From 5f7519a89a838a25c473c4faa97fd0ef2d2ab0a2 Mon Sep 17 00:00:00 2001
From: martincodes <62392843+martincodes-de@users.noreply.github.com>
Date: Wed, 20 Oct 2021 22:13:41 +0200
Subject: [PATCH] add  template for  .idea files with sensitive data

---
 .../.idea-folder-with-sensitive-files.yaml    | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 exposures/files/.idea-folder-with-sensitive-files.yaml

diff --git a/exposures/files/.idea-folder-with-sensitive-files.yaml b/exposures/files/.idea-folder-with-sensitive-files.yaml
new file mode 100644
index 0000000000..123c126d92
--- /dev/null
+++ b/exposures/files/.idea-folder-with-sensitive-files.yaml
@@ -0,0 +1,19 @@
+id: .idea-folder-with.sensitive-files
+
+info:
+  name: Reachable or public .idea-Folder files containing sensitive data
+  author: martincodes-de
+  severity: high
+  description: Searches for .idea-Folder by querying the /.idea and a few other files with sensitive data endpoints
+  tags: phpstorm, jetbrains, .idea, sensitive data
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/.idea/httpRequests/http-requests-log.http"
+      - "{{BaseURL}}/.idea/deployment.xml"
+      - "{{BaseURL}}/.idea/workspace.xml"
+    matchers:
+      - type: status
+          status:
+            - 200
\ No newline at end of file