Merge pull request #454 from DhiyaneshGeek/master

Larvel Debug Error Page , Unauthenticated Airflow Instance , Django Debug detect

security-misconfiguration/django-debug-detect.yaml

@@ -0,0 +1,29 @@
+id: django-debug
+
+info:
+  name: Django Debug Method Enabled
+  author: dhiyaneshDK
+  severity: medium
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+      - "{{BaseURL}}:8000"
+      - "{{BaseURL}}:8080"
+      - "{{BaseURL}}:8001"
+      - "{{BaseURL}}:9080"
+      - "{{BaseURL}}:8443"
+      - "{{BaseURL}}:8060"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - URLconf defined
+          - Page not found
+        condition: and
+
+      - type: status
+        status:
+          - 404

security-misconfiguration/larvel-debug.yaml

@@ -0,0 +1,23 @@
+id: larvel-debug-error
+
+info:
+  name: Larvel Debug Method Enabled
+  author: dhiyaneshDK
+  severity: medium
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+      - "{{BaseURL}}:8081"
+      - "{{BaseURL}}:9001"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - Whoops! There was an error
+
+      - type: status
+        status:
+          - 500

security-misconfiguration/unauthenticated-airflow.yaml

@@ -0,0 +1,27 @@
+id: unauthenticated-airflow-instance
+
+info:
+  name: Unauthenticated Airflow Instance
+  author: dhiyaneshDK
+  severity: high
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/admin/"
+      - "{{BaseURL}}:8080/admin/"
+      - "{{BaseURL}}:8000/admin/"
+      - "{{BaseURL}}:9000/admin/"
+      - "{{BaseURL}}:9090/admin/"
+      - "{{BaseURL}}:3000/admin/"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - Airflow - DAGs
+        part: body
+
+      - type: status
+        status:
+          - 200