403</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Forbidden</span><span class="dl">'</span> <span class="p">});</span> <span class="p">}</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">task</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p>Return 403, not 404, on access denial. 404 makes the resource appear nonexistent -- useful in some threat models, confusing in most production apps.</p> <p>For write operations, enforce ownership directly in the database query -- atomic, no race condition:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// ✅ Ownership enforced at query level</span> <span class="kd">const</span> <span class="nx">task</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">Task</span><span class="p">.</span><span class="nf">findOneAndUpdate</span><span class="p">(</span> <span class="p">{</span> <span class="na">_id</span><span class="p">:</span> <span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span> <span class="na">userId</span><span class="p">:</span> <span class="nx">req</span><span class="p">.</span><span class="nx">user</span><span class="p">.</span><span class="nx">id</span> <span class="p">},</span> <span class="nx">req</span><span class="p">.</span><span class="nx">body</span><span class="p">,</span> <span class="p">{</span> <span class="na">new</span><span class="p">:</span> <span class="kc">true</span> <span class="p">}</span> <span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">task</span><span class="p">)</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">404</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Not found or forbidden</span><span class="dl">'</span> <span class="p">});</span> </code></pre> </div> <p>The pattern applies beyond tasks. Files, comments, profiles, settings -- any resource tied to a user needs an ownership check on every read, write, and delete. One check. Every time. No exceptions.</p> <p>I've been running <a href="https://safeweave.dev" rel="noopener noreferrer">SafeWeave</a> for this. It hooks into Cursor and Claude Code as an MCP server and flags missing ownership checks before I move on. That said, even a basic pre-commit hook with semgrep rules for CWE-639 will catch most of what's in this post. The important thing is catching it early, whatever tool you use.</p> security webdev ai devsecops IDOR in AI-Generated Code: What Cursor Won't Check for You Charles Kern Wed, 22 Apr 2026 17:59:30 +0000 https://dev.to/chandan_karn_fb750e731394/idor-in-ai-generated-code-what-cursor-wont-check-for-you-4g9h https://dev.to/chandan_karn_fb750e731394/idor-in-ai-generated-code-what-cursor-wont-check-for-you-4g9h <h2> TL;DR </h2> <ul> <li>Cursor generates authenticated API routes with no ownership verification by default</li> <li>This creates IDOR (CWE-639) -- any logged-in user can read or delete any other user's data</li> <li>Fix is 3 lines: check <code>resource.userId === req.user.id</code> before returning anything</li> </ul> <p>I was reviewing a friend's side project last week. TypeScript, Prisma, built almost entirely in Cursor. Clean code, good structure, auth middleware on every route.</p> <p>I asked him to pull up his <code>/api/documents/:id</code> endpoint.</p> <p>No ownership check. User 42 could request <code>/api/documents/1</code> and get user 1's private documents back with a 200. No error. No log. Just data. He had no idea -- Cursor never flagged it.</p> <h2> The Vulnerable Code Pattern (CWE-639) </h2> <p>Prompt Cursor with "create a GET endpoint to fetch a document by ID" and you'll get something like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// ❌ CWE-639: No ownership verification</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/documents/:id</span><span class="dl">'</span><span class="p">,</span> <span class="nx">authenticate</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">doc</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">prisma</span><span class="p">.</span><span class="nb">document</span><span class="p">.</span><span class="nf">findUnique</span><span class="p">({</span> <span class="na">where</span><span class="p">:</span> <span class="p">{</span> <span class="na">id</span><span class="p">:</span> <span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">id</span> <span class="p">}</span> <span class="p">});</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">doc</span><span class="p">)</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">404</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Not found</span><span class="dl">'</span> <span class="p">});</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">doc</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p>The <code>authenticate</code> middleware is there. JWT is verified. But there's no check that <code>doc.userId === req.user.id</code>.</p> <p>Any authenticated user can iterate IDs -- <code>/api/documents/1</code>, <code>/api/documents/2</code> -- and pull every record in the database. That's a textbook IDOR (Insecure Direct Object Reference).</p> <h2> Why AI Keeps Writing This </h2> <p>AI code assistants are trained on millions of tutorials and StackOverflow answers. Most of those examples show authentication. Almost none show authorization.</p> <p>Authentication answers "are you who you claim to be?" Authorization answers "are you allowed to access <em>this specific</em> resource?" The second check is nearly absent from tutorial code -- tutorials demonstrate concepts, not production security patterns.</p> <p>Cursor, Claude Code, Copilot -- they all reproduce this gap faithfully. When you prompt for a CRUD endpoint, the model generates code that satisfies the prompt. Ownership checking isn't in the prompt, so it doesn't appear in the output.</p> <h2> The Fix -- 3 Lines </h2> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// ✅ Ownership check added</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/documents/:id</span><span class="dl">'</span><span class="p">,</span> <span class="nx">authenticate</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">doc</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">prisma</span><span class="p">.</span><span class="nb">document</span><span class="p">.</span><span class="nf">findUnique</span><span class="p">({</span> <span class="na">where</span><span class="p">:</span> <span class="p">{</span> <span class="na">id</span><span class="p">:</span> <span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">id</span> <span class="p">}</span> <span class="p">});</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">doc</span><span class="p">)</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">404</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Not found</span><span class="dl">'</span> <span class="p">});</span> <span class="c1">// The three lines that matter:</span> <span class="k">if </span><span class="p">(</span><span class="nx">doc</span><span class="p">.</span><span class="nx">userId</span> <span class="o">!==</span> <span class="nx">req</span><span class="p">.</span><span class="nx">user</span><span class="p">.</span><span class="nx">id</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">403</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Forbidden</span><span class="dl">'</span> <span class="p">});</span> <span class="p">}</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">doc</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p>A few things worth noting:</p> <p><strong>Return 403, not 404.</strong> Some teams prefer 404 to avoid leaking that the resource exists. Both are defensible -- pick one and stay consistent across your API.</p> <p><strong>Don't just filter in the query.</strong> Adding <code>userId: req.user.id</code> to the <code>where</code> clause silently returns null instead of throwing 403. It works, but it makes debugging harder and breaks explicit logging. Make intent clear.</p> <p><strong>Check before business logic runs.</strong> If anything happens between fetching and returning the resource, gate on ownership first.</p> <p>I've been running <a href="https://safeweave.dev" rel="noopener noreferrer">SafeWeave</a> for this. It hooks into Cursor and Claude Code as an MCP server and flags these patterns before I move on. That said, even a basic semgrep rule watching for <code>findUnique</code> calls without an ownership comparison will catch most of what's in this post. The important thing is catching it early, whatever tool you use.</p> security webdev ai devsecops IDOR in AI-Generated APIs: What Cursor Won't Check for You Charles Kern Tue, 21 Apr 2026 21:39:39 +0000 https://dev.to/chandan_karn_fb750e731394/idor-in-ai-generated-apis-what-cursor-wont-check-for-you-2llb https://dev.to/chandan_karn_fb750e731394/idor-in-ai-generated-apis-what-cursor-wont-check-for-you-2llb <h2> TL;DR </h2> <ul> <li>AI editors generate routes that fetch resources by ID with no ownership check -- classic IDOR (CWE-639)</li> <li>The pattern is everywhere in vibe-coded apps: any authenticated user can read any other user's data</li> <li>One extra condition in the DB query fixes it -- the problem is AI doesn't add it unless you ask</li> </ul> <p>I reviewed a side project last month. Node/Express backend, Cursor-generated, clean structure, well-commented. The developer was proud of their auth setup -- JWT tokens, bcrypt passwords, protected routes. Proper stuff.</p> <p>Then I hit /api/orders/1. Logged in as user 847, I got back user 1's order. All of it. Name, address, items, total. Switched to /api/orders/2. Same result. The API was authenticated -- you needed a valid JWT to reach it. But it didn't care whose JWT you had.</p> <p>This is IDOR: Insecure Direct Object Reference. OWASP ranks it #1 in the API Security Top 10. And AI editors reproduce it on every resource endpoint they generate.</p> <h2> The Vulnerable Pattern </h2> <p>Here's what Cursor outputs when you prompt "an endpoint to fetch a user's order":<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// CWE-639: Authorization Bypass Through User-Controlled Key</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/orders/:id</span><span class="dl">'</span><span class="p">,</span> <span class="nx">authenticate</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">order</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">Order</span><span class="p">.</span><span class="nf">findById</span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">id</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">order</span><span class="p">)</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">404</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Not found</span><span class="dl">'</span> <span class="p">});</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">order</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p>Authentication check: yes. Ownership check: no.</p> <p>User 42 can hit /api/orders/99 and read user 99's full order. The only defense is knowing the right ID -- and order IDs are usually sequential integers or guessable UUIDs.</p> <p>The AI isn't being careless. It completed the stated task: fetch an order by ID, require auth. The ownership check is implicit domain knowledge that didn't make it into the prompt.</p> <h2> Why This Keeps Happening </h2> <p>LLMs train on GitHub and Stack Overflow. The examples there show authentication patterns -- middleware, JWT verification, session checks. Ownership checks are rarer in tutorials because they're application-specific: the code needs to know your data model and your business rule ("a user can only access their own order").</p> <p>AI doesn't know your data model unless you tell it. Most prompts don't include "and make sure the requesting user owns this resource." So the AI skips it -- not out of negligence, but because the constraint was never in the prompt.</p> <p>The result: correctly authenticated, completely unauthorized.</p> <h2> The Fix </h2> <p>One extra condition in the DB query:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/orders/:id</span><span class="dl">'</span><span class="p">,</span> <span class="nx">authenticate</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// Query with userId -- DB-level ownership check</span> <span class="kd">const</span> <span class="nx">order</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">Order</span><span class="p">.</span><span class="nf">findOne</span><span class="p">({</span> <span class="na">_id</span><span class="p">:</span> <span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span> <span class="na">userId</span><span class="p">:</span> <span class="nx">req</span><span class="p">.</span><span class="nx">user</span><span class="p">.</span><span class="nx">id</span> <span class="p">});</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">order</span><span class="p">)</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">404</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Not found</span><span class="dl">'</span> <span class="p">});</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">order</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p>This is better than a separate if-check for two reasons. First, no information leakage -- returning 404 instead of 403 means the caller can't confirm whether ID 99 exists and belongs to someone else. Second, ownership is enforced at the query level, so there's no way to forget to check after the fetch.</p> <h2> Audit Your Existing Routes </h2> <p>A quick grep surfaces the candidates:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">grep</span> <span class="nt">-rn</span> <span class="s2">"req.params"</span> src/ | <span class="nb">grep</span> <span class="s2">"findById</span><span class="se">\|</span><span class="s2">findOne"</span> </code></pre> </div> <p>Any hit that doesn't include userId or req.user in the same query is a likely IDOR. Review each one manually.</p> <p>For Express specifically: check every route using req.params.id, req.params.postId, req.params.orderId, and similar. If the query uses only the ID param and not the user ID, that endpoint probably has this bug. Check nested resources too -- /api/posts/:postId/comments/:commentId is two levels of ownership to verify.</p> <p>I've been running <a href="https://safeweave.dev" rel="noopener noreferrer">SafeWeave</a> for this. It hooks into Cursor and Claude Code as an MCP server and flags these patterns before I move on. That said, even a basic pre-commit hook with semgrep and gitleaks will catch most of what's in this post. The important thing is catching it early, whatever tool you use.</p> security webdev ai devsecops Why Cursor Keeps Generating MD5 Password Hashes in 2026 Charles Kern Mon, 20 Apr 2026 17:19:48 +0000 https://dev.to/chandan_karn_fb750e731394/why-cursor-keeps-generating-md5-password-hashes-in-2026-25la https://dev.to/chandan_karn_fb750e731394/why-cursor-keeps-generating-md5-password-hashes-in-2026-25la <h2> TL;DR </h2> <ul> <li>AI editors surface MD5 hashing from training data dominated by 2008-2014 tutorials</li> <li>MD5 hashes crack in milliseconds on modern GPUs -- any breach becomes full password exposure</li> <li>Fix: one import swap to bcrypt (Python) or argon2id (Node) -- no architecture changes needed</li> </ul> <p>I was reviewing a side project a friend built with Cursor. Flask backend, JWT auth, clean structure. It looked solid. Then I got to the password module.</p> <p><code>hashlib.md5(password.encode()).hexdigest()</code></p> <p>MD5. In 2026. About to go live.</p> <p>He hadn't written it -- Cursor had. He'd accepted it because it ran, the tests passed, and the login flow worked. Nothing flagged a problem. Why would it? The code is syntactically correct. It's just cryptographically broken.</p> <h2> The Vulnerable Pattern (CWE-328) </h2> <p>Here's the exact output from Cursor on a basic auth route:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">hashlib</span> <span class="k">def</span> <span class="nf">hash_password</span><span class="p">(</span><span class="n">password</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">str</span><span class="p">:</span> <span class="k">return</span> <span class="n">hashlib</span><span class="p">.</span><span class="nf">md5</span><span class="p">(</span><span class="n">password</span><span class="p">.</span><span class="nf">encode</span><span class="p">()).</span><span class="nf">hexdigest</span><span class="p">()</span> <span class="c1"># CWE-328 </span> <span class="k">def</span> <span class="nf">verify_password</span><span class="p">(</span><span class="n">password</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">stored_hash</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">bool</span><span class="p">:</span> <span class="k">return</span> <span class="nf">hash_password</span><span class="p">(</span><span class="n">password</span><span class="p">)</span> <span class="o">==</span> <span class="n">stored_hash</span> </code></pre> </div> <p>CWE-328: use of a weak cryptographic hash for passwords. MD5 is a checksum algorithm designed to be fast. That speed is the problem. A modern GPU computes 10 billion MD5 hashes per second. A 6-character password cracks in milliseconds. A full user database dump becomes a near-complete plaintext list within hours.</p> <h2> Why AI Keeps Writing This </h2> <p>MD5 password hashing was the standard internet recommendation from roughly 2008 to 2014. Every PHP walkthrough, every "build a login system" tutorial from that era used it. StackOverflow answers recommending md5() accumulated thousands of upvotes before the security community caught up.</p> <p>LLMs train on that corpus. The pattern is embedded. "Hash a password in Python" statistically surfaces MD5 because MD5 dominated the training data. The model isn't being careless -- it's doing exactly what next-token prediction does. The problem is the training data is old and the internet doesn't auto-update bad tutorials when better practices emerge.</p> <p>SHA1 has the same issue. SHA256 is less bad but still wrong here -- it's too fast for password storage.</p> <h2> The Fix </h2> <p>Replace MD5 with bcrypt. It's slow by design -- the work factor is the security property.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">bcrypt</span> <span class="k">def</span> <span class="nf">hash_password</span><span class="p">(</span><span class="n">password</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">bytes</span><span class="p">:</span> <span class="k">return</span> <span class="n">bcrypt</span><span class="p">.</span><span class="nf">hashpw</span><span class="p">(</span><span class="n">password</span><span class="p">.</span><span class="nf">encode</span><span class="p">(</span><span class="sh">'</span><span class="s">utf-8</span><span class="sh">'</span><span class="p">),</span> <span class="n">bcrypt</span><span class="p">.</span><span class="nf">gensalt</span><span class="p">(</span><span class="n">rounds</span><span class="o">=</span><span class="mi">12</span><span class="p">))</span> <span class="k">def</span> <span class="nf">verify_password</span><span class="p">(</span><span class="n">password</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">stored_hash</span><span class="p">:</span> <span class="nb">bytes</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">bool</span><span class="p">:</span> <span class="k">return</span> <span class="n">bcrypt</span><span class="p">.</span><span class="nf">checkpw</span><span class="p">(</span><span class="n">password</span><span class="p">.</span><span class="nf">encode</span><span class="p">(</span><span class="sh">'</span><span class="s">utf-8</span><span class="sh">'</span><span class="p">),</span> <span class="n">stored_hash</span><span class="p">)</span> </code></pre> </div> <p><code>rounds=12</code> is the current recommended baseline. Cost-12 takes ~250ms to hash -- imperceptible to a user, catastrophic for an attacker running a brute-force. The cost factor is stored in the hash itself, so increasing it later is backward compatible.</p> <p>For Node.js, argon2id is OWASP's current top recommendation:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">argon2</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">argon2</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">hash</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">argon2</span><span class="p">.</span><span class="nf">hash</span><span class="p">(</span><span class="nx">password</span><span class="p">,</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="nx">argon2</span><span class="p">.</span><span class="nx">argon2id</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">valid</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">argon2</span><span class="p">.</span><span class="nf">verify</span><span class="p">(</span><span class="nx">hash</span><span class="p">,</span> <span class="nx">password</span><span class="p">);</span> </code></pre> </div> <p>Both are one-dependency swaps. Existing hashes need migration -- typically handled transparently on next login with a re-hash.</p> <h2> Do This Right Now </h2> <p>Grep your AI-generated code before anything ships:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">grep</span> <span class="nt">-r</span> <span class="s2">"md5</span><span class="se">\|</span><span class="s2">sha1"</span> <span class="nt">--include</span><span class="o">=</span><span class="s2">"*.py"</span> <span class="nt">--include</span><span class="o">=</span><span class="s2">"*.js"</span> <span class="nb">.</span> </code></pre> </div> <p>30 seconds. Either you're clean or you find something worth fixing before it matters.</p> <p>I've been running <a href="https://safeweave.dev" rel="noopener noreferrer">SafeWeave</a> for this. It hooks into Cursor and Claude Code as an MCP server and flags these patterns before I move on. That said, even a basic pre-commit hook with semgrep and gitleaks will catch most of what's in this post. The important thing is catching it early, whatever tool you use.</p> security webdev ai devsecops IDOR in AI-Generated APIs: What Cursor Won't Check Automatically Charles Kern Sun, 19 Apr 2026 15:07:28 +0000 https://dev.to/chandan_karn_fb750e731394/idor-in-ai-generated-apis-what-cursor-wont-check-automatically-195o https://dev.to/chandan_karn_fb750e731394/idor-in-ai-generated-apis-what-cursor-wont-check-automatically-195o <h2> TL;DR </h2> <ul> <li>AI editors add auth middleware but skip ownership checks on resource endpoints</li> <li>Any authenticated user can read or modify another user's data (CWE-639)</li> <li>Fix: one line comparing req.user.id against resource.ownerId before returning data</li> </ul> <p>I've been reviewing vibe-coded side projects lately. Clean code, solid tests, reasonable error handling. Then I check the API routes.</p> <p>Every endpoint hits the database correctly. None of them verify whether the authenticated user actually owns the resource they're requesting. You can fetch any user's data with a valid JWT and the right resource ID. The right resource ID you can guess, enumerate, or pull from a list endpoint that leaks IDs.</p> <p>This is IDOR -- Insecure Direct Object Reference (CWE-639). It sits at the top of OWASP's Broken Access Control category, the most common vulnerability class in web apps. AI code generators reproduce it constantly.</p> <h2> The Code AI Writes </h2> <p>Ask Cursor or Claude Code to build a "get user profile" endpoint:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// GET /api/users/:id -- what Cursor generates</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/users/:id</span><span class="dl">'</span><span class="p">,</span> <span class="nx">authenticate</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">user</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">User</span><span class="p">.</span><span class="nf">findById</span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">id</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">user</span><span class="p">)</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">404</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Not found</span><span class="dl">'</span> <span class="p">});</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">user</span><span class="p">);</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">500</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Server error</span><span class="dl">'</span> <span class="p">});</span> <span class="p">}</span> <span class="p">});</span> </code></pre> </div> <p>The <code>authenticate</code> middleware is there. JWT validation runs. The route looks protected. But any user with a valid token can request any other user's profile by guessing or iterating IDs. MongoDB ObjectIDs are not secret. Integer IDs definitely aren't.</p> <p>Same pattern on update and delete routes. The AI generates CRUD logic correctly every time. It skips the ownership check every time.</p> <h2> Why This Keeps Happening </h2> <p>AI models train on tutorials and Stack Overflow answers. Those sources teach authentication (is this user logged in?) but rarely show resource-level authorization (does this user own this specific record?).</p> <p>The auth middleware satisfies the "is this endpoint protected" pattern the model recognizes. The ownership check requires understanding the relationship between the authenticated user's ID and the record being fetched. That relationship is business logic, implicit in the data model, not spelled out in any prompt. The model doesn't infer it.</p> <p>Every route gets the visible security feature. Every route skips the invisible one.</p> <h2> The Fix </h2> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// GET /api/users/:id -- with ownership check</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/users/:id</span><span class="dl">'</span><span class="p">,</span> <span class="nx">authenticate</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">user</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">User</span><span class="p">.</span><span class="nf">findById</span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">id</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">user</span><span class="p">)</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">404</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Not found</span><span class="dl">'</span> <span class="p">});</span> <span class="c1">// This is the line AI-generated code always skips</span> <span class="k">if </span><span class="p">(</span><span class="nx">user</span><span class="p">.</span><span class="nx">_id</span><span class="p">.</span><span class="nf">toString</span><span class="p">()</span> <span class="o">!==</span> <span class="nx">req</span><span class="p">.</span><span class="nx">user</span><span class="p">.</span><span class="nx">id</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">403</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Forbidden</span><span class="dl">'</span> <span class="p">});</span> <span class="p">}</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">user</span><span class="p">);</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">500</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Server error</span><span class="dl">'</span> <span class="p">});</span> <span class="p">}</span> <span class="p">});</span> </code></pre> </div> <p>One comparison. One early return. That's the entire fix.</p> <p>For admin routes that need cross-user access, gate it explicitly:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">if </span><span class="p">(</span><span class="nx">user</span><span class="p">.</span><span class="nx">_id</span><span class="p">.</span><span class="nf">toString</span><span class="p">()</span> <span class="o">!==</span> <span class="nx">req</span><span class="p">.</span><span class="nx">user</span><span class="p">.</span><span class="nx">id</span> <span class="o">&amp;&amp;</span> <span class="nx">req</span><span class="p">.</span><span class="nx">user</span><span class="p">.</span><span class="nx">role</span> <span class="o">!==</span> <span class="dl">'</span><span class="s1">admin</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">403</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Forbidden</span><span class="dl">'</span> <span class="p">});</span> <span class="p">}</span> </code></pre> </div> <p>To audit an existing codebase fast, grep for route params without a corresponding user ID check:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Flags routes with URL params that may be missing ownership checks</span> <span class="nb">grep</span> <span class="nt">-rn</span> <span class="s2">"req.params</span><span class="se">\.</span><span class="s2">"</span> src/routes/ | <span class="nb">grep</span> <span class="nt">-v</span> <span class="s2">"req.user"</span> </code></pre> </div> <p>Not exhaustive, but it surfaces the obvious misses in under ten seconds.</p> <p>I've been running <a href="https://safeweave.dev" rel="noopener noreferrer">SafeWeave</a> for this. It hooks into Cursor and Claude Code as an MCP server and flags these patterns before I move on. That said, even a basic pre-commit hook with semgrep and a custom IDOR rule will catch most of what's in this post. The important thing is catching it early, whatever tool you use.</p> security webdev ai devsecops 3 Auth Bugs Cursor Keeps Writing Into Your API Endpoints Charles Kern Sat, 18 Apr 2026 16:35:34 +0000 https://dev.to/chandan_karn_fb750e731394/3-auth-bugs-cursor-keeps-writing-into-your-api-endpoints-16l9 https://dev.to/chandan_karn_fb750e731394/3-auth-bugs-cursor-keeps-writing-into-your-api-endpoints-16l9 <h2> TL;DR </h2> <ul> <li>AI editors write protected routes with zero auth middleware</li> <li>jwt.decode() is not jwt.verify() -- the difference lets attackers forge tokens</li> <li>Login endpoints with no rate limiting can be brute-forced in seconds</li> </ul> <p>I've been reviewing AI-generated Node.js backends for the past couple of months. The vulnerability that keeps appearing isn't SQL injection or hardcoded secrets. It's broken auth. Three specific patterns, repeated across every project I've looked at.</p> <p>None of these are flashy. The code runs fine. It just runs insecurely.</p> <h2> No auth middleware on protected routes (CWE-306) </h2> <p>Cursor writes this constantly:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// bad -- CWE-306: Missing authentication</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/users/:id</span><span class="dl">'</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">user</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">User</span><span class="p">.</span><span class="nf">findById</span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">id</span><span class="p">);</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">user</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p>No middleware. No token check. Any unauthenticated request returns the full user record.</p> <p>The AI saw thousands of tutorial routes that skip auth to focus on the main teaching point. It learned the default pattern.</p> <p>The fix adds an authenticate middleware and an ownership check:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">authenticate</span> <span class="o">=</span> <span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">,</span> <span class="nx">next</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">token</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">headers</span><span class="p">.</span><span class="nx">authorization</span><span class="p">?.</span><span class="nf">split</span><span class="p">(</span><span class="dl">'</span><span class="s1"> </span><span class="dl">'</span><span class="p">)[</span><span class="mi">1</span><span class="p">];</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">token</span><span class="p">)</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">401</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Unauthorized</span><span class="dl">'</span> <span class="p">});</span> <span class="k">try</span> <span class="p">{</span> <span class="nx">req</span><span class="p">.</span><span class="nx">user</span> <span class="o">=</span> <span class="nx">jwt</span><span class="p">.</span><span class="nf">verify</span><span class="p">(</span><span class="nx">token</span><span class="p">,</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">JWT_SECRET</span><span class="p">);</span> <span class="nf">next</span><span class="p">();</span> <span class="p">}</span> <span class="k">catch</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">401</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Invalid token</span><span class="dl">'</span> <span class="p">});</span> <span class="p">}</span> <span class="p">};</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/users/:id</span><span class="dl">'</span><span class="p">,</span> <span class="nx">authenticate</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">user</span><span class="p">.</span><span class="nx">id</span> <span class="o">!==</span> <span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">id</span><span class="p">)</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">403</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Forbidden</span><span class="dl">'</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">user</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">User</span><span class="p">.</span><span class="nf">findById</span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">id</span><span class="p">);</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">user</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p>The ownership check matters. Without it you fix the auth problem and introduce IDOR instead.</p> <h2> jwt.decode() is not jwt.verify() (CWE-347) </h2> <p>This one is subtle. AI often generates token handling code that reads the payload but skips signature verification:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// bad -- CWE-347: Improper verification of cryptographic signature</span> <span class="kd">const</span> <span class="nx">payload</span> <span class="o">=</span> <span class="nx">jwt</span><span class="p">.</span><span class="nf">decode</span><span class="p">(</span><span class="nx">token</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">userId</span> <span class="o">=</span> <span class="nx">payload</span><span class="p">.</span><span class="nx">sub</span><span class="p">;</span> </code></pre> </div> <p><code>jwt.decode()</code> does zero cryptographic verification. It just base64-decodes the payload. An attacker can craft a token with any sub value they want, send it, and the application accepts it.</p> <p>The fix is one word:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// good</span> <span class="kd">const</span> <span class="nx">payload</span> <span class="o">=</span> <span class="nx">jwt</span><span class="p">.</span><span class="nf">verify</span><span class="p">(</span><span class="nx">token</span><span class="p">,</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">JWT_SECRET</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">userId</span> <span class="o">=</span> <span class="nx">payload</span><span class="p">.</span><span class="nx">sub</span><span class="p">;</span> </code></pre> </div> <p><code>jwt.verify()</code> throws if the signature is invalid. That exception gets caught in your middleware and returns 401.</p> <h2> No rate limiting on login endpoints (CWE-307) </h2> <p>Every AI-generated login endpoint I've seen looks like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// bad -- CWE-307: No brute-force protection</span> <span class="nx">app</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/auth/login</span><span class="dl">'</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">email</span><span class="p">,</span> <span class="nx">password</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">body</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">user</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">User</span><span class="p">.</span><span class="nf">findOne</span><span class="p">({</span> <span class="nx">email</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">match</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">bcrypt</span><span class="p">.</span><span class="nf">compare</span><span class="p">(</span><span class="nx">password</span><span class="p">,</span> <span class="nx">user</span><span class="p">.</span><span class="nx">password</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">match</span><span class="p">)</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">({</span> <span class="na">token</span><span class="p">:</span> <span class="nf">generateToken</span><span class="p">(</span><span class="nx">user</span><span class="p">)</span> <span class="p">});</span> <span class="k">else</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">401</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Invalid credentials</span><span class="dl">'</span> <span class="p">});</span> <span class="p">});</span> </code></pre> </div> <p>Unlimited attempts. Even with bcrypt adding latency per check, a targeted attack against a known email can run through a wordlist in minutes.</p> <p>Two lines of change:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// good</span> <span class="k">import</span> <span class="nx">rateLimit</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">express-rate-limit</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">loginLimiter</span> <span class="o">=</span> <span class="nf">rateLimit</span><span class="p">({</span> <span class="na">windowMs</span><span class="p">:</span> <span class="mi">15</span> <span class="o">*</span> <span class="mi">60</span> <span class="o">*</span> <span class="mi">1000</span><span class="p">,</span> <span class="na">max</span><span class="p">:</span> <span class="mi">10</span> <span class="p">});</span> <span class="nx">app</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/auth/login</span><span class="dl">'</span><span class="p">,</span> <span class="nx">loginLimiter</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">email</span><span class="p">,</span> <span class="nx">password</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">body</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">user</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">User</span><span class="p">.</span><span class="nf">findOne</span><span class="p">({</span> <span class="nx">email</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">match</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">bcrypt</span><span class="p">.</span><span class="nf">compare</span><span class="p">(</span><span class="nx">password</span><span class="p">,</span> <span class="nx">user</span><span class="p">.</span><span class="nx">password</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">match</span><span class="p">)</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">({</span> <span class="na">token</span><span class="p">:</span> <span class="nf">generateToken</span><span class="p">(</span><span class="nx">user</span><span class="p">)</span> <span class="p">});</span> <span class="k">else</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">401</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Invalid credentials</span><span class="dl">'</span> <span class="p">});</span> <span class="p">});</span> </code></pre> </div> <h2> Why this keeps happening </h2> <p>AI editors train on code from tutorials, blog posts, and StackOverflow. Tutorials skip auth middleware to focus on the main point. Answers strip code down to the minimum viable snippet. The model absorbed millions of examples where middleware was left out.</p> <p>It's not a flaw in the model's understanding of auth. It's a gap in the training distribution. Security patterns are underrepresented, and the model fills in defaults from whatever was most common in the data.</p> <p>The fix is not better prompts. It's a scanner that runs at the moment code is generated.</p> <p>I've been running <a href="https://safeweave.dev" rel="noopener noreferrer">SafeWeave</a> for this. It hooks into Cursor and Claude Code as an MCP server and flags missing auth middleware, jwt.decode() misuse, and unprotected endpoints before I move on. That said, even a basic pre-commit hook with semgrep will catch most of what's in this post. The important thing is catching it early, whatever tool you use.</p> security webdev ai devsecops