From f01abd3e6d7f2df18163a2171bdc29e84222186d Mon Sep 17 00:00:00 2001 From: Geeknik Labs <466878+geeknik@users.noreply.github.com> Date: Sat, 5 Jun 2021 12:50:49 +0000 Subject: [PATCH 1/2] Update rails-database-config.yaml False positive reduction. 12 matches out of 2 million hosts and they all showed a content-type of `application/octet-stream`. --- exposures/configs/rails-database-config.yaml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/exposures/configs/rails-database-config.yaml b/exposures/configs/rails-database-config.yaml index d72b4afed0..2d5d89bfef 100644 --- a/exposures/configs/rails-database-config.yaml +++ b/exposures/configs/rails-database-config.yaml @@ -2,7 +2,7 @@ id: rails-database-config info: name: Ruby-on-Rails Database Configuration Exposure - author: pdteam + author: pdteam & geeknik severity: low tags: config,exposure @@ -10,10 +10,16 @@ requests: - method: GET path: - "{{BaseURL}}/config/database.yml" + + matchers-condition: and matchers: + - type: word + part: header + words: + - "application/octet-stream" - type: word words: - "adapter:" - "database:" condition: and - part: body \ No newline at end of file + part: body From 9b3c3ec7a08c9e52841ea22b0979d18d9bc28f22 Mon Sep 17 00:00:00 2001 From: sandeep <8293321+ehsandeep@users.noreply.github.com> Date: Sun, 6 Jun 2021 14:14:01 +0530 Subject: [PATCH 2/2] tags + additional string match --- exposures/configs/rails-database-config.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/exposures/configs/rails-database-config.yaml b/exposures/configs/rails-database-config.yaml index 2d5d89bfef..7e0969a7c2 100644 --- a/exposures/configs/rails-database-config.yaml +++ b/exposures/configs/rails-database-config.yaml @@ -4,22 +4,22 @@ info: name: Ruby-on-Rails Database Configuration Exposure author: pdteam & geeknik severity: low - tags: config,exposure + tags: config,exposure,rails requests: - method: GET path: - "{{BaseURL}}/config/database.yml" - matchers-condition: and matchers: - - type: word - part: header - words: - - "application/octet-stream" - type: word words: - "adapter:" - "database:" + - "production:" condition: and part: body + + - type: status + status: + - 200 \ No newline at end of file