From e133133b7600f1d11be6ee52f5609e3a729c88ff Mon Sep 17 00:00:00 2001
From: Dominique RIGHETTO <righettod@users.noreply.github.com>
Date: Thu, 9 May 2024 19:01:17 +0200
Subject: [PATCH] Add files via upload

---
 ...CredentialedRequestsMisconfiguration.bcheck | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 other/corsCredentialedRequestsMisconfiguration.bcheck

diff --git a/other/corsCredentialedRequestsMisconfiguration.bcheck b/other/corsCredentialedRequestsMisconfiguration.bcheck
new file mode 100644
index 0000000..6a66d22
--- /dev/null
+++ b/other/corsCredentialedRequestsMisconfiguration.bcheck
@@ -0,0 +1,18 @@
+metadata:
+    language: v2-beta
+    name: "Invalid CORS configuration for credentialed requests detected"
+    description: "Checks for a broken CORS configuration case: Credentialed requests and wildcards."
+    author: "Dominique Righetto"
+    tags: "passive", "informative"
+
+# The server must not specify the "*" wildcard for the Access-Control-Allow-Origin response-header value, but must instead specify an explicit origin 
+# Source: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#requests_with_credentials
+given response then
+    if {latest.response.headers} matches "(?i)Access-Control-Allow-Origin:\s+\*" and
+        {latest.response.headers} matches "(?i)Access-Control-Allow-Credentials:\s+true" then
+        report issue:
+            severity: info
+            confidence: firm
+            detail: "Credentialed CORS requests cannot used wildcards origins."
+            remediation: "Specify an explicit allow origin. Refer to the Mozilla CORS documentation for technical details: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#requests_with_credentials"
+    end if
\ No newline at end of file