Workflow and tags update

2021-05-14 19:37:13 +05:30 · 2021-05-14 19:37:13 +05:30 · 3203754361
parent 450254cd3d
commit 3203754361
8 changed files with 15 additions and 6 deletions
--- a/misconfiguration/springboot/springboot-configprops.yaml
+++ b/misconfiguration/springboot/springboot-configprops.yaml
@ -5,6 +5,7 @@ info:
  author: that_juan_ & dwisiswant0 & wdahlenb
  severity: low
  description: Sensitive environment variables may not be masked
  tags: springboot,disclosure
 requests:
  - method: GET
--- a/misconfiguration/springboot/springboot-env.yaml
+++ b/misconfiguration/springboot/springboot-env.yaml
@ -5,6 +5,7 @@ info:
  author: that_juan_ & dwisiswant0 & wdahlenb
  severity: low
  description: Sensitive environment variables may not be masked
  tags: springboot,disclosure
 requests:
  - method: GET
--- a/misconfiguration/springboot/springboot-heapdump.yaml
+++ b/misconfiguration/springboot/springboot-heapdump.yaml
@ -5,6 +5,7 @@ info:
  author: that_juan_ & dwisiswant0 & wdahlenb
  severity: critical
  description: Environment variables and HTTP requests can be found in the HPROF
  tags: springboot,disclosure
 requests:
  - method: GET
--- a/misconfiguration/springboot/springboot-httptrace.yaml
+++ b/misconfiguration/springboot/springboot-httptrace.yaml
@ -5,6 +5,7 @@ info:
  author: that_juan_ & dwisiswant0 & wdahlenb
  severity: low
  description: View recent HTTP requests and responses
  tags: springboot,disclosure
 requests:
  - method: GET
--- a/misconfiguration/springboot/springboot-loggers.yaml
+++ b/misconfiguration/springboot/springboot-loggers.yaml
@ -4,6 +4,7 @@ info:
  name: Detect Springboot Loggers
  author: that_juan_ & dwisiswant0 & wdahlenb
  severity: low
  tags: springboot,disclosure
 requests:
  - method: GET
--- a/misconfiguration/springboot/springboot-mappings.yaml
+++ b/misconfiguration/springboot/springboot-mappings.yaml
@ -5,6 +5,7 @@ info:
  author: that_juan_ & dwisiswant0 & wdahlenb
  severity: low
  description: Additional routes may be displayed
  tags: springboot,disclosure
 requests:
  - method: GET
--- a/misconfiguration/springboot/springboot-trace.yaml
+++ b/misconfiguration/springboot/springboot-trace.yaml
@ -5,11 +5,13 @@ info:
  author: that_juan_ & dwisiswant0 & wdahlenb
  severity: low
  description: View recent HTTP requests and responses
  tags: springboot,disclosure
 requests:
  - method: GET
    path:
      - "{{BaseURL}}/trace"
    matchers-condition: and
    matchers:
      - type: word
--- a/workflows/springboot-workflow.yaml
+++ b/workflows/springboot-workflow.yaml
@ -13,12 +13,13 @@ workflows:
  - template: technologies/detect-springboot-actuator.yaml
    subtemplates:
-      - template: misconfiguration/springboot/springboot-configprops.yaml
+      - template: misconfiguration/springboot-configprops.yaml
-      - template: misconfiguration/springboot/springboot-env.yaml
+      - template: misconfiguration/springboot-env.yaml
-      - template: misconfiguration/springboot/springboot-heapdump.yaml
+      - template: misconfiguration/springboot-heapdump.yaml
-      - template: misconfiguration/springboot/springboot-loggers.yaml
+      - template: misconfiguration/springboot-httptrace.yaml
-      - template: misconfiguration/springboot/springboot-mappings.yaml
+      - template: misconfiguration/springboot-loggers.yaml
-      - template: misconfiguration/springboot/springboot-trace.yaml
+      - template: misconfiguration/springboot-mappings.yaml
      - template: misconfiguration/springboot-trace.yaml
      - template: vulnerabilities/springboot/springboot-actuators-jolokia-xxe.yaml
      - template: vulnerabilities/springboot/springboot-h2-db-rce.yaml
      - template: cves/2018/CVE-2018-1271.yaml