From ec7ff56511f0b4a27fdc681ec9c51f73cae11c5d Mon Sep 17 00:00:00 2001
From: Prince Chaddha <prince@projectdiscovery.io>
Date: Mon, 20 Nov 2023 14:44:11 +0530
Subject: [PATCH] Fixed FP - kubernetes-etcd-keys

---
 http/exposures/files/kubernetes-etcd-keys.yaml | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/http/exposures/files/kubernetes-etcd-keys.yaml b/http/exposures/files/kubernetes-etcd-keys.yaml
index 984f5e89a3..af9c4393c8 100644
--- a/http/exposures/files/kubernetes-etcd-keys.yaml
+++ b/http/exposures/files/kubernetes-etcd-keys.yaml
@@ -1,7 +1,7 @@
 id: kubernetes-etcd-keys
 
 info:
-  name: Kubernetes etcd Keys Exposure
+  name: Kubernetes etcd Keys - Exposure
   author: Hardik-Solanki
   severity: medium
   reference:
@@ -19,15 +19,19 @@ http:
 
     matchers-condition: and
     matchers:
-      - type: word
+      - type: regex
         part: body
+        regex:
+          - '(?m)^-----BEGIN PRIVATE KEY-----'
+
+      - type: word
+        part: header
         words:
-          - 'BEGIN RSA PRIVATE KEY'
-          - 'END RSA PRIVATE KEY'
+          - "application/json"
+          - "application/html"
         condition: and
+        negative: true
 
       - type: status
         status:
           - 200
-
-# digest: 4a0a00473045022100ddcd09ba54d23434edd7e63ee886dd9f64da1346e3b76acccc1be6836d418dac022024943cef9731a68f36b915457434998f6c0550e6015cbb61d6ee2e5788664345:922c64590222798bb761d5b6d8e72950