id: sonarqube-public-projects

info:
  name: Sonarqube with public projects
  author: sickwell
  severity: low
  description: Sonarqube public projects detected.
  reference:
    - https://next.sonarqube.com/sonarqube/web_api/api/components/suggestions?internal=true
  metadata:
    max-request: 1
  tags: sonarqube,misconfig

http:
  - method: GET
    path:
      - "{{BaseURL}}/api/components/suggestions?recentlyBrowsed="

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200

      - type: word
        words:
          - '"results":'
          - '"items":'
          - '"more":'
        part: body
        condition: and

# digest: 490a0046304402207901c24b44f1388a4323def4f00faffb69cc506cbecd69cbc59841fe2ca240af02205eb7573ca9939e6241f0415543079c0da99d306e66b8bcbf2c9ed45995329179:922c64590222798bb761d5b6d8e72950