id: springboot-env

info:
  name: Springboot Env Actuator - Detect
  author: that_juan_,dwisiswant0,wdahlenb,philippedelteil,stupidfish
  severity: low
  description: Sensitive environment variables may not be masked
  metadata:
    max-request: 4
  tags: misconfig,springboot,env,exposure

http:
  - method: GET
    path:
      - "{{BaseURL}}/env"
      - "{{BaseURL}}/actuator/env"
      - "{{BaseURL}}/actuator;/env;"
      - "{{BaseURL}}/message-api/actuator/env"

    stop-at-first-match: true

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "applicationConfig"
          - "activeProfiles"
        condition: or

      - type: word
        part: body
        words:
          - "server.port"
          - "local.server.port"
        condition: or

      - type: word
        part: header
        words:
          - "application/json"
          - "application/vnd.spring-boot.actuator"
          - "application/vnd.spring-boot.actuator.v1+json"
          - "application/vnd.spring-boot.actuator.v2+json"
          - "application/vnd.spring-boot.actuator.v3+json"
        condition: or

      - type: status
        status:
          - 200

# digest: 490a004630440220047366275efe896f379ed62aa88e8562a4217729eedb6c58246c87966e0efa01022042be407056154a4658d77f95c5cfece9800cc4fc30c35de5bb06dacca8e799a0:922c64590222798bb761d5b6d8e72950