Description

Detects dangerous CORS (Cross-Origin Resource Sharing) configurations in Flask applications that allow any origin to access the API endpoints. This creates security risks by potentially allowing malicious websites to make requests to the application and access sensitive data.

Detection Strategy

• Check if Flask framework is imported in the application code

• Search for direct assignments of CORS headers that allow all origins (e.g. Access-Control-Allow-Origin: *)

• Identify Flask CORS function calls with insecure configurations like user input

• Look for CORS configurations that accept origins without proper validation

Vulnerable code example

from flask import Flask, request

app = Flask(__name__)

@app.route('/vulnerable')
def vulnerable_cors():
    # User controlled origin from request headers
    user_origin = request.headers.get('Origin')...

✅ Secure code example

from flask import Flask, request

app = Flask(__name__)

# Define allowed origins
ALLOWED_ORIGINS = ['https://trusted.com', 'https://api.trusted.com']

@app.route('/vulnerable')...