php.lang.security.php-permissive-cors.php-permissive-cors
semgrepAuthor
unknown
Download Count*
License
Access-Control-Allow-Origin response header is set to "*". This will disable CORS Same Origin Policy restrictions.
Run Locally
Run in CI
Defintion
rules:
- id: php-permissive-cors
patterns:
- pattern: header($VALUE,...)
- pattern-either:
- pattern: header("...",...)
- pattern-inside: |
$VALUE = "...";
...
- metavariable-regex:
metavariable: $VALUE
regex: (\'|\")\s*(Access-Control-Allow-Origin|access-control-allow-origin)\s*:\s*(\*)\s*(\'|\")
message: Access-Control-Allow-Origin response header is set to "*". This will
disable CORS Same Origin Policy restrictions.
metadata:
references:
- https://developer.mozilla.org/ru/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
owasp:
- A07:2021 - Identification and Authentication Failures
cwe:
- "CWE-346: Origin Validation Error"
category: security
technology:
- php
subcategory:
- audit
likelihood: LOW
impact: LOW
confidence: LOW
license: Commons Clause License Condition v1.0[LGPL-2.1-only]
vulnerability_class:
- Improper Authentication
languages:
- php
severity: WARNING
Examples
php-permissive-cors.php
<?php
namespace testing;
// ruleid: php-permissive-cors
header("Access-Control-Allow-Origin: *");
// ruleid: php-permissive-cors
header("Access-Control-Allow-Origin:* ");
// ruleid: php-permissive-cors
Header("access-control-allow-origin: *");
// ok: php-permissive-cors
header("Access-Control-Allow-Origin: *something*");
// ok: php-permissive-cors
header("Other-Property: *");
Short Link: https://sg.run/y1XR