minor update

2021-08-06 21:02:50 +05:30 · 2021-08-06 21:02:50 +05:30 · 1a043cc846
parent 32709de987
commit 1a043cc846
8 changed files with 9 additions and 23 deletions
--- a/misconfiguration/springboot/springboot-beans.yaml
+++ b/misconfiguration/springboot/springboot-beans.yaml
@ -5,7 +5,7 @@ info:
  author: ajaysenr
  severity: low
  description: Displays a complete list of all the Spring beans in the application
-  tags: springboot,disclosure
+  tags: springboot,exposure

 requests:
  - method: GET
--- a/misconfiguration/springboot/springboot-configprops.yaml
+++ b/misconfiguration/springboot/springboot-configprops.yaml
@ -5,7 +5,7 @@ info:
  author: that_juan_,dwisiswant0,wdahlenb
  severity: low
  description: Sensitive environment variables may not be masked
-  tags: springboot,disclosure
+  tags: springboot,exposure

 requests:
  - method: GET
--- a/misconfiguration/springboot/springboot-env.yaml
+++ b/misconfiguration/springboot/springboot-env.yaml
@ -5,7 +5,7 @@ info:
  author: that_juan_,dwisiswant0,wdahlenb
  severity: low
  description: Sensitive environment variables may not be masked
-  tags: springboot,disclosure
+  tags: springboot,exposure

 requests:
  - method: GET
--- a/misconfiguration/springboot/springboot-heapdump.yaml
+++ b/misconfiguration/springboot/springboot-heapdump.yaml
@ -5,7 +5,7 @@ info:
  author: that_juan_,dwisiswant0,wdahlenb
  severity: critical
  description: Environment variables and HTTP requests can be found in the HPROF
-  tags: springboot,disclosure
+  tags: springboot,exposure

 requests:
  - method: GET
@ -16,6 +16,7 @@ requests:
    max-size: 2097152 # 2MB - Max Size to read from server response
    matchers-condition: and
    matchers:
+
      - type: binary
        part: body
        binary:
@ -27,18 +28,3 @@ requests:
      - type: status
        status:
          - 200
-
-      - type: word
-        words:
-          - "application/octet-stream"
-          - "application/vnd.spring-boot.actuator"
-          - "application/vnd.spring-boot.actuator.v1+json"
-        part: header
-        condition: or
-
-      - type: dsl
-        dsl:
-          - "len(body) >= 100000"
-          - "content_length >= 100000"
-        condition: or
-        part: header
--- a/misconfiguration/springboot/springboot-httptrace.yaml
+++ b/misconfiguration/springboot/springboot-httptrace.yaml
@ -5,7 +5,7 @@ info:
  author: that_juan_,dwisiswant0,wdahlenb
  severity: low
  description: View recent HTTP requests and responses
-  tags: springboot,disclosure
+  tags: springboot,exposure

 requests:
  - method: GET
--- a/misconfiguration/springboot/springboot-loggers.yaml
+++ b/misconfiguration/springboot/springboot-loggers.yaml
@ -4,7 +4,7 @@ info:
  name: Detect Springboot Loggers
  author: that_juan_,dwisiswant0,wdahlenb
  severity: low
-  tags: springboot,disclosure
+  tags: springboot,exposure

 requests:
  - method: GET
--- a/misconfiguration/springboot/springboot-mappings.yaml
+++ b/misconfiguration/springboot/springboot-mappings.yaml
@ -5,7 +5,7 @@ info:
  author: that_juan_,dwisiswant0,wdahlenb
  severity: low
  description: Additional routes may be displayed
-  tags: springboot,disclosure
+  tags: springboot,exposure

 requests:
  - method: GET
--- a/misconfiguration/springboot/springboot-trace.yaml
+++ b/misconfiguration/springboot/springboot-trace.yaml
@ -5,7 +5,7 @@ info:
  author: that_juan_,dwisiswant0,wdahlenb
  severity: low
  description: View recent HTTP requests and responses
-  tags: springboot,disclosure
+  tags: springboot,exposure

 requests:
  - method: GET