← all rules
code/payment-amount-from-client-py
Payment tampering: charge amount taken from request
What it detects
A monetary field (amount, price, total) is taken from `request.data`/`request.POST` and used to build a charge. Derive the amount server-side from trusted data, not from the request.
How it runs
Applied line-by-line on JS/TS and Python files (comments skipped). Flags input flowing into a trust decision — an ORM write, a privilege attribute, a charge amount, or a primary-key lookup — where an authorization/ownership check should exist. Conservative by design: confirm whether the check is present nearby.
Found a false positive or want this rule tuned? File an issue. You can also suppress per-repo via a .repoguardignore line.