id: development-config-file

info:
  name: composer-config-file
  author: Mahendra Purbia (Mah3Sec_)
  severity: info

requests:
  - method: GET
    path:
      - "{{BaseURL}}/composer.json"
      - "{{BaseURL}}/composer.lock"
      - "{{BaseURL}}/.composer/composer.json"

    matchers:
      - type: dsl
        name: composer.lock
        dsl:
          - "contains(body, 'packages') == true && contains(tolower(all_headers), 'application/octet-stream') == true && status_code == 200"

      - type: dsl
        name: composer.json
        dsl:
          - "contains(body, 'require') == true && contains(tolower(all_headers), 'application/json') == true && status_code == 200"