Fix CORS security vulnerability (ICM 111099)

imatiach-msft · imatiach-msft · commit fc655ed64be1 · 2026-03-23T12:35:30.000-04:00
- Restrict CORS origins in PublicVMEnvironment to specific service origin
- Restrict CORS origins in LocalIPythonEnvironment to localhost origins
- Add allow_all_origins parameter as escape hatch for users who need
  wildcard CORS and understand the security implications

This fixes CWE-942 (Wildcard CORS) by defaulting to restrictive CORS
policy while preserving backward compatibility via opt-in parameter.
diff --git a/rai_core_flask/rai_core_flask/environments/local_ipython_environment.py b/rai_core_flask/rai_core_flask/environments/local_ipython_environment.py
@@ -31,5 +31,14 @@ def __init__(self, service):
 
     def select(self, service):
         service.with_credentials = False
-        service.cors = CORS(service.app)
+        if service.allow_all_origins:
+            # User explicitly opted into allowing all origins (less secure)
+            service.cors = CORS(service.app)
+        else:
+            # Default: restrict CORS to localhost origins
+            origins = [
+                f"http://localhost:{service.port}",
+                f"http://127.0.0.1:{service.port}"
+            ]
+            service.cors = CORS(service.app, origins=origins)
         service.env_name = LOCAL
diff --git a/rai_core_flask/rai_core_flask/environments/public_vm_environment.py b/rai_core_flask/rai_core_flask/environments/public_vm_environment.py
@@ -31,5 +31,11 @@ def __init__(self, service):
 
     def select(self, service):
         service.with_credentials = False
-        service.cors = CORS(service.app)
+        if service.allow_all_origins:
+            # User explicitly opted into allowing all origins (less secure)
+            service.cors = CORS(service.app)
+        else:
+            # Default: restrict CORS to the specific service origin
+            origin = f"http://{service.ip}:{service.port}"
+            service.cors = CORS(service.app, origins=[origin])
         service.env_name = PUBLIC_VM
diff --git a/rai_core_flask/rai_core_flask/flask_helper.py b/rai_core_flask/rai_core_flask/flask_helper.py
@@ -25,14 +25,15 @@ class FlaskHelper(object):
     """FlaskHelper is a class for common Flask utilities used in dashboards."""
 
     def __init__(self, ip=None, port=None, with_credentials=False,
-                 is_private_link=False):
+                 is_private_link=False, allow_all_origins=False):
         # The name passed to Flask needs to be unique per instance.
         self.app = Flask(uuid.uuid4().hex)
 
         self.port = port
         self.ip = ip
         self.with_credentials = with_credentials
         self.is_private_link = is_private_link
+        self.allow_all_origins = allow_all_origins
         # dictionary to store arbitrary state for use by consuming classes
         self.shared_state = {}
         if self.ip is None:
