id: ht-deployment

info:
  name: .htdeployment - Files Tree Cache File
  author: Michal-Mikolas
  severity: medium
  description: |
    FTP Deployment cache file that contains whole files structure with paths to potentially sensitive files.
  remediation: Block access to the file using `.htaccess` on the server. The best-practise is to block all the folders/files beginning with `.` except `.well-known` folder.
  reference:
    - https://github.com/dg/ftp-deployment/tree/master
    - https://github.com/dg/ftp-deployment/blob/master/src/Deployment/Deployer.php#L206
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
  metadata:
    verified: true
    max-request: 2
    vendor: dg
    product: ftp-deployment
  tags: files,exposure,php,deployment,cache,dg

http:
  - method: GET
    path:
      - "{{BaseURL}}/.htdeployment"
      - "{{BaseURL}}/.deployment"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "[config]"
          - "1F 8B"
        condition: or

      - type: word
        part: header
        words:
          - "application/octet-stream"
          - "text/plain"
        condition: or
# digest: 490a00463044022077aa61db1a1e1bfa3d56bbad53f22e1dcb73f42aa5f004ed245cea3aec68c8080220688daa57a6e6bebf06ce0b0d4a5c2783f99e0b18a66c050585763224ade8ba46:922c64590222798bb761d5b6d8e72950