Plugin: lambda-securityRules
no-missing-authorization-check
Security rule for lambda-security. This rule is part of eslint-plugin-lambda-security and provides LLM-optimized error messages.
Keywords: lambda-security, security, ESLint rule, LLM-optimized
This rule is part of eslint-plugin-lambda-security.
Quick Summary
| Aspect | Details |
|---|---|
| Severity | Warning (security) |
| Auto-Fix | ❌ No auto-fix |
| Category | Security |
| ESLint MCP | ✅ Optimized for ESLint MCP integration |
Rule Details
This rule helps enforce secure coding practices for lambda-security applications.
Examples
❌ Incorrect
// Lambda handler performs a privileged operation without checking caller identity
export const handler = async (event) => {
await db.query('DELETE FROM users');
};✅ Correct
// Verify authorization before performing sensitive operations
export const handler = async (event) => {
const user = event.requestContext?.authorizer?.claims;
if (!user?.sub) {
return { statusCode: 403, body: 'Forbidden' };
}
await db.query('DELETE FROM users WHERE id = $1', [user.sub]);
};Configuration
{
rules: {
'lambda-security/no-missing-authorization-check': 'warn'
}
}