id: spring-framework-exceptions

info:
  name: Spring Framework Exceptions
  author: geeknik
  severity: medium
  description: Detects suspicious Spring framework exceptions that could indicate exploitation attempts
  reference:
    - https://docs.spring.io/spring-security/site/docs/current/apidocs/overview-tree.html
  tags: file,logs,spring
file:
  - extensions:
      - all

    extractors:
      - type: regex
        name: exception
        part: body
        regex:
          - 'AccessDeniedException'
          - 'CsrfException'
          - 'InvalidCsrfTokenException'
          - 'MissingCsrfTokenException'
          - 'CookieTheftException'
          - 'InvalidCookieException'
          - 'RequestRejectedException'

# digest: 4a0a0047304502206ba4ce83107c5c02e084ca1a2743a346e3e41dbc727e3470f6519aa3e24fc9950221009c39b68664e85289134c1c58072a5086f3878c01ec27503b82984401a1d9ac0c:922c64590222798bb761d5b6d8e72950