Created app.yaml Template

2021-10-22 12:17:44 +03:00 · 2021-10-22 12:17:44 +03:00 · 8632760893
parent b8aaf28eb6
commit 8632760893
1 changed files with 38 additions and 0 deletions
--- a/misconfiguration/app-yaml.yaml
+++ b/misconfiguration/app-yaml.yaml
@ -0,0 +1,38 @@
+id: app-yaml
+
+info:
+  name: app.yaml Finder
+  author: Cristi vlad (@cristivlad25)
+  severity: high
+  description: Finds app.yaml files which often contain sensitive information.
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/app.yaml"
+      - "{{BaseURL}}/app.yml"
+      - "{{BaseURL}}/application.yaml"
+      - "{{BaseURL}}/application.yml"
+    stop-at-first-match: true
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "runtime: "
+        condition: or
+      - type: status
+        status:
+          - 200
+      - type: dsl
+        dsl:
+          - "!contains(tolower(body), '<html')"
+          - "!contains(tolower(body), '<body')"
+          - "!contains(tolower(body), '</h1>')"
+          - "!contains(tolower(body), '</h2>')"
+          - "!contains(tolower(body), '</h3>')"
+        condition: and
+
+file:
+  - extensions:
+      - yaml
+      - yml