id: development-logs

info:
  name: Discover development log files
  author: geeknik
  severity: info
  description: Development log file was exposed.
  metadata:
    max-request: 3
  tags: logs,exposure,rails

http:
  - method: GET
    path:
      - "{{BaseURL}}/log/development.log"
      - "{{BaseURL}}/logs/development.log"
      - "{{BaseURL}}/development.log"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "Connecting to database specified by database.yml"
          - "Started GET"
        condition: or

      - type: word
        words:
          - "DEPRECATION WARNING"
          - "CREATE TABLE"
        condition: or

      - type: word
        part: header
        words:
          - "text/html"
        negative: true

      - type: status
        status:
          - 200

    extractors:
      - type: regex
        name: last_modified
        part: header
        regex:
          - 'Last-Modified:.*'

# digest: 4b0a00483046022100ec0cab19e41834dbd98b3fad6f39e1e84ae68fda70aa02cfc0493041062fc9b1022100d427db1cb48ea9829c9d0dfe80fb9d19aff6ea0d86f868d72ca1df917d330835:922c64590222798bb761d5b6d8e72950