Improved matcher and paths

vulnerabilities/magento/magento-unprotected-dev-files.yaml

@@ -5,16 +5,31 @@ info:
   author: TechbrunchFR
   severity: high
   description: Magento version 1.9.2.x includes /dev directories or files that might reveal your passwords and other sensitive information. The /dev directories and files are not protected by default. According to Magento, "these tests are not supposed to end up on production servers".
-  reference:
+  reference: https://support.hypernode.com/en/support/solutions/articles/48001153348-how-to-secure-your-data-using-encryption-and-hashing
-    - magereport.com
   tags: magento
 
 requests:
   - method: GET
     path:
-      # Based on royduineveld.nl blogpost, was not tested against a vulnerable Magento site
+      - '{{BaseURL}}/dev/tests/functional/credentials.xml.dist'
-      - '{{BaseURL}}/dev'
+      - '{{BaseURL}}/dev/tests/functional/etc/config.xml.dist'
+
     matchers:
-      - type: status
+      - type: dsl
-        status:
+        dsl:
-          - 200
+          - 'contains(body, "Magento")'
+          - 'contains(body, "replace xmlns:xsi=")'
+          - 'contains(body, "<field path=")'
+          - 'contains(tolower(all_headers), "application/xml") || contains(tolower(all_headers), "application/octet-stream")'
+          - 'status_code == 200'
+        condition: and
+
+      - type: dsl
+        dsl:
+          - 'contains(body, "Magento")'
+          - 'contains(body, "config xmlns:xsi")'
+          - 'contains(body, "<application>")'
+          - 'contains(body, "<install>")'
+          - 'contains(tolower(all_headers), "application/xml") || contains(tolower(all_headers), "application/octet-stream")'
+          - 'status_code == 200'
+        condition: and