search

mschwager / route-detect

Find authentication (authn) and authorization (authz) security bugs in web application routes.
BSD 3-Clause "New" or "Revised" License
246 stars 16 forks source link

Add support for Python FastAPI #5

Closed mschwager closed 5 months ago

mschwager commented 1 year ago

https://fastapi.tiangolo.com/

ocervell commented 6 months ago

+1 please ;)

mschwager commented 6 months ago

Hey @ocervell, I opened a PR with basic FastAPI support: https://github.com/mschwager/route-detect/pull/17. Would you mind taking a look?

FastAPI takes a different approach to authentication compared to some other Python frameworks like Flask. Flask apps typically use Python decorators to specify authn/authz information. FastAPI uses function arguments as a kind of dependency injection for authn. As a first pass, I considered authn arguments shown in these examples:

Let me know if this works for you, if there are different authn arguments you think should be specified, or if you think there's a better approach altogether.