id: airflow-api-exposure

info:
  name: Apache Airflow API Exposure / Unauthenticated Access
  author: pdteam
  severity: medium
  tags: apache,airflow,unauth

requests:
  - method: GET
    path:
      - '{{BaseURL}}/api/experimental/latest_runs'
    matchers:
      - type: word
        words:
          - '"dag_run_url":'
          - '{"items":['
        condition: and