Added conditional word in body

I found this be a valid finding /actuator/env on a production host but was missing additional words to check which was causing a false negative. 'activeProfiles' allows this test to pass on the instance that I came across.
2021-06-09 11:36:54 -06:00 · 2021-06-09 11:36:54 -06:00 · aa9e899dd2
parent f0f6d26bec
commit aa9e899dd2
1 changed files with 2 additions and 0 deletions
--- a/misconfiguration/springboot/springboot-env.yaml
+++ b/misconfiguration/springboot/springboot-env.yaml
@ -18,6 +18,8 @@ requests:
        part: body
        words:
          - "applicationConfig"
+          - "activeProfiles"
+        condition: or

      - type: word
        part: body