Skip to content

fix(docker): configure CORS for frontend in docker-compose#1700

Open
anshul23102 wants to merge 2 commits into
utksh1:mainfrom
anshul23102:fix/1622-docker-cors
Open

fix(docker): configure CORS for frontend in docker-compose#1700
anshul23102 wants to merge 2 commits into
utksh1:mainfrom
anshul23102:fix/1622-docker-cors

Conversation

@anshul23102

Copy link
Copy Markdown
Contributor

Fixes #1622

The docker-compose configuration was missing CORS setup for the frontend service. Frontend runs on port 5173, API on port 8081. Without explicit CORS_ALLOWED_ORIGINS, the backend's CORS middleware would reject requests from the frontend, blocking API calls.

Fix: set SECUSCAN_CORS_ALLOWED_ORIGINS environment variable in the api service to allow requests from:

This ensures the frontend can make API calls whether accessed via localhost, IP, or internal Docker service name.

Issue utksh1#1620: plugin parsers previously inherited the parent's full network
stack. A malicious parser.py could exfiltrate scan findings to an
attacker-controlled server over a plain socket, with no control here.

Fix: on Linux with unprivileged user namespaces, spawn parser subprocesses
in a fresh network namespace with 'unshare --user --net'. The child has
no network interfaces configured except a loopback that is down by default,
so it cannot reach any host. Parsers only transform text already captured
from the scanner (never network-bound); they have zero legitimate need
for network access.

Unshare capability is probed once at startup via _unshare_net_supported(),
which checks platform, binary availability, and runtime support. On
non-Linux hosts or if the capability check fails for any reason
(restrictive container runtime, disabled user namespaces, etc.), we warn
once and fail open, spawning without isolation, rather than refusing
all plugins. The broader threat model is documented in
docs/plugins/plugin-security-checklist.md.

Testing:
- testing/backend/integration/test_parser_network_isolation.py: 4 tests
  covering capability probe, argv construction with/without isolation,
  and successful parser execution under isolation.
- pytest testing/backend/integration -q -m "not benchmark" -- 288 passed,
  9 skipped (284 baseline + 4 new)
- ruff check backend/secuscan/parser_sandbox.py -- all checks passed

Fixes utksh1#1620
Issue utksh1#1622: the docker-compose configuration was missing CORS setup for
the frontend service. Frontend runs on port 5173, API on port 8081, both
accessible via multiple origins (localhost, 127.0.0.1, and the Docker
service name 'frontend'). Without explicit CORS_ALLOWED_ORIGINS, the
backend's CORS middleware would reject requests from the frontend,
blocking API calls.

Fix: set SECUSCAN_CORS_ALLOWED_ORIGINS environment variable in the api
service to allow requests from http://localhost:5173, http://127.0.0.1:5173,
and http://frontend:5173 (Docker internal DNS). This ensures the frontend
can make API calls whether accessed via localhost, IP, or internal Docker
service name.

Fixes utksh1#1622
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Security: Docker Compose binds backend to 0.0.0.0 with no CORS policy

1 participant