Permissive Cross-domain Policy with Untrusted Domains
The product uses a cross-domain policy file that includes domains that should not be trusted.
A cross-domain policy file specifies the permissions for a web client to handle data across multiple domains. When overly permissive settings are used, malicious sites can abuse these permissions to access sensitive data or perform unauthorized actions on behalf of the user.
보급률
높음
자주 악용됨
영향
높음
1개의 높은 심각도 규칙
예방
문서화됨
9개의 수정 예시
2 예방
2 예방
이 취약점을 수정하는 방법
Python
모두 보기 Python 자세히 →
FastAPI CORS Misconfiguration
MEDIUM
Restrict CORS to specific trusted origins instead of wildcard '*'
from fastapi import FastAPI from fastapi.middleware.cors import CORSMiddleware app = FastAPI() app.add_middleware( CORSMiddleware, - allow_origins=["*"], - allow_credentials=True, - allow_methods=["*"], + allow_origins=["https://example.com", "https://app.example.com"], + allow_credentials=True, + allow_methods=["GET", "POST"], )
Flask CORS Misconfiguration
MEDIUM
Restrict Flask-CORS to specific trusted origins instead of wildcard '*'
from flask import Flask from flask_cors import CORS app = Flask(__name__) - CORS(app, resources={r"/api/*": {"origins": "*"}}) + CORS(app, resources={ + r"/api/*": { + "origins": ["https://example.com", "https://app.example.com"], + "supports_credentials": True + } + })
CORS Regex Bypass Vulnerability
HIGH
Use exact string matching against an allowlist instead of regex for origin validation
- import re - from flask import request - - @app.after_request - def cors(response): - origin = request.headers.get('Origin', '') - if re.match(r'.*example\.com', origin): + ALLOWED_ORIGINS = { + "https://app.example.com", + "https://api.example.com", + } + + @app.after_request + def cors(response): + origin = request.headers.get('Origin', '') + if origin in ALLOWED_ORIGINS: response.headers['Access-Control-Allow-Origin'] = origin return response
Chi Permissive CORS
MEDIUM
Configure specific allowed origins in Chi CORS middleware
package main import ( "github.com/go-chi/chi/v5" "github.com/go-chi/cors" ) func main() { r := chi.NewRouter() r.Use(cors.Handler(cors.Options{ - AllowedOrigins: []string{"*"}, + AllowedOrigins: []string{"https://example.com"}, + AllowCredentials: true, })) }
Echo Permissive CORS
MEDIUM
Configure specific allowed origins in Echo CORS middleware
package main import ( "github.com/labstack/echo/v4" "github.com/labstack/echo/v4/middleware" ) func main() { e := echo.New() e.Use(middleware.CORSWithConfig(middleware.CORSConfig{ - AllowOrigins: []string{"*"}, + AllowOrigins: []string{ + "https://example.com", + "https://app.example.com", + }, + AllowCredentials: true, })) e.Start(":8080") }
Fiber Permissive CORS
MEDIUM
Configure specific allowed origins in Fiber CORS middleware
package main import ( "github.com/gofiber/fiber/v2" "github.com/gofiber/fiber/v2/middleware/cors" ) func main() { app := fiber.New() app.Use(cors.New(cors.Config{ - AllowOrigins: "*", + AllowOrigins: "https://example.com,https://app.example.com", + AllowCredentials: true, })) app.Listen(":3000") }
3 탐지
3 탐지
코드에서 취약점 찾기
Shoulder를 사용하여 코드에서 Permissive Cross-domain Policy with Untrusted Domains 패턴을 스캔하세요. 9 규칙.
# Scan with Shoulder CLI npx @shoulderdev/cli trust --cwe=942 # Or scan entire project npx @shoulderdev/cli trust .
탐지 규칙 (9)
🐹
Go
5 rules
Chi Permissive CORS
MEDIUM
Wildcard CORS allows any origin to access resources.
Echo Permissive CORS
MEDIUM
Wildcard CORS allows any origin to access resources.
Fiber Permissive CORS
MEDIUM
Wildcard CORS allows any origin to access resources.
Gin Permissive CORS
MEDIUM
Wildcard CORS allows any origin to access resources.
Permissive CORS Configuration
MEDIUM
CORS allows wildcard origin or reflects Origin header without validation.
🐍
Python
4 rules
FastAPI CORS Misconfiguration
MEDIUM
Detects overly permissive CORS configuration in FastAPI applications.
Allowing all origins (*) with credentials enabled can lead to CSRF
and data theft.
Flask CORS Misconfiguration
MEDIUM
Detects overly permissive CORS configuration in Flask applications using
flask-cors. Allowing all origins (*) with credentials enabled can lead to
cross-site request forgery and data theft.
CORS Misconfiguration
MEDIUM
Detects overly permissive CORS (Cross-Origin Resource Sharing) configurations
that allow any origin (*) with credentials, or reflect the Origin header without
validation. This can expose sensitive data to malicious sites.
CORS Regex Bypass Vulnerability
HIGH
Detects CORS implementations using weak regex patterns, prefix/suffix matching,
or substring checks that can be bypassed by attackers to allow unauthorized
cross-origin access from malicious domains.
Common bypass patterns:
1. Unanchored regex: r"https://.*\.example\.com" matches "https://evil.com/.example.com"
2. Unescaped dots: r"https://app.trusted.com" matches "https://appXtrusted.com"
3. Prefix matching: startswith("https://trusted.com") allows "https://trusted.com.evil.com"
4. Suffix matc
4 경고 신호
4 경고 신호
코드 리뷰에서 주의할 점
이 패턴은 잠재적인 Permissive Cross-domain Policy with Untrusted Domains 취약점을 나타냅니다. 코드 리뷰와 보안 감사 중에 찾아보세요.
CORS validation uses weak pattern matching that can be bypassed
python-cors-regex-bypass
CORS implementations using weak regex patterns, prefix/suffix matching,
or substring checks that can
python-cors-regex-bypass
FastAPI uses CORSMiddleware with allow_origins=['*'] and allow_credentials=True
fastapi-cors-misconfiguration
overly permissive CORS configuration in FastAPI applications
fastapi-cors-misconfiguration
Flask application uses CORS(*, supports_credentials=True) which allows any origin to make authenticated requests
flask-cors-misconfiguration
Gin CORS middleware configured with wildcard origin
go-gin-permissive-cors
CORS policy allows untrusted origins
go-permissive-cors
overly permissive CORS (Cross-Origin Resource Sharing) configurations
that allow any origin (*) with
python-cors-misconfiguration
코드베이스를 스캔하세요: Permissive Cross-domain Policy with Untrusted Domains
Shoulder CLI는 전체 코드베이스에서 취약한 패턴을 찾아냅니다.