Django Access Control & IDOR Review

Find access control vulnerabilities by investigating how the codebase answers one question:

Can User A access, modify, or delete User B's data?

Philosophy: Investigation Over Pattern Matching

Do NOT scan for predefined vulnerable patterns. Instead:

1. Understand how authorization works in THIS codebase
2. Ask questions about specific data flows
3. Trace code to find where (or if) access checks happen
4. Report only what you've confirmed through investigation