id: pubspec-config

info:
  name: Pubspec YAML Configuration File - Detect
  author: DhiyaneshDk
  severity: info
  description: Pubspec YAML configuration file was detected.
  reference:
    - https://docs.flutter.dev/development/tools/pubspec
    - https://xeladu.medium.com/the-flutter-pubspec-yaml-in-detail-eee5729d9df7
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
    cvss-score: 0
    cwe-id: CWE-200
  metadata:
    verified: true
    max-request: 2
    shodan-query: html:"pubspec.yaml"
  tags: exposure,devops,pubsec,config,cicd

http:
  - method: GET
    path:
      - "{{BaseURL}}/pubspec.yaml"
      - "{{BaseURL}}/assets/pubspec.yaml"

    stop-at-first-match: true

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "version:"
          - "environment:"
          - "dependencies:"
        condition: and

      - type: status
        status:
          - 200

# digest: 4a0a004730450220599939ec350fc95d078650d0052748fc0cf037a3df67903194fdccb77b5808f2022100b9b2db2d97d1792e9c57885cdf3c15faceb5f72a2473da21fd060779c0ba8edd:922c64590222798bb761d5b6d8e72950