Go: CORS Bypass due to incorrect checks #834
Assignees
Labels
All For One
Submissions to the All for One, One for All bounty
Comments
porcupineyhairs
added
the
All For One
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Query PR
github/codeql#16813
Language
GoLang
CVE(s) ID list
CVE-2023-28109
CVE-2024-27302.
CWE
CWE-639
Report
Most Go frameworks provide a function call where-in you can pass a handler for testing origins and performing CORS checks. These functions typically check for the supllied origin in a list of valid origins. This behaviour is mostly fine but can lead to issues when done incorrectly. for example, consider the code snippets below
https://github.com/zeromicro/go-zero/blob/5c9fae7e6258fd66d026793e7cb03ba9955e3dee/rest/internal/cors/handlers.go#L79-L91
https://github.com/play-with-docker/play-with-docker/blob/7188d83f867cbc201aef4b0597ac5f868c1971f3/handlers/bootstrap.go#L71-L80
In both these cases, the checks are implemented incorrectly and can lead to a CORS bypass resulting in CVE-2023-28109 and CVE-2024-27302.
This PR aims to add a query, and its corresponding qhelp and tests for detecting the same vulnerability.
The databases to verify the same can be downloaded from
Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc).
Blog post link
No response
The text was updated successfully, but these errors were encountered: