From 190eeeec5182e18d2fd566cd8f88fc4911721ba0 Mon Sep 17 00:00:00 2001
From: sandeep <8293321+ehsandeep@users.noreply.github.com>
Date: Tue, 18 Jul 2023 14:50:20 +0530
Subject: [PATCH] updated templates with outdated syntax

---
 http/cves/2023/CVE-2023-0448.yaml                         | 2 +-
 http/cves/2023/CVE-2023-23491.yaml                        | 2 +-
 http/cves/2023/CVE-2023-28665.yaml                        | 2 +-
 http/miscellaneous/spnego.yaml                            | 2 +-
 http/technologies/graylog/graylog-endpoints-exposure.yaml | 4 ++--
 5 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/http/cves/2023/CVE-2023-0448.yaml b/http/cves/2023/CVE-2023-0448.yaml
index f1f44ea1c3..029d675d3f 100644
--- a/http/cves/2023/CVE-2023-0448.yaml
+++ b/http/cves/2023/CVE-2023-0448.yaml
@@ -27,7 +27,7 @@ http:
       - type: dsl
         dsl:
           - 'status_code == 200'
-          - 'contains(all_headers, "text/html")'
+          - 'contains(header, "text/html")'
           - 'contains(body, "><svg onload=alert(document.domain)>")'
           - 'contains(body, "params\":{\"action")'
         condition: and
diff --git a/http/cves/2023/CVE-2023-23491.yaml b/http/cves/2023/CVE-2023-23491.yaml
index 76aca98579..9542b7aee4 100644
--- a/http/cves/2023/CVE-2023-23491.yaml
+++ b/http/cves/2023/CVE-2023-23491.yaml
@@ -27,7 +27,7 @@ http:
       - type: dsl
         dsl:
           - 'status_code == 200'
-          - 'contains(all_headers, "text/html")'
+          - 'contains(header, "text/html")'
           - 'contains(body, "<script>alert(document.domain)</script>")'
           - 'contains(body, "qem_calendar")'
         condition: and
diff --git a/http/cves/2023/CVE-2023-28665.yaml b/http/cves/2023/CVE-2023-28665.yaml
index 87421b72da..63ca8a0e2d 100644
--- a/http/cves/2023/CVE-2023-28665.yaml
+++ b/http/cves/2023/CVE-2023-28665.yaml
@@ -35,7 +35,7 @@ http:
       - type: dsl
         dsl:
           - 'status_code_2 == 200'
-          - 'contains(all_headers_2, "text/html")'
+          - 'contains(header_2, "text/html")'
           - 'contains(body_2, "<svg onload=alert(document.domain)>")'
           - 'contains(body_2, "pagination\":")'
         condition: and
diff --git a/http/miscellaneous/spnego.yaml b/http/miscellaneous/spnego.yaml
index a407587466..ad9734fd48 100644
--- a/http/miscellaneous/spnego.yaml
+++ b/http/miscellaneous/spnego.yaml
@@ -26,7 +26,7 @@ http:
     matchers:
       - type: dsl
         dsl:
-          - "contains(tolower(all_headers), 'www-authenticate: negotiate')"
+          - "contains(tolower(header), 'www-authenticate: negotiate')"
 
     extractors:
       - type: kval
diff --git a/http/technologies/graylog/graylog-endpoints-exposure.yaml b/http/technologies/graylog/graylog-endpoints-exposure.yaml
index 26685bf543..6de252c962 100644
--- a/http/technologies/graylog/graylog-endpoints-exposure.yaml
+++ b/http/technologies/graylog/graylog-endpoints-exposure.yaml
@@ -76,7 +76,7 @@ http:
       - type: dsl
         dsl:
           - "status_code == 200"
-          - "contains_any(all_headers, 'X-Graylog-Node-Id', 'Graylog', 'graylog')"
+          - "contains_any(header, 'X-Graylog-Node-Id', 'Graylog', 'graylog')"
           - "contains_any(body, 'X-Graylog-Node-Id', 'Graylog', 'graylog')"
           - "contains_any(body, 'swagger')"
         condition: and
@@ -85,5 +85,5 @@ http:
         name: unauthorized-graylog-header
         dsl:
           - "status_code == 401"
-          - "contains(all_headers, 'X-Graylog-Node-Id') || contains(all_headers, 'Graylog Server')"
+          - "contains(header, 'X-Graylog-Node-Id') || contains(header, 'Graylog Server')"
         condition: and