# Permissive Cross-domain Policy with Untrusted Domains (CWE-942)

The product uses a cross-domain policy file that includes domains that should not be trusted.

**Stack:** Go

- Prevalence: 高 頻繁に悪用される
- Impact: ハイ 1 件の重大度ハイのルール
- Prevention: 文書化済み 9 件の修正例

**OWASP:** Security Misconfiguration (A05:2021-Security Misconfiguration) - #5

## Description

A cross-domain policy file specifies the permissions for a web client to handle data across multiple domains. When overly permissive settings are used, malicious sites can abuse these permissions to access sensitive data or perform unauthorized actions on behalf of the user.

## Prevention

### Go

Configure specific allowed origins in Chi CORS middleware

Configure specific allowed origins in Echo CORS middleware

Configure specific allowed origins in Fiber CORS middleware

## Warning Signs

- [MEDIUM] Gin CORS middleware configured with wildcard origin
- [MEDIUM] CORS policy allows untrusted origins

## Consequences

- アプリケーションデータの読み取り
- 保護メカニズムの回避
- アプリケーションデータの変更

## Mitigations

- アクセスポリシーを慎重に評価し、クロスドメインポリシーファイルでドメインを制限する
- すべてのドメインを許可するワイルドカード (*) を使用しない
- CORS ヘッダーを確認し、信頼できるオリジンのみに制限する

## Detection

- Total rules: 9
- Languages: python, go

## Rules by Language

### Go (5 rules)

- **Chi Permissive CORS** [MEDIUM]: Wildcard CORS allows any origin to access resources.
  - Remediation: Specify allowed origins instead of wildcard.

```go
r.Use(cors.Handler(cors.Options{
    AllowedOrigins: []string{
        "https://example.com",
        "https://app.example.com",
    },
}))
```

Learn more: https://shoulder.dev/learn/go/cwe-942/cors
- **Echo Permissive CORS** [MEDIUM]: Wildcard CORS allows any origin to access resources.
  - Remediation: Specify allowed origins instead of wildcard.

```go
e.Use(middleware.CORSWithConfig(middleware.CORSConfig{
    AllowOrigins: []string{
        "https://example.com",
        "https://app.example.com",
    },
}))
```

Learn more: https://shoulder.dev/learn/go/cwe-942/cors
- **Fiber Permissive CORS** [MEDIUM]: Wildcard CORS allows any origin to access resources.
  - Remediation: Specify allowed origins instead of wildcard.

```go
app.Use(cors.New(cors.Config{
    AllowOrigins: "https://example.com,https://app.example.com",
}))
```

Learn more: https://shoulder.dev/learn/go/cwe-942/cors
- **Gin Permissive CORS** [MEDIUM]: Wildcard CORS allows any origin to access resources.
  - Remediation: Specify allowed origins instead of wildcard.

```go
config := cors.DefaultConfig()
config.AllowOrigins = []string{
    "https://example.com",
    "https://app.example.com",
}
r.Use(cors.New(config))
```

Learn more: https://shoulder.dev/learn/go/cwe-942/cors
- **Permissive CORS Configuration** [MEDIUM]: CORS allows wildcard origin or reflects Origin header without validation.
  - Remediation: Whitelist specific allowed origins instead of using wildcards.

```go
allowedOrigins := map[string]bool{
    "https://app.example.com": true,
}

origin := r.Header.Get("Origin")
if allowedOrigins[origin] {
    w.Header().Set("Access-Control-Allow-Origin", origin)
}
```

Learn more: https://shoulder.dev/learn/go/cwe-942/permissive-cors