From 8632760893d93602e4f8f94ae0db4473562cca74 Mon Sep 17 00:00:00 2001
From: Cristi Vlad <cristi.vlad25@gmail.com>
Date: Fri, 22 Oct 2021 12:17:44 +0300
Subject: [PATCH] Created app.yaml Template

---
 misconfiguration/app-yaml.yaml | 38 ++++++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)
 create mode 100644 misconfiguration/app-yaml.yaml

diff --git a/misconfiguration/app-yaml.yaml b/misconfiguration/app-yaml.yaml
new file mode 100644
index 0000000000..5f5760105d
--- /dev/null
+++ b/misconfiguration/app-yaml.yaml
@@ -0,0 +1,38 @@
+id: app-yaml
+
+info:
+  name: app.yaml Finder
+  author: Cristi vlad (@cristivlad25)
+  severity: high
+  description: Finds app.yaml files which often contain sensitive information.
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/app.yaml"
+      - "{{BaseURL}}/app.yml"
+      - "{{BaseURL}}/application.yaml"
+      - "{{BaseURL}}/application.yml"
+    stop-at-first-match: true
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "runtime: "
+        condition: or
+      - type: status
+        status:
+          - 200
+      - type: dsl
+        dsl:
+          - "!contains(tolower(body), '<html')"
+          - "!contains(tolower(body), '<body')"
+          - "!contains(tolower(body), '</h1>')"
+          - "!contains(tolower(body), '</h2>')"
+          - "!contains(tolower(body), '</h3>')"
+        condition: and
+
+file:
+  - extensions:
+      - yaml
+      - yml
\ No newline at end of file