id: codeigniter-env

info:
  name: Codeigniter - .env File Discovery
  author: emenalf
  severity: high
  description: Codeigniter .env file was discovered.
  metadata:
    max-request: 12
  tags: config,exposure,codeigniter

http:
  - method: GET
    path:
      - "{{BaseURL}}/.env"
      - "{{BaseURL}}/.env.dev.local"
      - "{{BaseURL}}/.env.development.local"
      - "{{BaseURL}}/.env.prod.local"
      - "{{BaseURL}}/.env.production.local"
      - "{{BaseURL}}/.env.local"
      - "{{BaseURL}}/.env.example"
      - "{{BaseURL}}/.env.stage"
      - "{{BaseURL}}/.env.live"
      - "{{BaseURL}}/.env_1"
      - "{{BaseURL}}/.env.old"
      - "{{BaseURL}}/.env_sample"

    matchers-condition: and
    matchers:
      - type: regex
        regex:
          - "(?m)^APP_(NAME|ENV|KEY|DEBUG|URL|PASSWORD)"
          - "(?m)^DB_(HOST|PASSWORD|DATABASE)"
        condition: or

      - type: status
        status:
          - 200

# digest: 4b0a00483046022100cb79f22431167b6829b0b341cf47b26c37e61327579239107ebbc4cbf668c20b02210083e613c309e1c555d9cda57540eb609f9c7ad22f43cd2c7f4aa0e761b3b2e2ed:922c64590222798bb761d5b6d8e72950